Samsung Security Cameras Hacked Again

Security bloggers accept exploited a loophole in a Cloud-Monitoring service to interruption into Samsung'southward Smartcam security cameras, but over a year afterwards Samsung stock-still similar vulnerabilities. Exploiteers, a white-hat hacking group with extensive feel breaking into connected home devices, detailed its new exploit in a weblog postal service final week. Past accessing PHP files designed to facilitate firmware updates for Samsung Smartcam devices, the hackers had been able to install a remote command execution script that gave them total control of the cameras.

The vulnerability, according to Exploiteers, lies with the Samsung iWatch webcam monitoring service. Its server's lax security allowed the group to install their scripts, including user-defined file names, in order to take over the cameras past gaining access to their administration panels.

Samsung SmartCam HD Pro Every bit Exploiteers noted in its blogpost, the grouping joined other white-hat hackers in exploiting a like exploit at last year's Defcon 22 security conference. Information technology immune for remote control execution and the ability to arbitrarily change the photographic camera's ambassador password. Samsung removed those loopholes and at present requires all users to log in to their cameras via the more secure Samsung Smartcam web interface.

"This angered a number of users and crippled the device from existence used in any DIY monitoring solutions," Exploiteers wrote. "So, we decided to inspect the device again to see if in that location is a way nosotros can give users back admission to their cameras while at the same time verifying the security of the devices' new firmware."

Vulnerabilities that let hackers to have over web-connected security cameras are not uncommon. Senrio, a individual security firm, announced last summer that it had discovered a remote code execution vulnerability in D-Link'due south latest firmware version that could affect five cameras in the D-Link product line, including the D-Link DCS-930L Network Cloud Photographic camera.

As is, alive footage from more than v,000 unsecured webcams showed upward on a Russian website in 2022, a year afterwards researchers uncovered a loophole in the Apple iSight organisation that allowed them to hack into some versions of Apple tree MacBook laptops and iMac desktops and disable the webcam indicator LED.