Researchers find an error in the internet surveillance camera that allows hackers to view users’ video feeds and even hijack the device to scan a network for other holes
- Researchers discovered that Cacagoo cameras had multiple vulnerabilities
- Hackers can use audio and video feeds with one mistake
- Another allowed hackers to scan networks for other vulnerable devices
- The cameras also sent data to a Chinese server
A brand of home security camera brand has been noticed with serious flaws that give hackers a back door to video feeds and possibly even other devices on the home network.
According to security researchers at Avira, an internet protocol camera (IP) made by the Cacagoo company not only contains an error that allows hackers to watch the video feed, but can also expose other devices that are connected to their network.
IP cameras made by the Cacagoo company as discovered in the photo with some serious errors allowing hackers to monitor video and audio and even scan home networks for more errors
Researchers say they were able to exploit telnet’s camera use – a fairly outdated application protocol used to send data with plain text – by using a so-called brute force attack.
Brute force submits many password attempts to a system with the ultimate goal of guessing the correct password.
“During our review of various IoT devices, we got hold of the Cacagoo IP camera and found vulnerabilities that would allow attackers not only to intercept and view recorded videos, but also to view the device itself and other devices within the same network, “researchers wrote in their report.
In addition, researchers discovered that the cameras, which make digital video and send their image data via the internet, do not encode audio and video transmitted over the network.
If the company were to encrypt the data, a hacker with access to the audio and video stream would have a much harder time viewing the stream.
In addition to the concerns, researchers say they have also seen suspicious activity while the camera transmitted data to an unknown Chinese server.
According to researchers, cameras were also inexplicably sent to a foreign Chinese server
“During our network behavioral analysis of both devices, we observed suspicious behavior when analyzing the YCC365 plus application traffic, which really caught our attention,” they wrote.
The leakage of that information is not only suspicious, but can also be considered a security leak, they write.
Internet-connected security cameras were reviewed in the past year, as errors in popular cameras from Ring, an Amazon company, have come to light.
At the end of last year a series of highly published hacks were reported in which intruders we are able to take over Ring cameras.