Samsung’s smart camera. A tale of IoT & network security

Pen Test Partners writes about IoT and security in the Samsung smart camera SNH-6410BN. They discovered eleven (11) issues, chained together to gain root access. Got r00t?


They write that a lot of the vulnerability research into IoT gear focuses purely on the offensive, with very little about how to fix issues and defend against attacks. Pen Test Parners looked at an IP camera that allowed them to chain together small issues to ultimately gain root access. However, fixing any one of the smaller issues would have made their job far harder. This give them an ideal chance to write about how to fix the issues as well as discover them.

Very interesting.

Our target is a Samsung branded indoor IP camera – the SNH-6410BN. In terms of quality and functionality, the camera isn’t bad, with reasonable picture quality and workable apps.

But, as is the norm with IP cameras, the network security was lacking.

Typically, a user would connect to the camera using the mobile app or “the cloud” using a website. But the camera still has SSH and a web server running on it. This is where our journey begins.

The web server only runs over HTTP, not HTTPS.

Read the full article at pentestpartners.com.


Show your support


If you want to step in to help me cover the costs for running this website, that would be awesome. Just use this link to donate a cup of coffee ($5 USD for example). And please share the love and help others make use of this website. Thank you very much!

This may interest you:   Joomla Media Manager Attacks in the Wild

About the Author Jan Reilink

My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization.

follow me on:

Leave a Reply

Be the First to Comment!

avatar
  Subscribe  
Notify of