I attended a meeting of cybersecurity professionals recently and overheard several of them talking about their new security cameras and how great it is to see everyone who comes up the driveway and to the front door, and monitors the family members and pets in the home. One mentioned how his wife doesn’t approve of the devices and throws a towel over the camera or gets close and sneers.
We have commented on the vulnerabilities of security cameras before [view related tip].
New research has discovered that millions of security cameras have several security flaws that allow unauthorized people to eavesdrop, steal credentials, and take over the devices without the owner’s knowledge.
The flaws are in software developed by Shenzhen Yunni Technology of China and which is included in millions of IoT (Internet of Things) devices, including security cameras, baby monitors, Webcams, doorbells and video recorders. According to the researchers who discovered the vulnerability, the software, iLnkP2P, does not require any authentication and provides no encryption. Attackers can connect to the devices by bypassing a firewall. This vulnerability has been identified in millions of IoT devices around the world.
The researcher says there is no way to deal with the vulnerability other than to avoid purchasing or using any IoT devices that say they have peer-to-peer capabilities. I am following that researcher’s advice.