Vast swathes of Wi-Fi IP cameras suffering from zero-day vulnerabilities, making them easy targets for hackers.
What began as an everyday study of basic security issue in one IP camera quickly turned into seven major vulnerabilities that affects over 1,000 camera models and left nearly 200,000 cameras wide open to attack. Pierre Kim disclosed the vulnerabilities to the larger world wide web last Wednesday and listed all the affected models in a post on his GitHub page.
Why are so many different models from different manufacturers affected?
They aren’t, that’s the thing. It’s all a bit smoke and mirrors on the part of the industry.
All the wireless IP cameras in question were designed and manufactured by one Chinese company and given the generic name WIFICAM. The security issues reside in the firmware that ships with the cameras. Other companies then bought the cameras, put their mark on the basic design, rebranded them and sold them on as their own – which is standard practice in the industry.
This makes it a bonus for the people who create and manufacture malware and botnets, as they can use the IP cameras to hack into user’s computers, spy on what they’re doing and create internet wide malware threats using thousands of other people’s devices all at once.
According to Kim, who did a little more research after he discovered the security flaws, almost 200,000 cameras should be considered vulnerable. While the bulk of the cameras manufactured stayed in China, almost 20,000 of them made it into the USA.
Kim has a proven track record of discovering internet vulnerabilities. “I advise to IMMEDIATELY DISCONNECT cameras to the Internet,” he wrote. “Hundreds of thousands of cameras are affected by the 0-day Info-Leak. Millions of them are using the insecure Cloud network.