NeosSmartCam Vulnerabilities Let Attackers Bypass Authentication and Log in as Root, Research Finds
Bitdefender’s security researchers found a couple of vulnerabilities in the NeosSmartCam IoT devices that would allow attacks to bypass authentication and execute code remotes, opening up new ways to exploit the device.
It’s impossible to overstate the importance of smart security cameras or the value of the content they gather every day. Many consumers install them and forget about an online ‘eye’ that’s always filming in the background. Opening this type of hardware to remote attacks is one of the worst possible scenarios for a smart home.
In an effort to address these issues and make the smart home safer, Bitdefender regularly investigates some of the most popular IoT devices on the market. Security researchers analyzed the NeosSmartCam and found two vulnerabilities that the vendor quickly fixed.
“A vulnerability in device firmware allows a local attacker to bypass the authentication mechanism and gain access to undocumented device features, including root access,” said the security researchers in the paper.
“We can access undocumented features, allowing us to gain root privileges on the device by enabling Telnet and using the root:ismart12 credentials.”
Attackers can exploit the vulnerability remotely or from the LAN network, making it especially dangerous. The second vulnerability allows for a buffer overflow attack that enables third-party users to run commands as root. The functionality can also be accessed remotely, provided the attacker knows the device UID, just like the first one.
The vendor addressed the problem quickly and released firmware version 184.108.40.2061, which fixes both vulnerabilities. The fact that Neos runs a bug bounty program helped a great deal because it allowed both parties to establish a secure communication channel.
As a precaution, make sure that you keep your IoT devices isolated on the home network, connected to a dedicated SSID. If you have smart devices in your house, you should also adopt a powerful network cybersecurity solution such as NETGEAR Orbi or Nighthawk routers powered by Bitdefender Armor.
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
June 28, 2022
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online
June 28, 2022
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021
June 22, 2022
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022