Earlier today, Kaspersky Lab researchers announced that they had discovered flaws in Hanwha’s SmartCam cameras. More than a dozen vulnerabilities were found including critical flaws that can be used to take control of devices remotely. IT security experts commented below.
Amir Abramovitch, Security Researcher at Cy-OT:
This is particularly worrying as the camera is wireless-only (no wired connection available) and may not be properly managed and monitored at a corporate office. More likely, most offices won’t even know they have one of these on premise.
These vulnerabilities in Hanwha smart cameras create an opening for hackers to remotely take over the device and use it to infiltrate corporate secure networks.”
Steve Giguere, EMEA Engineer at Synopsys:
Understanding that shifting the detection of serious product vulnerabilities as early as possible in the development process, using static code analysis (SCA), fuzzing technologies and penetration tests, provides an opportunity, not only for reduced developer costs, support and maintenance, but also mitigated risk of negative impact on brand and product reputation.
Considering that insecure devices such as smart cameras can give attackers the ability to use anything from buffer overflow vulnerabilities to cloud misconfigurations and insecure data in transit; allowing for anything from arbitrary code execution to botnet DDoS or crypto-mining to complete administrative access to the camera, the question shouldn’t be what is the cost of security; but what is the cost of not taking security seriously enough?”