Patched Samsung IP camera still contains leak that allows takeover
Security researchers from the company Exploiters have found a leak in a Samsung Smartcam that allows an attacker to take over the device remotely. They had previously informed Samung of vulnerabilities in its IP cameras.
The vulnerability is present in the SNH-1011 model, but may also exist in other models. The researchers write that the vulnerability is in PHP code, which allows an attacker to execute arbitrary code on the camera by means of command injection. This allows him to take over the device and, for example, gain access to the images that the camera records. The vulnerable code is responsible for updating the firmware via the so-called iWatch service. Since there is no input sanitation, an attacker can choose a file name for an update file, which contains malicious commands. The web server then executes these commands as root. The researchers report that this is not the first time that this camera line from Samsung appears to be vulnerable.
An earlier 2014 study revealed that it was possible to remotely code the cameras and change the administrator password. When Samsung was made aware of this fact, it decided to remove the entire locally accessible web interface. As a result, users were forced to log in via Samsung’s SmartCloud website. That is why the researchers now chose to look at the IP camera again to verify that the leaks had been closed. It turned out to be, with the exception of the vulnerable PHP code, which had not been removed by Samsung.
Leaks in IP cameras are common. The research organization AV-Test recently published a safety test of eight different IP cameras. In addition, cameras from Logitech, Netgear and MyFox achieved the maximum number of points, the rest scored lower. For example, some models transmit images unencrypted. Inadequate security cameras are also part of the Mirai botnet, which is largely made up of hacked IoT devices. The American FTC recently filed a complaint against D-Link because the company would not sufficiently protect its IP cameras. The Taiwanese manufacturer rejects this.
Demonstration of an exploit of the vulnerability