What was once a captivating element in the Mr. Robot TV series is now an all-too-common reality. For those who aren’t familiar with the show, in one episode, a lead character takes control of a wealthy woman’s home by hacking into the smart devices, causing them to wreak havoc until she was forced to leave. What the unsuspecting woman did not know was the hackers needed her to leave so they could use her home as a makeshift basecamp.
Even in the real world, IoT Devices have fatal vulnerabilities that–unless discovered and repaired–can leave consumers open to attack. That is exactly what VDOO, a security research firm, discovered in a recent investigation.
According to ZDNet: “Researchers at VDOO discover vulnerabilities which, if left unpatched, could allow attackers to take control of the devices or rope cameras into botnets.”
They continue to report, “In total, seven vulnerabilities in the cameras were discovered and researchers have detailed how three of them could be chained together in order to provide remote access to the cameras and execute remote shell commands with root privileges.”
For those unfamiliar with tech speak, hackers can pretty much access the spaceship, fly it where they want and make it so no one else can get in. That’s a big deal.
Hackers who take control of a device can do with it as they please; as far as the device is capable. For example, when they gain control over a camera, they can access its video stream, freeze the image, alter the camera’s software and even control where the camera is pointed.
Hackers can do the following with cameras they take control of:
Of course, the Axis cameras noted in the study above are not the only ones that have been discovered to have vulnerabilities. Foscam, a notable camera manufacturer, was also found to have flaws in its security. What is most disturbing, is many of the cameras discovered to have flaws are used to monitor office spaces and baby nurseries.
As a security dealer, it is your responsibility to remain aware of these vulnerabilities as they become known. As you learn about them, you must communicate with your customers to provide instructions on how they can combat threats. These issues can most often be resolved after a firmware update or by making changes to device settings.
There is often a communication window in which dealers have to inform their customers before they make public news releases. Once the public news releases are made, anyone can know exactly what the flaws are and use them to exploit unsuspecting people.