Owners of the vulnerable indoor cameras are recommended to disconnect the devices from the power supply immediately
Around 3.5 million security cameras installed in homes and offices, mainly in Asia and Europe, have serious security vulnerabilities that expose the device owners to the risk of attackers spying on them, stealing their data, or other devices on the same network, the UK Consumers, Watchdog Attack Which? warned about it.
"Brands with potentially vulnerable cameras include Alptop, Besdersec, COOAU, CPVAN, Ctronics, Dericam, Jennov, LEFTEK, Luowice, QZT and Tenvis," says Which? The unique identification number (UID) can be vulnerable to a hack. Around 700,000 of the cameras are in use in Europe, including 100,000 in the UK.
These devices use peer-to-peer (P2P) capabilities that allow users to instantly connect to their devices when they go online. The vulnerabilities indexed as CVE-2019-11219 and CVE-2019-11220 affect iLnkP2P, a P2P solution developed by Shenzhen Yunni Technology Company. If these vulnerabilities are exploited, attackers can use the vulnerabilities to bypass firewalls and steal passwords.
The Consumer Watchdog assumes that up to 47 brands of radio cameras worldwide may have these defects. For the full list of vulnerable gizmos, visit this website from Paul Marrapese, an American security engineer who uncovered the issues.
If you own such a camera and it is kidnapped, cybercriminals can access the live footage and spy on your home or office, as well as communicate with other people if the camera has a microphone. You can also use the camera to determine your exact location, target other devices on your home network, or even add your camera to an online botnet.
Although changing the default password usually reduces the likelihood of exposure to the camera, it does not help in this case. "In fact, there is nothing you can do to protect yourself from the error," said Which? The consumer protection organization recommended that anyone who owns the vulnerable camera and uses the CamHi app should remove it from their network and switch it off.
Related Reading: These things may be cool, but are they safe?
HiChip, the company that produces many of the camera brands and developed the CamHi app, works with Which? and Marrapese on improving the security of his cameras. "HiChip has been focusing on researching and developing IP cameras for more than 10 years, and is continuing to improve camera security," said a HiChip spokesman.
Indeed, which one? triggered an alarm about security issues last October. The Gizmos can still be purchased from Amazon, eBay, Wish.com and AliExpress and continue to be used worldwide.
Regarding security problems with connected security cameras, ESET researchers have discovered a security hole in D-Link cameras that would allow attackers to access the video stream.
Amer Owaida June 15, 2020 – 5:26 p.m.