Cybereason Uncovers 'Alarming Vulnerabilities' In IoT Devices

Boston-based security company Cybereason has found significant vulnerabilities in a variety of connected security cameras sold on the Internet.

’We picked up a bunch of random, unbranded, and very cheap security cameras off of websites like Amazon, and we started reverse-engineering their code, and we found two very alarming vulnerabilities,’ said Amit Serper, Principal Security Researcher at Cybereason.

Through those vulnerabilities, hackers could gain a password to a camera, spy through video feeds, and even talk back to the camera. Hackers can perform these breaches remotely, from the other side of the world.

Sponsored post

’We can also run code on the camera, which basically means we control it,’ Serper said.

’It’s pretty dangerous stuff, considering the Dyn attack and other things like that,’ he said.

The code run on these cameras dates back to 2012 and hasn’t been updated since.

Cybereason recommends a simple solution.

’We advise everyone to own this camera to just discard it. Throw it in the trash,’ Serper said.

Serper said he reached out to some of the camera manufacturers with Cybereason’s findings.

’And we’ve heard a deafening silence,’ he said.