The vulnerabilities, even if not of dangerous magnitude, surfaced as the experts in VDOO minutely scrutinized the security aspects of a number of top camera models.
The analysis of the camera models by the premier cyber security firm mainly concentrated on the IP cameras—known to be the best ever tool to ensure security.
In the recent technical findings, the VDOO experts have already named as many as seven vulnerabilities in these camera models which include CVE-2018-10662 - Unrestricted dbus access for users of the .srv functionality, CVE-2018-10663 - Information Leakage vulnerability in the /bin/ssid process, CVE-2018-10664 - Crashing the httpd process.
These are apart from, CVE-2018-10658 - Crashing the /bin/ssid process, CVE-2018-10659 - Crashing of the /bin/ssid process, CVE-2018-10660 - Shell command injection vulnerability.
The experts who conducted the analysis have given a detail account of these security flaws to the vendors as the principal measure to keep them on alert forcing Axis Communications to release its firmware updates.
The Swedish camera manufacturing giant, further, released a list of the cameras models where the vulnerabilities surfaced during the scrutiny of the security affairs. In addition to these, the company notified the firmware version number of these unsafe camera models which includes the fixes, and an updated firmware link.
The flaws, the cyber security experts maintain, are a huge advantage for the hackers if they are in the know of an IP address. But it is no longer easy these days since The botnets keep scanning the IPv4 address space in search of vulnerable devices nearby if any.
According to what the VDOO experts say, the hackers might take the rein of a vulnerable device if they successfully chain CVE-2018-10660, CVE-2018-10661, and CVE-2018-10662 which is an uphill task.
They further claim that the hackers, if allowed to take the rein of these camera models, can only add it to a botnet and can only change the software.
These hackers only can use the camera as an infiltration point for network. In addition to these, they can get access to its video stream which could be freezed. They would have the advantage to move the lens to a point where ever want.
Till the time of this analysis, the experts were not in the know of any such attempt by the cyber criminals exploiting these security lapses. But in the same breath, they have suggested an early installation of the patched firmware to escape the impending danger.
