SoylentNews is people
SoylentNews
Amid ongoing malware infections of IoT gadgets and armies of commandeered gizmos attacking server, glaring security holes in web-connected CCTV cameras are going unpatched.
So say researchers with Cybereason, who claim a pair of high-profile vulnerabilities they spotted in surveillance cams two years ago have been completely ignored by vendors – thus leaving the door wide open for miscreants to hijack potentially "hundreds of thousands" of devices and use them for attacks.
Cybereason's Amit Serper says he and fellow researcher Yoav Orot exploited flaws in off-the-shelf internet-connected cameras back in 2014 in an effort to show how poor IoT security was at the time.
Since then, Serper says, the bugs have not only gone unpatched, but the insecure code has popped up in network camera firmware shipped by dozens of manufacturers selling their weak wares on Amazon. The Cybereason pair finger VStarcam as one vendor of vulnerable kit.
(Score: 0) by Anonymous Coward on Sunday December 11 2016, @06:46AM
And formerly Airlink 101 (rebadger of obsolete designs d-link and others have gotten from chinese designer/manufacturers.) But I wouldn't recommend *ANY*of them being placed outside of a firewalled LAN with no access to the internet. If you need internet access to any of these devices you really need a dedicated server aggregating the streams and ideally transcoding to a better codec (most are mjpeg or h264 based, and many have limited configuration settings. My latest one doesn't allow mjpeg above 640x480 for instance, only h264, making single frame capture, or real time streaming on weak devices difficult.