Cheap IoT Camera vulnerability
February 6, 2020 at 10:31 am #40401ParticipantEd P@edps
Many dozens of different makes of cheap IoT devices use HiSilicon SoCs and all share the same vulnerability. Due to the absence of a manufacturers response full disclosure of the vulnerability has now been made including sample code. i.e. this makes this vulnerability a Zero Day script kiddy’s paradise.
There are too many devices to list here. So if you have cheap cameras monitoring the inside of your house I suggest you read this report follow its links and see if you have a problem.
FTP seems to be the key to this vulnerability, so you may be able to achieve some measure of security by locking down FTP. (port 23) and TCP ports 9527 and 9530.
February 7, 2020 at 8:10 am #40412ParticipantRichard@sawbomanForumite Points: 6,517
After all the tales of wide open doors on the rubbish sold as IOT the stuff is more like IDIOTIC, Internet Directly Interconnection Of Threats Including Chaos?
Want your baby or toddler harassed at night? Then buy our IDIOTIC baby alarm.
Want the world to see your nice stuff at home? Then buy our idiotic video camera.
It just goes on and so on.
Half the time the only thing cheap about the crap is the build quality, too much is actually sold for real money as though it was worthwhile, well-supported and worth having. What chance does quality product stand in a market flooded with junk?February 7, 2020 at 9:21 am #40414ParticipantEd P@edpsForumite Points: 15,276
The physical builds on these devices is normally OK and reflects the improvements that have continued to be made in the electronics sector. The ‘idiotic’ aspect is the total disregard for security and near impossibility of being able to update the SoC.February 7, 2020 at 12:09 pm #40417ParticipantRichard@sawbomanForumite Points: 6,517
I accept that physical builds look fine in almost everything these days, but that is only a small part of the package ‘as built’. Even cheap LED light units are quite amazing to look at, but if the over all package build includes dodgy hardware with frozen SOC, godawful software and zero protection, (sometimes for one or both of electrical and security support) the result is idiotic crap. Any good aspects of improved quality of manufacture are totally lost when that very often happens. Low voltage and main voltage parts that ‘shockingly’ lack sufficient clearances, components that do not fail-safe and so on are all available for sale and stand ready to kill.
- You must be logged in to reply to this topic.