Bitdefender discovers IoT cameras used by cyber criminals

According to Bitdefender, camera models from Shenzhen Neo Electronics are vulnerable to cyberattacks.

The Chinese security firm reported that around 175,000 Shenzhen-based cameras, which are IoT connected and vulnerable to hacks, allowed cyber criminals to spy, enter a users network, or become part of a malicious botnet.

Researchers studied two cameras; the NIP-22 model and the iDoorbell model, and found several buffer overflow vulnerabilities on both.

The report stated: “These vulnerabilities could allow, under certain conditions, remote code execution on the device.

“This type of vulnerability is also present on the gateway which controls the sensors and alarms. This could allow hackers to potentially disable alarms or sensors as well.”

Researchers found 100,000 – 140,000 vulnerable cameras discoverable via the internet when searching for the HTTP web server, although it was estimated that 175,000 customers are at risk from the cameras because of its vulnerable RTSP server.

The report added: “This proof of a concept attack confirms once again that most IoT devices are trivial to exploit because of improper quality assurance at the firmware level.

“Paired with the fact that the bug affects the authentication mechanism, that is, it does not require the user to already be authenticated to exploit the flaw and the massive pool of affected devices, we can only imagine the impact a harvested botnet of devices might have.”

According to Tech Republic, security experts are predicted to rise in IoT security breaches throughout the year, so manufactures should make sure their devices are secure, and enterprises and consumers should have security protocols in place.

Written by Leah Alger