Vulnerabilities found in IP Cameras
IP-enabled security cameras manufactured by Loftek and VStarcam are said to be infected by more than two dozen vulnerabilities thus exposing them to remote attacks. More than 1.3 million cameras are currently in use today, with more than 200,000 models found in the US alone.
The Loftek DSS-2200 and VStarcam C7837WIP allows attackers to easily exploit the devices and can possibly turn them into DDoS botnets.
The vulnerabilities that exist in the devices are the hardcoded credentials, inability to update the firmware, lack of support for HTTPS and an undocumented Telnet port in the VStarcam device.
A cyber-security evangelist at Checkmarx, Amit Ashbel, said that the lack of HTTPS support for the devices is bad enough as the attacker can send a clear text GET request containing different commands to get control of the camera.
The devices are also said to be exposed to cross-site request forgery vulnerabilities, stored cross-site scripting flaws, server-side forgery and HTTP response splitting bugs.
Other camera models that are exposed to the similar vulnerable firmware include: Foscam, Advance, Wanscan, Apexis, Visioncam, Eshine and EyeSight.