back to article 'Hopelessly insecure’ Motorola CCTV cameras belatedly patched

Security researchers have successfully hacked the Motorola Focus 73 outdoor security camera, using exploits that allowed them to gain access to the associated home network’s Wi-Fi password as a result.   White hats at Context Information Security were able to obtain full control of the camera’s pan-tilt-zoom controls as well …

  1. Anonymous Coward
    Anonymous Coward

    Really?

    I mean... really?

  2. Fraggle850

    Binatone are still a thing?

    I seem to recall them being responsible for cheap and cheerful disposable consumer electro-tat in the '70s & '80s.

    1. Hans Neeson-Bumpsadese

      Re: Binatone are still a thing?

      My thoughts entirely. I've got some quite fond memories of Binatone kit in the early 80s, including a couple of fairly cheap and reasonable cheerful CB radios.

    2. m0rt

      Re: Binatone are still a thing?

      http://www.amazon.co.uk/Binatone-Brick-Sim-Free-Mobile-Phone/dp/B00GN88E42/

  3. Alistair
    Windows

    Not quite making sense of this:

    Binatone manufactured a camera, branded as a Motorola product, and

    "Hubble Connected has fully patched the vulnerability to ensure that the reported bug is addressed,” said Brendan Gibb, CISO at Hubble. “This firmware will be released on 2 February 2016 to all affected cameras."

    *Hubble* updated the firmware, automagically?

    *cough* Someone at Hubble has a new job with the (NSA/GCHQ/CCIS/spyagencyofchoice). Mind you if the security of the original code was as bad as described, perhaps not.

    1. Mark 85 Silver badge

      Re: Not quite making sense of this:

      Since all the cameras connected to Hubble and the password/username was "stupid/stupid".. the firmware pushout should have easy-peasy.

      Now did they change the username/password or just email the users to do that? Which means that only 10% will actually change the username/password...

  4. Christoph

    "The update process has reportedly been automated"

    I trust that the update process has much better security? Or can attackers force an update with their own code?

    1. Michael Thibault

      >I trust that the update process has much better security? Or can attackers force an update with their own code?

      All things considered, it's hoped that "much better security" will have included locking out the very fools who designed the sieve of security that allowed for a stealth update (of any kind) in the first place. The white-hats, for their part, should go once around the park and come back for a close, second look. It's the only way to be sure.

  5. Cuddles Silver badge

    Taking the CC out of TV

    Can we please stop calling these things "CCTV". The CC stands for "closed circuit", ie. it's a closed system that only allows any control and viewing to be done internally. If you monitor and control it via the internet, it's just a webcam. Call it a security camera if you want to pretend there's a meaningful difference from regular consumer webcams, but calling it CCTV implies a level of inherent security that simply isn't, and cannot be, present.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021