Friday, March 29, 2024

Hackers Can Remotely Control Your Camera to Monitor and Record All Your Activities

A  dangerous flaw discovered in Popular Hanwha Smart camera’s cloud server architecture that could allow an attacker to perform various malicious activities and to take complete control of the camera by changing the admin level Credentials.

Hanwha is a popular Security Cameras & Surveillance smart camera that capable of capturing video with resolutions of 1920×1080, 1280×720 or 640×360, monitoring sensors, recording sound using inbuilt speaker record audio.

This model has a rich feature list, compares favorably to regular webcams and can be used as a baby monitor, a component in a home security system or as part of a monitoring system.

It is communicating via cloud-based service for the communication to the operator instead of connecting to any computer to passing the users command.

Also, it configures with Wireless hotspot and connects it to the main WiFi router and users can control the camera From smartphones, tablets or computers.

Completely communication data should be only uploaded to the cloud and no other communication between the operator and camera.

Interaction with the cameras is via the cloud only

A dangerous vulnerability discovered in cloud server architecture that is implemented within this camera allow attacker taking complete control of the cameras that are connected and communicate via the cloud.

According to Kaspersky Experts, One of the main problems associated with the cloud architecture is that it is based on the XMPP protocol. Essentially, the entire Hanwha smart camera cloud is a Jabber server. It has so-called rooms, with cameras of one type in each room. An attacker could register an arbitrary account on the Jabber server and gain access to all rooms on that server.

During to process of communication between camera and cloud, attacker manipulates the user credentials and communicate with the cloud on behalf of an arbitrary camera or control arbitrary cameras via the cloud.

In Attacker point of view, “An interesting attack vector is the spoofing of DNS server addresses specified in the camera’s settings. This is possible because the update server is specified as a URL address in the camera’s configuration file.”

This attack can be possible because of the vulnerabilities that exist in the Hanwha SmartСam cloud architecture.

Once an attacker gains complete control of the camera, they can control the camera’s from the global network.

Also Read: Hackers can use Surveillance Cameras and Infrared Light to Transfer Signals to Malware

List of Discovered Vulnerabilities in Hanwha Camera :

The following vulnerabilities were identified during the Kaspersky research:

  • Use of insecure HTTP protocol during firmware update
  • Use of insecure HTTP protocol during camera interaction via HTTP API
  • An undocumented (hidden) capability for switching the web interface using the file ‘dnpqtjqltm’
  • Buffer overflow in file ‘dnpqtjqltm’ for switching the web interface
  • A feature for the remote execution of commands with root privileges
  • A capability to remotely change the administrator password
  • Denial of service for SmartCam
  • No protection from brute force attacks for the camera’s admin account password
  • A weak password policy when registering the camera on the server xmpp.samsungsmartcam.com. Attacks against users of SmartCam applications are possible
  • Communication with other cameras is possible via the cloud server
  • Blocking of new camera registration on the cloud server
  • Authentication bypass on SmartCam. Change of administrator password and remote execution of commands.
  • Restoration of camera password for the SmartCam cloud account

“Other possible scenarios involve attacks on camera users. The camera’s capabilities imply that the user will specify their credentials to different social media and online services, such as Twitter, Gmail, YouTube, etc. This is required for notifications about various events captured by the camera to be sent to the user.” Kaspersky said.

The flaw has been reported the detected vulnerabilities to the manufacturer. Some vulnerabilities have already been fixed. The remaining vulnerabilities are set to be completely fixed soon, according to the manufacturer.

Fixed vulnerabilities were assigned the following CVEs:

CVE-2018-6294
CVE-2018-6295
CVE-2018-6296
CVE-2018-6297
CVE-2018-6298
CVE-2018-6299
CVE-2018-6300
CVE-2018-6301
CVE-2018-6302
CVE-2018-6303

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles