Amcrest HD Cameras Prone to Complete Takeover, Cybersecurity Company Reveals

Amcrest, the company that manufactures live-stream surveillance cameras, has just disclosed that two zero-day vulnerabilities have been identified. The bugs, which are apparently confined to the IPM-721S models, allow complete take-over of the cameras.

Both the company and the cybersecurity company who identified the flaws urge consumers to download and install the latest firmware update. Sources from inside the company reveal that the vulnerabilities were discovered in late 2017.

Does this mean that everyone can see what I see?

Basically, if you were to keep running the same version of Amcrest’s proprietary software, you would expose yourself to eavesdropping.

Backtracking a bit, according to Synopsys, the cybersecurity company which identified the two major flaws, both bugs will allow a hacker to completely take over the cameras. What’s way worse is that you don’t need a PH. D in computer sciences in order to see what, well, others don’t want you to see.

According to Mandar Satam, Synopsys’s lead security researcher, the Amcrest flaws, which go by the names of CVE-2017-8229 and CVE-2017-13719, can be exploited via Shodan, a search engine capable of identifying vulnerable databases and devices.

The first vulnerability, flagged as a credentials bug, allows the hacker to tap into any Amcrest camera using an URL string.  As Satam explained, the hacker only needs to input the camera’s IP address into any URL string and, just like that, he can gain access to the camera’s config file.

From there, the hacker can simply copy the users’ credentials, such as names and passwords. What’s even more daunting is due to this exploit, the passwords are visible in plain-text.

As far as the second vulnerability is concerned, the same company explained that anyone with the right expertise could easily take control of the camera’s functions through an unauthenticated memory corruption bug.

More specifically, the hacker, who would previously speculate this vulnerability via Shodan, can send a string of 1,024 characters into any password field, thus triggering a memory-corruption action.

This is possible because the app’s HTTP API is hardcoded to receive any type of credential as base-64 directly encoded in the authorization HTTP coder. Subsequently, a missing-length check will allow the hacker to inject the code, trigger the bug, and overwrite the users’ password and name.

Both bugs have been labeled as severe: the CVE-2017-8229 has received a 9.8-CVE rating, while the CVE-2017-13719 got a 10 rating on the same Common Vulnerability Scoring System. To prevent a complete takeover, the consumers need to download and install the latest firmware update before logging into the device.

Wrap-up

The two vulnerabilities showcased by Synopsys prove that Big Brother isn’t just fiction, but can happen in real life. Fortunately, no events have been reported so far, but then again, no one can say this for certain.

So, if you’re the not-so-proud owner of an IPM-721S model, you should update it as soon as possible. You never know who maybe else might be watching, I don’t think you would like to find out.

What’s your take on Amcrest’s bug fixes? Head to the comments section and let me know.

About Daniel Sadler

Old-school PC gamer, poetry buff, cat lover, tech wiz. His writing career began almost two decades ago when he modestly acknowledged that hindsight or, lack thereof, can compromise security. He enjoys spending quality time with his friends and family. Most of his friends refer to Daniel as a "man of a few words, but, man, what words!" His interests include cybersecurity, IT, blogging, and, of course, everything related to technology.

Leave a Reply

Your email address will not be published. Required fields are marked *