Web-connected cameras can be great security and monitoring tools that can keep your home safe. With a smartphone or a computer, these cameras allow you to view their live feeds over the internet, essential for home security, surveillance or for keeping an eye on children or pets.
But as we approach the age of these Internet of Things hacks, what if these webcams, that are supposed to make you feel safe and secure, are full of security holes themselves? What if someone can turn these cameras against you, and in turn, invade your own privacy?
This is exactly what was found in this line of web-connected cameras yet again.
Swann security flaw
Security researchers from Pen Test Partners have found security flaws on smart cameras built by a company called Swann. The flaw could allow anyone to access these smart cameras and view their streams without permission.
How does the flaw work? Well, each Swann camera uses a hard-coded serial number to communicate with its cloud-based service provided by OzVision. With the use of simple proxy software, the researchers managed to spoof any Swann camera serial number to view its feed.
"We successfully switched video feeds from one camera to another through the cloud service, proving arbitrary access to anyone's camera," Pan Test Panther's Andrew Tierney wrote in a blog post.
Although the researchers only tested the hack on their own cameras so they already knew the serial numbers, they said it will only take three days to enumerate all Swann serial numbers.
This means that if hackers exploited this flaw, they would have had access to sensitive video streams around the world.
Thankfully, within a week of being informed by the researchers of the flaw, Swann quickly issued a fix with its latest firmware for the affected cameras. The company reportedly changed how its service's API works and the spoofing technique no longer works.
However, although Swann's issue is resolved, OzVision still has other smart camera companies that rely on its cloud service. These cameras, like the Flir FX smart camera, are also vulnerable to similar attacks.
It's an alarming symptom of a major issue of connected Internet of Things appliances in general - security is still an afterthought and manufacturers will have to rethink how they execute their products' defenses against cyberattacks.
How to update your Swann Camera firmware
Here's how you update to the latest Swann Camera firmware (courtesy of Swann's Support Page).
Find the firmware information
- Open SwannCloud app and log in to your account. Tap on Camera (bottom) to see your list of cameras.
- A camera that needs a firmware update is usually highlighted in red and bold letters.
- Select the camera that you need to update by tapping it.
- Tap the settings icon (gear icon) at the top right.
- Tap on About camera. The word ‘Update’ is shown. Then tap Firmware Version.
Update the firmware
- Tap the Update button then Start to initialize the firmware update process.
- After the upgrade is completed, the app will go back to the Camera tab page and eventually, the firmware update message (that message in red) will disappear. The name of the camera is no longer in red, indicating that the firmware update was a success.
Bonus: See why 2 million people have chosen to secure their home with our sponsor SimpliSafe Home Security. With SimpliSafe, there are no contracts and no hidden fees, no nonsense. SimpliSafe provides all this plus 24/7 monitoring, for only $14.99 a month. Order your SimpliSafe system right now! As a listener of The Kim Komando Show, you get free shipping and free returns! Visit SimpliSafeKim.com now.
Russian hackers reported to have infiltrated U.S. electric utilities
This may sound like a frightening Hollywood movie plot but make no mistake about it, the seeds of a massive attack on our electrical power utilities have already been planted. Click here and see how state-sponsored hackers have already infiltrated U.S. electrical companies and what can you do about it.