Flaw In Internet Security Camera Lets Hackers Spy On Users' Video Feeds

Published March 1st, 2020 - 12:00 GMT
Flaw In Internet Security Camera Lets Hackers Spy On Users' Video Feeds
One flaw allows hackers to tap into audio and video feeds. (Shutterstock)
Researchers discovered cameras made by Cacagoo had multiple vulnerabilities.

A brand of home surveillance camera has been spotted with serious flaws that give hackers a backdoor into video feeds and potentially even other devices on one's home network.

According to security researchers at Avira, an internet protocol (IP) camera made by the company Cacagoo not only contains a flaw that makes it possible for hackers to peer into one's video feed, but also potentially exposes other devices hooked up their network.

Researchers say they were able to exploit the cameras use of telnet - a fairly outdated application protocol used to transmit data using only plaintext - by leveraging what's known as a brute force attack.

Brute force submits many password attempts to a system with the eventual goal of guessing the right passphrase. 

'During our assessment of different IoT devices, we got our hands on Cacagoo IP camera, and found vulnerabilities that can not only enable attackers to intercept and view recorded videos, but also to manipulate the device itself as well as other devices within the same network,' wrote researchers in their report.

Additionally, researchers found that the cameras, which takes digital video and sends its image data through the internet, did not encrypt audio and video sent through the network.

If the company encrypted the data, a hacker with access to the stream of audio and video would have a much harder time actually looking at the stream.

Adding to the concern, researchers say they also spotted suspicious activity with the camera transmitting data to an unknown Chinese server.

'During our network behavioral analysis of both devices, we observed suspicious behaviour while analysing the YCC365 plus application traffic, which really caught our attention,' they wrote.

The leak of that information is not only suspicious but can be considered a security flaw in an of itself, they write.

Internet-connected security cams have come under increasing scrutiny over the past year as flaws in popular cameras made by Ring, an Amazon-owned company, have become apparent.

A string of highly publicized hacks in which intruders we able to take over Ring cameras were reported late last year. 

© Associated Newspapers Ltd.

You may also like