The fact that they’re easy and convenient is typically what stands out, but they also come with their risks. And no matter how secure they appear, they can still be hijacked. That’s why most manufacturers are constantly trying to stay one step ahead of threats with security upgrades.
But what if a manufacturer knew of a major security flaw and did nothing to address it? That’s what happened when a smart security system maker reportedly ignored warnings from security researchers, and left vulnerabilities that would allow anyone to access their customers’ video recordings.
A security camera that’s anything but secure
The vulnerability was found in the Guardzilla All-In-One Video Security System (model GZ521W), which provides indoor video surveillance. According to TechCrunch, researchers at 0DayAllDay discovered that every one of these Guardzilla systems has the same shared hard-coded credentials, or keys, in the firmware for storing saved video data – credentials that allow customers to upload video recordings to the company’s servers.
Because of those keys and an easy-to-crack password, any halfway-skilled attacker using this Guardzilla system could obtain the shared code and access any other user’s saved videos. So 0DayAllDay reached out privately to the company in late September about the vulnerability. The researchers asked that Guardzilla release new firmware to patch the problem on each device within three months, but they say the company never acknowledged the request. So they made their findings public. (read the report by clicking or tapping here)
TechCrunch says those credentials are still linked to those servers, thus still vulnerable, even as of this week. They tried to reach out to Guardzilla, and their law firm responded saying the company never received correspondence and that the “accusations are false.”
Keeping your cameras accessible only to you
First of all, if you have one of these systems, it would be best to stop using it until the flaw is addressed. With any other camera or system, change any default password as soon as you open it. And make sure your home internet is secure.
Read descriptions and reviews before purchasing any equipment. If you find a device you like, check to see how often it’s updated by the manufacturer.
And although it’s not always the case, it does apply here: you get what you pay for, so avoid surprisingly cheap internet-connected cams. They’ll probably have just as surprising lack of security.