More than 120,000 Internet of Things cameras online right now can easily be hacked, a security researcher warned at a conference on Friday.
The researcher found that two cameras from Chinese gadget maker Shenzhen Neo Electronic have vulnerabilities that allow hackers to remotely access their video stream, or take full control of the cameras, opening up the possibility that someone could amass an an Internet of Things botnet of around 150,000 devices. Alex Balan, a researcher at security firm Bitdefender who found the flaw, told Motherboard that he tried to warn the company, but he claims it never got back to him. So the the flaws have yet to be fixed, and may never be fixed, he said.
"It's unpatched and unpatchable," Balan told Motherboard in an interview at the Def Con hacking conference in Las Vegas.
The two models of cameras that have vulnerabilities are the NIP-22 and the iDoorbell. But other cameras, from other companies, might have the same bugs because they use the same firmware, according to Balan. There's no mechanism to automatically update or push patches to the cameras, according to Balan.
The two cameras from Shenzhen Neo Electronic are not the first IoT cameras or devices found to be vulnerable. In the last few years, security researchers and malicious hackers have found several flaws in IoT devices such as surveillance cameras, crockpots, stuffed animals, dishwashers, and even dildos. These devices could be hacked individually, of course, but in certain cases hackers have found a way to enlist hundreds of thousands of vulnerable devices in botnets. These botnets have been used to launch distributed denial of service attacks that, in one case, crippled the internet in the east coast of the United States.
Our IP Address: