In this case, the latest IoT (Internet of Things) devices to fall victim are Samsung SmartCam cameras. These cloud-enabled security devices, popular with small and medium-sized businesses, were originally designed and manufactured by Samsung and recently sold to the Hanwha Group.
In response to the vulnerabilities reported, the new owner of the line decided to disable the local admin panel, which only allows the users to access their cameras through a smartphone app.
Not only was this move unpopular with the user base, but it proved to be utterly ineffective.
A group of hackers calling themselves “The Exploiteers” found a way to get around the change and re-enable the local admin panel. They were then able to utilize various exploits to take full control over the devices.
Not only would this allow them to turn the cameras off at will, which represents a nightmare scenario from a security perspective, but this, of course, would also give them unfettered access to the security feed itself, and the ability to pan the cameras around.
Effectively, then, this exploit turns your own security devices against you.
Fortunately, not only did the Exploiteers inform the company of their successful efforts. They also included instructions on how to properly patch the equipment to keep this from happening in the future.
The bottom line here is if you use Samsung SmartCams to protect your business, you’re definitely going to want to make sure you have them patched with the latest security updates in order to minimize your risks.
This underscores the need for smart device manufacturers to get much more serious about providing some basic level of security for the devices they make and sell. Expect to see more stories like these in coming months, because so far, equipment manufacturers have displayed limited interest, and it’s creating a large and growing time bomb on the internet as the IoT continues to expand.