Privacy and security are always at the top of the list of priorities when looking at getting new gadgets. The last thing you want to do is purchase something that isn’t built to keep your information safe.
Even worse is when those devices can be used to spy on you. That happens more than you’d like to imagine.
In fact, we’ve just learned about some serious flaws in a bunch of surveillance equipment. Nine million webcams are wide open to attack, and you might have one in your house.
What are the flaws?
Researchers at SEC Consult just issued a warning about surveillance equipment built by Chinese manufacturer, Hangzhou Xiongmai Technology. They found a bunch of critical vulnerabilities that make it easy for hackers to take over your camera and spy on you.
One of the flaws is many of the devices come with a default password that is super easy to crack. Or, there’s no password at all and no requirement to set one.
Other vulnerabilities include multiple unencrypted communication channels, along with a failure to check the integrity of firmware updates that aren’t signed.
One of the worst flaws deals with the P2P Cloud feature. It bypasses firewalls and allows remote connections into private networks.
With all of the discovered vulnerabilities, hackers could find and easily exploit them for a number of attacks. Spying and using the devices in a Botnet to name a couple.
Is there anything we can do now?
The one thing that you can do is make sure all default passwords have been changed to something more secure. You should already be doing this with all of the gadgets in your home that have them.
But the problem is that passwords aren’t the only potential vulnerabilities. The others that we listed have no resolution. The only way to know you’re protected is to not use any of the devices made by Xiongmai.
That’s another problem. Xiongmai doesn’t actually have branded webcams. Its equipment is sold under other brand names. There are over 100 of them worldwide.
So here’s a massive list of brands that might be using Xiongmai-built equipment. If you have one, you might want to stop using it.
9Trading, Abowone, AHWVSE, ANRAN, ASECAM, Autoeye, AZISHN, A-ZONE, BESDER/BESDERSEC, BESSKY, Bestmo, BFMore, BOAVISION, BULWARK, CANAVIS, CWH, DAGRO, datocctv, DEFEWAY, digoo, DiySecurityCameraWorld, DONPHIA, ENKLOV, ESAMACT, ESCAM, EVTEVISION, Fayele, FLOUREON, Funi, GADINAN, GARUNK, HAMROL, HAMROLTE, Highfly, Hiseeu, HISVISION, HMQC, IHOMEGUARD, ISSEUSEE, iTooner, JENNOV, Jooan, Jshida, JUESENWDM, JUFENG, JZTEK, KERUI, KKMOON, KONLEN, Kopda, Lenyes, LESHP, LEVCOECAM, LINGSEE, LOOSAFE, MIEBUL, MISECU, Nextrend, OEM, OLOEY, OUERTECH, QNTSQ, SACAM, SANNCE, SANSCO, SecTec, Shell film, Sifvision / sifsecurityvision, smar, SMTSEC, SSICON, SUNBA, Sunivision, Susikum, TECBOX, Techage, Techege, TianAnXun, TMEZON, TVPSii, Unique Vision, unitoptek, USAFEQLO, VOLDRELI, Westmile, Westshine, Wistino, Witrue, WNK Security Technology, WOFEA, WOSHIJIA, WUSONLUSAN, XIAO MA, XinAnX, xloongx, YiiSPO, YUCHENG, YUNSYE, zclever, zilnk, ZJUXIN, zmodo, and ZRHUNTER.
Bonus: More spying from China
This isn’t the first time we’ve seen suspicious spying techniques coming from China. Tap or click below to listen to our Komando on Demand podcast “Is the Chinese government using smartphones to spy on you?”