SoylentNews

Arthur T Knackerbracket has found the following story from The Register:

Amid ongoing malware infections of IoT gadgets and armies of commandeered gizmos attacking server, glaring security holes in web-connected CCTV cameras are going unpatched.

So say researchers with Cybereason, who claim a pair of high-profile vulnerabilities they spotted in surveillance cams two years ago have been completely ignored by vendors – thus leaving the door wide open for miscreants to hijack potentially "hundreds of thousands" of devices and use them for attacks.

Cybereason's Amit Serper says he and fellow researcher Yoav Orot exploited flaws in off-the-shelf internet-connected cameras back in 2014 in an effort to show how poor IoT security was at the time.

Since then, Serper says, the bugs have not only gone unpatched, but the insecure code has popped up in network camera firmware shipped by dozens of manufacturers selling their weak wares on Amazon. The Cybereason pair finger VStarcam as one vendor of vulnerable kit.

Original Submission