In February, at the hacker conference Shmoocon, two German security researchers, Daniel Mende and Pascal Turbing reported on findings that Internet-connected cameras can easily be exploited and turned into spy cams. The researchers were able to take advantage of a security flaw in the Canon EOS-1D X camera, stealing information sent to a network from the camera and taking complete control of the camera itself.
Recently, at the Hack In The Box convention in Amsterdam, Daniel Mende discussed the security issue again and you can view his presentation here, replete with some technical illustration. Unlike computer servers, cameras have no internal logs that would allow unauthorized accesses to be detected and / or discovered after the break in. The problem also extends to memory cards that add that type of connectivity to non-connected cameras.
The video presentation on YouTube of the researchers' February findings showed how to keep WiFi equipped cameras and network connections secure. I am not a fan of the current cameras coming with built-in WiFi features unless they have anti-hacking protection. Basically, it comes down to this simple advice : Use WEP. If you own a camera equipped with WiFi, use WEP. You are taking a risk if you are not.
Post a Comment