Inexpensive WiFi cameras are widely available over the internet. That might sound compelling, but it’s important to understand their security holes and the risk they bring to your network.
Pierre Kim, an IT security blogger, has recently discovered 1,250 different camera models that are modified and branded by hundreds of companies.
These cameras have many vulnerabilities:
- They contain backdoor accounts that will allow the manufacturer full access to your information
- They connect to the cloud for the mobile app using clear text passwords
- Anyone who has the serial number of the camera can access that camera
If you have a camera on this list, Kim recommends immediately removing it from the Internet and disposing of it. Kim states, “I advise to IMMEDIATELY DISCONNECT cameras to the Internet. Hundreds of thousands of cameras are affected by the 0day Info-Leak. Millions of them are using the insecure Cloud network.”
Furthermore, Kim implies that the millions of cameras actually include bonnet code already: “This “cloud” protocol seems to be more a botnet protocol than a legit remote access protocol and has indeed weakness (everything in clear text, i.e. an attacker can attack cameras within the cloud and leverage potential access to hack internal networks).”
We recommend doing your research before purchasing new cameras – don’t buy cheap cameras from unknown manufacturers. Purchasing from a trusted source, even if it’s more expensive, will benefit you in the long run.