Amid ongoing malware infections of IoT gadgets and armies of commandeered gizmos attacking server, glaring security holes in web-connected CCTV cameras are going unpatched.
So say researchers with Cybereason, who claim a pair of high-profile vulnerabilities they spotted in surveillance cams two years ago have been completely ignored by vendors – thus leaving the door wide open for miscreants to hijack potentially "hundreds of thousands" of devices and use them for attacks.
Cybereason's Amit Serper says he and fellow researcher Yoav Orot exploited flaws in off-the-shelf internet-connected cameras back in 2014 in an effort to show how poor IoT security was at the time.
Since then, Serper says, the bugs have not only gone unpatched, but the insecure code has popped up in network camera firmware shipped by dozens of manufacturers selling their weak wares on Amazon. The Cybereason pair finger VStarcam as one vendor of vulnerable kit.
(Score: 2, Informative) by baldrick on Sunday December 11 2016, @11:41AM
PoE is the way to go - but get a managed PoE switch and that way you can cycle the power to a device when it locks up - not uncommon - also a properly sized UPS on the switch will remove the risk of power loss mitigating your recording system - FTP to online storage is also useful
UPnP needs to be disabled or blocked
I set up the router on the WAN with a VPN server , and then connect to it from outside and VNC to the display recording computer or access the IP cam
avoid wifi cams where ever possible - though sometimes when you have power there and no simple way of getting network they are the solution
in saying that I have been looking at a couple of LED lamp / wifi camera combinations to install as outside cameras where I now just have lights
... I obey the Laws of Physics