Your smart camera is not immune to intrusion

March 16, 2018

It is a sad fact, but smart devices are not nearly as safe as they are popular. In one of our recent blog posts, we wrote about the threats this insecurity generates for users of connected household devices. Our post today sheds light on yet another discovery made by our pros: a smart camera with nearly as many vulnerabilities as there are features described in its user manual.

Seriously, 13 vulnerabilities! You can find them listed in the full report at Securelist. Let’s take a look at what that could mean for an owner of such a camera.

The subject of our study is the Hanwha SNH-V6410PN by Techwin, a former subsidiary of Samsung. Although the company changed owners a couple of years ago, it manufactured these cameras under the Samsung brand until the end of 2017, and you still can find one sold under this brand.

The camera is marketed as an all-purpose monitoring tool suitable for nursery rooms, households in general, and even small offices. It can see in the dark, turn to follow a moving object, stream footage to a smartphone or tablet, and play back sound through a built-in speaker.

Owners can control all of the webcam’s functions through a cloud service accessible from a desktop computer or a mobile device. According to Kaspersky Lab ICS CERT research, however, the vulnerabilities in the camera allow other people to control it. That opens lots of opportunities for attackers.

See no evil

For one, an outsider can replace the video stream delivered to the user, just like in the movies where villains — or good guys — can fool security guards with footage from a week earlier while penetrating a secure facility. No longer restricted to movies, this trick can now be played by real criminals bent on breaking into a home or office building protected by this smart camera.

The very same camera can help intruders get the intelligence they need before entering. Our experts were able to intercept the video stream, tap the audio channel, and get hold of location-based data. This means attackers will be able to learn the location of the device and study the habits and practices of residents or employees to carefully plan their invasion — all remotely, over the Internet.

I spy with my electronic eye

Even if we leave aside such dramatic scenarios, many other opportunities are available to a hacker. Like many other smart devices, this camera can exchange data with social networks and online services to give its owner notifications about events taking place within the surveillance area. Once in control, therefore, hackers can not only snag your account data, but also use the compromised device to send spam or phishing messages to your friends.

And to cover their tracks — or simply for fun — they can also ruin your cameras completely.

Of course, some obvious opportunities also exist, like being able to watch the camera’s owners when they think they’re alone. Hackers play these fun pranks all the time.

The camera can also play back sound through a built-in speaker. We prefer not to get too creative here, but consider a stranger being able to talk through a child-monitoring camera. Having such a thing connected to the Internet doesn’t sound like a good idea anymore, does it?

Attack of the cyberzombies

A couple of years ago, the world learned about the potential of IoT botnets — thousands of smart devices working under criminals’ command toppled several large Internet services. Hanwha Techwin smart cameras were not immune. With hundreds or thousands of cameras hacked, criminals can use them for a DDoS attack, get them busy mining for cryptocurrency, or order them to infect adjacent devices on the same network — or do all of the above.

A grim future?

In fact, apart from home and office cameras, Hanwha also makes industrial CCTV systems. Other interesting things in this vendor’s portfolio include self-propelled artillery vehicles and robotic machine gun turrets. We hope that security is number one priority when it comes to those devices.

Automated machine gun-turret Samsung Techwin SGR-A1, photo from Wikipedia

We reported all of the problems we detected in Hanwha SNH-V6410PN firmware and the cloud service through which the unit is controlled, and the vendor has already fixed most of them.

But until smart device makers start taking a much more serious stand about protecting their products — early in the development cycle — we suggest you take control of your own security.

  • Before getting a smart device — whether a smartphone-controlled video baby monitor or something entirely different — think twice. If you really do need it, search the Internet for any information about hack attempts or known vulnerabilities.
  • Learn as much as you can about the devices you already own to reduce the risk of attack. Kaspersky Lab has released an app called Kaspersky IoT Scanner— a free smart-gadget protection solution. It will check your Wi-Fi network and tell you whether the devices connected to it are safe or not.