Home » Market News » DirectorsTalk Highlights » 185,000-plus Wi-Fi cameras on the web with insecure admin panels
Falanx Group Ltd

185,000-plus Wi-Fi cameras on the web with insecure admin panels

Get ready for the next camera-botnet: a Chinese generic wireless webcam sold under more than 1,200 brands from 354 vendors has a buggy and exploitable embedded web server.

According to an advisory by security researcher Pierre Kim this week, the flaws lie within the camera’s administration interface – plus the firmware opens insecure connections to backend systems.

Kim posted a Shodan.io link that lists more than 185,000 vulnerable Wi-Fi-connected cameras exposed to the internet, ready and waiting to be hijacked. The cameras’ CGI script for configuring its FTP server has a remote code execution hole known since 2015, Kim said, and this can be used to run commands as root or start a password-less Telnet server.

There’s a folder in the file system, /system/www/pem/, that includes an Apple developer certificate with a private RSA key. Then there’s an unauthenticated real-time streaming protocol (RTSP) server, so if you can reach the camera’s TCP port 10554, you can watch what it sees.

To read the full news article please click here

Receive our exclusive interviews – Enter your email to stay up to date.

Disclaimer: Statements in this article should not be considered investment advice, which is best sought directly from a qualified professional.