2 min read

Cracking the LifeShield: Unauthorized Live-Streaming in your Home

Bitdefender

January 27, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Cracking the LifeShield: Unauthorized Live-Streaming in your Home

Also, CVE-2020-8101 – Command execution due to unsanitized input

Do-it-yourself home security solutions are centerpieces of the modern  lifestyle. From sensors to surveillance and anything in between, these solutions have our back while we’re at home and, even more importantly,
while we’re away.

Easily accessible from any part of the world, these live feeds offer peace of mind, letting you know that everything is fine back home. Securing this universe involves close collaboration between vendors, users and external security research teams.

Gaps in this fragile ecosystem can have unforeseen consequences and might even turn devices that protect our privacy into tools that violate it.
This research article aims to shed light on the security of the world’s best-sellers in the IoT space.

Impact

While looking into the LifeShield camera, Bitdefender researchers discovered several security issues that would allow a local attacker to:

  • leak local credentials from the cloud for each vulnerable device
  • perform local command injection after authentication
  • access the RTSP feed while on the same network

These attacks are particularly effective in multi-tenant environments, such as small shops or shared homes that would allow a person connected to the same Wi-Fi to eavesdrop on conversations in the range of the vulnerable product.

Mitigation

Home users should keep a close eye on IoT devices and isolate them as much as possible from the local or guest network. This can be done by setting up a dedicated SSID exclusively for IoT devices.

Additionally, IoT users can use the free Bitdefender Smart Home Scanner app to scan for connected devices, identify and highlight vulnerable ones. IoT device owners should also make sure that they check for newer firmware and update devices as soon as the vendor releases new versions.

To minimize risks of compromise, smart home users should consider the adoption of a network cybersecurity solution integrated into the router, such as the NETGEAR Orbi or Nighthawk routers powered by Bitdefender Armor.

Download the whitepaper

ADT, who now owns the LifeShield brand, was quick to address the issues once contact was established. Patches were applied to the production servers and all 1500 affected devices within 2 weeks of being notified
of the vulnerabilities.

tags


Author



Right now

Top posts

Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

November 08, 2021

2 min read
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

September 16, 2021

2 min read
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

New FluBot and TeaBot Global Malware Campaigns Discovered New FluBot and TeaBot Global Malware Campaigns Discovered
Bitdefender

January 26, 2022

10 min read
Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer
Bitdefender

January 19, 2022

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand
Bogdan BOTEZATU

November 08, 2021

2 min read