Millions of Connected Cameras Vulnerable to Hijacking

Two vulnerabilities discovered in communication technology in video monitoring equipment from hundreds of brands allow hackers to hijack security cameras, baby monitors and smart doorbells. Over 2 million vulnerable devices have been identified online, but the number may be higher.

The number of affected devices comes from a common component, iLnkP2P, that facilitates the connection between the camera and a remote device (computer, mobile phone), present either on the local network or outside it. iLnkP2P is meant to allow access with minimum effort from the user.

Unfortunately, the peer-to-peer (P2P) component is vulnerable and can help hackers take full control of affected devices. Attackers can do this by combining two bugs: one to discover the vulnerable equipment and another to intercept the connections to them, which may be used to steal login credentials to hijack them.

The two issues were discovered by security engineer Paul Marrapese. He sent multiple advisories to vendors starting January 15 but received no reply. On February 4, he identified the maker of the iLnkP2P component (Shenzhen Yunni Technology Company, Inc.) and informed them of the issue. A second message to the developer 10 days later remained unanswered, too.

This is a problem researchers face regularly when they try to warn IoT developers of security problems in their products. The cause is a lack of standards and regulation, which allows vendors to peddle their gadgets without baseline security or providing contact details users and researchers can use to report problems.

Marrapese was able to identify vulnerable devices by their unique ID (UID) a number assigned by the manufacturer and used to establish the connection with a remote computer. He found that products from HiChip, TENVIS, SV3C, VStarcam, Wanscam, NEO Coolcam, Sricam, Eye Sight, and HVCAM all use the iLnkP2P component and are vulnerable.

“iLnkP2P is used by hundreds of other brands as well, making identification of vulnerable devices difficult,” the researcher says.

In the advisory, he provides a list of UID prefixes indicating that the device is vulnerable. To learn whether you are impacted, compare the prefix in the list with the UID printed on your device.

If you can’t find the UID, Marrapese also gives a list of Android applications for devices that may be vulnerable:

• HiChip: CamHi, P2PWIFICAM, iMega Cam, WEBVISION, P2PIPCamHi, IPCAM P
• VStarcam: Eye4, EyeCloud, VSCAM, PnPCam
• Wanscam: E View7
• NEO: P2PIPCAM, COOLCAMOP
• Sricam: APCamera
• Various: P2PCam_HD

To avoid falling victim to hacking, you typically have two choices: buy products from reputable manufacturers or vendors or invest in a security solution that can take the burden off your shoulders and automatically block exploitation attempts or warn of vulnerabilities in any gadget on your local network.

Image credit: Paul Marrapese