I mean... really?
Security researchers have successfully hacked the Motorola Focus 73 outdoor security camera, using exploits that allowed them to gain access to the associated home network’s Wi-Fi password as a result. White hats at Context Information Security were able to obtain full control of the camera’s pan-tilt-zoom controls as well …
Binatone manufactured a camera, branded as a Motorola product, and
"Hubble Connected has fully patched the vulnerability to ensure that the reported bug is addressed,” said Brendan Gibb, CISO at Hubble. “This firmware will be released on 2 February 2016 to all affected cameras."
*Hubble* updated the firmware, automagically?
*cough* Someone at Hubble has a new job with the (NSA/GCHQ/CCIS/spyagencyofchoice). Mind you if the security of the original code was as bad as described, perhaps not.
Since all the cameras connected to Hubble and the password/username was "stupid/stupid".. the firmware pushout should have easy-peasy.
Now did they change the username/password or just email the users to do that? Which means that only 10% will actually change the username/password...
>I trust that the update process has much better security? Or can attackers force an update with their own code?
All things considered, it's hoped that "much better security" will have included locking out the very fools who designed the sieve of security that allowed for a stealth update (of any kind) in the first place. The white-hats, for their part, should go once around the park and come back for a close, second look. It's the only way to be sure.
Can we please stop calling these things "CCTV". The CC stands for "closed circuit", ie. it's a closed system that only allows any control and viewing to be done internally. If you monitor and control it via the internet, it's just a webcam. Call it a security camera if you want to pretend there's a meaningful difference from regular consumer webcams, but calling it CCTV implies a level of inherent security that simply isn't, and cannot be, present.
Biting the hand that feeds IT © 1998–2021