Experts’ estimates show that more than 45 billion rooms will be active by 2022, and much of this will be smart rooms.
With features ranging from physiognomy recognition to modern motion detection sensors and Wi-Fi or bluetooth connections, smart cameras can now read registration numbers and interpret human behavior. Thus, they become the perfect surveillance tool for homes and commercial spaces.
Bitdefender researchers have recently analyzed four connected rooms and found that they all have severe vulnerabilities. They can be exploited remotely and can be fully controlled by attackers.
One of the chambers analyzed is the Keekoon KK005. After analyzing the operating system of all the devices manufactured by this manufacturer, the researchers concluded that all its rooms are affected by severe vulnerabilities. From easy authentication using weak access credentials to injecting commands and security breaches in the operating system, all allow remote compromise.
Another room – Tenvis TH661 Home Camera – was easy to compromise by trying multiple authentications, which would allow attackers to have unlimited access to all of its functionality. The more sensors this camera has (infrared, motion sensors, microphone, saving records on an external source), the more attackers will have more options for spying and surveillance.
The Reolink C1 Pro Camera camera hosts numerous firmware vulnerabilities that also allow remote control. As long as cameras can be used indoors and outdoors, vulnerabilities would allow villains not only to grab email authentication when the camera sends alerts but also Wi-Fi networks and from there to access the other devices in the home.
Geenker HD IP Camera is a night vision device with audio functionality from and to your device. Again, once attacked, the camera can execute remote commands and the attacker has the same rights as the owner.
It is advisable for users to inquire before purchasing about the policy of upgrading and troubleshooting the issues encountered during use.
It is equally important that users change their username and password from the factory even when installing the device. This avoids attempts by password breakers through multiple attempts of access data provided by the manufacturer even in the user manual.