The popular Samsung SmartCam security cameras contain a critical remote code execution vulnerability that could allow hackers to gain root access and take full control of them. The vulnerability was discovered by researchers from the hacking collective the Exploiteers (formerly GTVHacker), who have found vulnerabilities in the Samsung SmartCam devices in the past. IT security experts from Tripwire and AlienVault commented below.

Craig Young, security researcher at Tripwire

CraigYoung“While this flaw by default would not directly allow attacks from the Internet suitable for something like Mirai, it would be pretty trivial to use CSRF to infect devices on home networks.

It is always disappointing when a vendor eliminates features rather than fixing vulnerabilities as was the case in this camera.”

.

Javvad Malik, security advocate at AlienVault:

Javvad Malik“This vulnerability highlights the difficulty in securing IoT or smart devices, even for large manufacturers.

It shows that finding issues in devices is one thing, but fixing them is another. It’s typically not so easy to push out updates or fixes to smart devices, and when they do get sent it doesn’t always achieve the desired result.

There is also the balance of how updates will work. Many devices don’t have an interface that can inform the user of an update. So updates can occur at inopportune moments, and such devices become unusable for the duration of the upgrade.”