- Swann security camera system serial number#
- Swann security camera system serial#
- Swann security camera system update#
They were less pleased with OzVision’s response.
Swann security camera system update#
Coming firmware will resolve the root password issue,” Tierney shared, and advised users to update their mobile app and firmware in their Swann cameras to the latest version. More recent firmware will resolve the factory reset/PSK persisting issue.
Swann security camera system serial#
“The serial switching issue has been fixed. The researchers praised Swann’s reaction to the findings and their willingness to cooperate to push out fixes as soon as possible. “From here, one could probably push rogue firmware and create a persistent shell,” Tierney noted. If you were to sell the camera to someone at a later date, the person would be able to extract that piece of info and use it to access your Wi-Fi.Īnother discovery was a root FTP shell on the device that can be accessed via a preset root password. The researchers also found that, contrary to what is stated in the camera’s manual, factory resetting the camera will not remove the SSID and PSK (pre-shared key) of the wireless network it was connected to. So, a targeted attack might not be possible (immediately or quickly), but accessing arbitrary cameras is. We believe the keyspace could be fully enumerated in as little as 3 days, given a distributed set of concurrent requests to the API,” Tierney noted. Vangelis took a look at the API and realised that it allowed enumeration. “The serial is of the form swn then 9 hex chars.
Swann security camera system serial number#
The attacker needs to know the serial number of a camera whose feed he wants to access, but that’s also not a problem. “The API would check that you were authenticated to make the request but not authorised to view that particular camera,” Helme explained.
They discovered that they can easily switch video feeds from one camera to another through the cloud service, because the web based API uses the camera’s serial number as the identifier to connect to it. So, they banded together to do some testing. Researchers Andrew Tierney, Chris Wade and Ken Munro from Pen Test Partners, University of Surrey professor Alan Woodward, BBC hacker in residence Scott Helme, and independent researcher Vangelis Stykas were all intrigued by a recent BBC report that showed how a Swann home security camera sent footage from inside a family’s home to the wrong person’s app.īut they weren’t convinced by the company’s explanation on how this was possible and decided to see for themselves where the problem lies – and whether they can uncover others. Swann security cameras are often used in business offices and homes, so the idea that someone can easily spy on random people’s private moments is unsettling. Swann SWWHD-Intcam is battery-powered, connected to and configured from a dedicated app, and it can stream video either directly over the local network or via a cloud service, which is provided by Israeli company OzVision. Researchers have unearthed a security flaw in a Swann security camera that allows attackers to spy on the video and audio feed of anyone’s camera.
0 kommentar(er)
