Researchers have discovered that the popular Samsung SmartCam cameras contain a critical and easy-to-use flaw, allowing hackers to gain full control of the smart home devices. This is not the first time that researchers have found issues with the product, with Samsung previously releasing patches but it appears the problem still remains. Cesare Garlati, Chief Security Strategist at the prpl Foundation commented below.
“The Samsung SmartCam security failures are typical of ones that we see time and again in IoT; namely a lack of knowledge or expertise when it comes to embedded connected devices. This was demonstrated by the fact that these SmartCams were designed with an embedded web server that had been disabled, yet the actual service behind it was still running – and its tcp port left open. In addition, the service itself was allowed to run in root mode, which defies the security controls built in by Linux that would make sure it is not possible to attack one service to control the entire system/device. This should have been picked up in the testing phase of development, but again, clearly that is another area that was overlooked. To help IoT developers, prpl has put together a free Security Guidance for Critical Areas of Embedded Computing document that details how developers can achieve security by separation through hardware virtualisation that would have ensured the flaw (and resulting damage) would have been contained. It would also prevent attackers from exploiting devices using DDoS, as witnessed in the Mirai botnet debacle.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.