Wireless Camera Flaws Allow Remote Exploitation

Foscam wireless IP cameras contain multiple vulnerabilities that can be used to steal credentials or hack the devices to launch further attacks, warn researchers from Qualys.

Thousands of wireless, Internet-connected cameras manufactured by Foscam have a firmware vulnerability that would allow an attacker to bypass security defenses and remotely steal credentials stored on the device.
That warning was issued Thursday at the Hack In The Box conference in Amsterdam by researchers Sergey Shekyan and Artem Harutyunyan from security firm Qualys. According to the researchers
To Watch Or To Be Watched: Turning your surveillance camera against you presentation
-- the Foscam firmware vulnerability allows an attacker to dump the entire memory, with no credentials, from the IP cameras. That memory dump would reveal, in plain text, the username and password for accessing the device, as well as any stored credentials for authenticating to Wi-Fi routers, websites, email accounts or FTP sites.
The unauthenticated attacker can access to the entire filesystem and steal Web & Wi-Fi credentials, according to a
bug report
posted to Neohapis. Attackers would also have access to whatever video and audio was being recorded by the camera.
[ Lawmakers who think legislation can thwart hackers who target financial institutions dont understand how the attacks work. Read
Laws Cant Save Banks From DDoS Attacks
. ]
According to a related vulnerability report released by the Department of Homeland Security on March 15, the Foscam IP cameras -- prior to firmware version 11.37.2.49 -- contain a
directory traversal vulnerability
in their Web interface that allows remote attackers to read arbitrary files via a .. [dot dot] in the URI, referring to a uniform resource indicator such as http.
The vulnerable cameras are manufactured by Hong Kong-based Foscam Electronics. While Foscam has released updated firmware that patches the directory traversal vulnerability, 99% of Internet-connected wireless Foscam IP cameras are still using the old firmware, according to the Qualys researchers.
Furthermore, the directory traversal flaw wasnt the only way of exploiting wireless Foscam cameras, they said. For example, a query using the
Shodan search engine
-- which will reveal Internet-connected devices with embedded Web servers -- revealed about 100,000 Internet-connected Foscam cameras, including 16,000 in the United States. On average, 20% of all Foscam cameras the researchers studied were configured to allow for a remote login using a username of admin and no password.
Even when devices do have a password, they remain vulnerable to brute-force login attacks. The researchers said that that free tools such as
THC-Hydra
, described as a very fast network logon cracker, would make short work of Foscam cameras sporting default credentials or
weak passwords
.
Foscam cameras are also vulnerable to a
cross-site request forgery (CSRF) attack
, in which a malicious link -- sent via email -- could be used to add an additional administrator account to a targeted device.
Beyond gaining access to the devices and compromising stored credentials, attackers could rewrite the code running on the devices, which run the Linux-based operating system
uClinux
, to make them proxies for launching malware or
distributed-denial-of-service attacks
against local or external networks, the Qualys researchers warned.
According to the researchers presentation, the best way to secure the wireless Foscam cameras is to not expose the camera to [the] outside network. If that cant be done, they recommend using firewall or intrusion prevention system rules to limit connections to the devices to a list of authorized IP addresses, as well as throttling bandwidth rates for anything that connects to the devices to slow any brute-force password-guessing attack. Finally, they recommend overriding any response headers issued by the device, which would make them harder to identify using Shodan and other Web-server-search tools.
People are your most vulnerable endpoint. Make sure your security strategy addresses that fact. Also in the new, all-digital
How Hackers Fool Your Employees
issue of Dark Reading: Effective security doesnt mean stopping all attackers. (Free registration required.)

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Wireless Camera Flaws Allow Remote Exploitation