The BBC recently posted a story about one of its employees who had access through a mobile app to someone else’s video footage of their home security camera. The security camera was manufactured by Swann.
Following the story, a group of security researchers from Pen Test Partners decided to check it out and bought several cameras and started testing them. They were able to switch video feeds from one camera to another through the cloud service that was being used, which they said “provided arbitrary access to anyone’s camera.”
The researchers praised Swann in responding to their research and said Swann “took quick action to mitigate the attacks….Yes, there was a bug, but they dealt with it fast.”
The researchers stated that the cameras are battery powered and can stream video live or via a cloud service. The researchers identified the cloud service to the Swann cameras as OzVision. The serial number of the camera model is used as the primary identifier of the camera for the mobile app and is easily searchable in the mobile app. When the researchers logged into the system, they were able to switch the video feeds to each other’s camera by putting the serial number into the platform. They admitted this was pretty easy, but then they determined that because the serial numbers are not sophisticated, it would be relatively easy for a hacker or bad actor to determine serial numbers and gain access to people’s security cameras.
On top of that, the researchers indicated that OzVision, which reportedly has over three million smart cameras on its cloud platform, has a vulnerability in its tunnel protocol that does not properly verify that an app user is authorized to view certain material. According to the researchers, although Swann has fixed its vulnerability, other cameras that use OzVision, including the FlirFX smart camera, might be vulnerable.
The researchers recommend that if you have a Swann or other home security camera, “[U]pdate your mobile app and firmware…to the latest version. You’ll be a whole lot more secure then.”