1 min read

NeosSmartCam Vulnerabilities Let Attackers Bypass Authentication and Log in as Root, Research Finds

Silviu STAHIE

April 22, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
NeosSmartCam Vulnerabilities Let Attackers Bypass Authentication and Log in as Root, Research Finds

Bitdefender’s security researchers found a couple of vulnerabilities in the NeosSmartCam IoT devices that would allow attacks to bypass authentication and execute code remotes, opening up new ways to exploit the device.

It’s impossible to overstate the importance of smart security cameras or the value of the content they gather every day. Many consumers install them and forget about an online ‘eye’ that’s always filming in the background. Opening this type of hardware to remote attacks is one of the worst possible scenarios for a smart home.

In an effort to address these issues and make the smart home safer, Bitdefender regularly investigates some of the most popular IoT devices on the market. Security researchers analyzed the NeosSmartCam and found two vulnerabilities that the vendor quickly fixed.

“A vulnerability in device firmware allows a local attacker to bypass the authentication mechanism and gain access to undocumented device features, including root access,” said the security researchers in the paper.

“We can access undocumented features, allowing us to gain root privileges on the device by enabling Telnet and using the root:ismart12 credentials.”

Attackers can exploit the vulnerability remotely or from the LAN network, making it especially dangerous. The second vulnerability allows for a buffer overflow attack that enables third-party users to run commands as root. The functionality can also be accessed remotely, provided the attacker knows the device UID, just like the first one.

The vendor addressed the problem quickly and released firmware version 4.15.2.311, which fixes both vulnerabilities. The fact that Neos runs a bug bounty program helped a great deal because it allowed both parties to establish a secure communication channel.

As a precaution, make sure that you keep your IoT devices isolated on the home network, connected to a dedicated SSID. If you have smart devices in your house, you should also adopt a powerful network cybersecurity solution such as NETGEAR Orbi or Nighthawk routers powered by Bitdefender Armor.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read
Dealing with Cyberbullying as Adults and Children through Communication - School Presentation Inside Dealing with Cyberbullying as Adults and Children through Communication - School Presentation Inside
Silviu STAHIE

June 30, 2022

2 min read