In a press release yesterday afternoon, Foscam officially announced their branded cameras\u00a0manufactured by China-based Shenzhen Foscam have severe security vulnerabilities “which leave users vulnerable to hacks which allow attackers to remotely take-over cameras, live stream, download stored files and even compromise other devices located on the local network.”<\/p>\n
Foscam recommends “disconnecting your current Foscam branded cameras from the internet until these issues have been resolved”<\/p>\n
The models affected are:<\/p>\n
“The vulnerabilities affect “Foscam” branded cameras and cameras manufactured by China-based Shenzhen Foscam only. The vulnerabilities DO NOT affect Amcrest or FDT branded cameras which are produced by a separate factory and R&D team led by US-based Amcrest (formerly Foscam US and now Amcrest), which is totally unrelated to China-based Shenzhen Foscam.”<\/p>\n
There is a damning report by FSecure [.pdf download]<\/a> on the exact vulnerabilities found on the affected Foscam cameras. For starters, there’s hidden Telnet functionality, hidden hard-coded credentials for the web user interface, the FTP server account to the cameras have a hard-coded password, and the configuration back-up file is protected by hard-coded credentials. Any one of those is a very bad thing, but for all of those hard-coded backdoors to be on every camera system and on all models coming from one location? “Suspicious” would be a kind word.<\/p>\n Like I ranted about master passwords<\/a> and again on master backdoors<\/a>, hardware and software with embedded hard coded and\/or universal master passwords are a big problem. Regardless of the original intent of having a master password and\/or backdoor, once that “core” password gets out, that product is now fair game for anyone for any purpose anywhere anytime.<\/p>\n Good thing everyone on the internet is kind and rational. Oh, wait, that was just that one day back in 1989. Nevermind.<\/p>\n","protected":false},"excerpt":{"rendered":" In a press release yesterday afternoon, Foscam officially announced their branded cameras\u00a0manufactured by China-based Shenzhen Foscam have severe security vulnerabilities “which leave users vulnerable to hacks which allow attackers to remotely take-over cameras, live stream, download stored files and even … Continue reading