Researchers have discovered that the popular Samsung SmartCam cameras contain a critical and easy-to-use flaw, allowing hackers to gain full control of the smart home devices. This is not the first time that researchers have found issues with the product, with Samsung previously releasing patches but it appears the problem still remains. Cesare Garlati, Chief Security Strategist at the prpl Foundation commented below.
Cesare Garlati, Chief Security Strategist at the prpl Foundation:
“The Samsung SmartCam security failures are typical of ones that we see time and again in IoT; namely a lack of knowledge or expertise when it comes to embedded connected devices. This was demonstrated by the fact that these SmartCams were designed with an embedded web server that had been disabled, yet the actual service behind it was still running – and its tcp port left open. In addition, the service itself was allowed to run in root mode, which defies the security controls built in by Linux that would make sure it is not possible to attack one service to control the entire system/device. This should have been picked up in the testing phase of development, but again, clearly that is another area that was overlooked. To help IoT developers, prpl has put together a free Security Guidance for Critical Areas of Embedded Computing document that details how developers can achieve security by separation through hardware virtualisation that would have ensured the flaw (and resulting damage) would have been contained. It would also prevent attackers from exploiting devices using DDoS, as witnessed in the Mirai botnet debacle.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…