Pen Test Partners writes about IoT and security in the Samsung smart camera SNH-6410BN. They discovered eleven (11) issues, chained together to gain root access. Got r00t?
They write that a lot of the vulnerability research into IoT gear focuses purely on the offensive, with very little about how to fix issues and defend against attacks. Pen Test Parners looked at an IP camera that allowed them to chain together small issues to ultimately gain root access. However, fixing any one of the smaller issues would have made their job far harder. This give them an ideal chance to write about how to fix the issues as well as discover them.
Our target is a Samsung branded indoor IP camera – the SNH-6410BN. In terms of quality and functionality, the camera isn’t bad, with reasonable picture quality and workable apps.
But, as is the norm with IP cameras, the network security was lacking.
The web server only runs over HTTP, not HTTPS.
Read the full article at pentestpartners.com.
Please Support Saotn.org
Each post on Sysadmins of the North takes a significant amount of time to research, write, and edit. Therefore, your donation helps a lot! For example, a donation of $3 U.S. buys me a cup of coffee, and as you know: things jsut work better with coffee. A $10 U.S. donation buys me one month of web hosting (yes, hosting costs money). But seriously, thank you for any amount. Much appreciated!
Please donate to support this site if you found a post interesting or if it helped you solve a problem. Thanks! (Tip: no Paypal account required)