The leader in global video surveillance Hanwha Techwin rushes to patch 13 critical security flaws detected in one of its most popular line of SmartCam security cameras. This fix is one of the parts of Hanwha Techwin’s public disclosure of the discovered bugs set.
The detected vulnerabilities start from the apply of unprotected HTTP communications protocol to a deficiency of protection of credentials that potentially can enable attackers to take over the control of the SmartCam security camera or even use it as a platform to start security attacks within a connected network.
Security researchers at Kaspersky Lab revealed the flaws last week. The security vendor agreed with the manufacturer Hanwha Techwin, who noted that it deploys patches in order to fix firmware applied in its hardware model SNH-V6410PN/PNW SmartCam security camera.
This model of SmartCam security camera is used by both individual users and small businesses. The model is primarily sold in European countries and South Korea. Kaspersky ICS CERT team announced that more than 2,000 of the security cameras have accessible IP addresses. In fact, the actual number of vulnerable security cameras is likely to be much higher.
Vladimir Dashchenko noted that “We believe there are even more of these cameras in use but inside protected networks.”
In addition, researchers at Kaspersky indicated in the report that the vulnerability could appear across a large segment of Hanwha Techwin security cameras that were developed using similar firmware and infrastructure. However, researchers only tested the V6410PN model security camera, so it is not completely clear how many model cameras the manufacturer is issuing for patches for.
The required condition for these kinds of attacks is the competitors must know the serial number of the security camera they are attacking. The researchers noted that the number is pretty easy to obtain. “The way in which serial numbers are generated is relatively easy to find out through simple brute-force attacks: the camera registering system doesn’t have brute force protection,” researchers at Kaspersky wrote.
In addition, the main vulnerability of the cameras’ is a misconfigured Hanwha communications protocol which is used with the third-party cloud service called Cisco Jabber. The service enables users to interact with their camera.
The report also indicated that:“One of the main problems associated with the cloud architecture is that it is based on the XMPP (Jabber) protocol. Essentially, the entire Hanwha smart camera cloud is a Jabber server. It has so-called rooms, with cameras of one type in each room. An attacker could register an arbitrary account on the Jabber server and gain access to all rooms on that server.”
Several detected bugs are cloud-related, while the most severe vulnerabilities allow attackers to access the attack vector where an adversary can root the camera and spy the DNS server addresses.
According to V. Daschenko, the attack is potentially likely to happen due to the URL address mentioned in the camera’s configuration file. In addition, these kinds of cyber attacks can be implemented even if the camera does not include IP address.
The problem with current IoT device security is that both customers and vendors mistakenly think that if you place the device inside your network, and separate it from the wider internet with the help of a router, you will solve most of the security problems – or at least significantly decrease the severity of existing issues. In many cases this is correct, he said. “However, our research shows that this may not actually be the case at all: given that the cameras we investigated were able to talk with the external world only via a cloud service, which is totally vulnerable.