Researchers have discovered that the popular Samsung SmartCam cameras contain a critical and easy-to-use flaw, allowing hackers to gain full control of the smart home devices. This is not the first time that researchers have found issues with the product, with Samsung previously releasing patches but it appears the problem still remains. Cesare Garlati, Chief Security Strategist at the prpl Foundation commented below.
Cesare Garlati, Chief Security Strategist at the prpl Foundation:
“The Samsung SmartCam security failures are typical of ones that we see time and again in IoT; namely a lack of knowledge or expertise when it comes to embedded connected devices. This was demonstrated by the fact that these SmartCams were designed with an embedded web server that had been disabled, yet the actual service behind it was still running – and its tcp port left open. In addition, the service itself was allowed to run in root mode, which defies the security controls built in by Linux that would make sure it is not possible to attack one service to control the entire system/device. This should have been picked up in the testing phase of development, but again, clearly that is another area that was overlooked. To help IoT developers, prpl has put together a free Security Guidance for Critical Areas of Embedded Computing document that details how developers can achieve security by separation through hardware virtualisation that would have ensured the flaw (and resulting damage) would have been contained. It would also prevent attackers from exploiting devices using DDoS, as witnessed in the Mirai botnet debacle.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…