Moral of the story - Bug fix and patch management are NOT common in consumer devices.
From the Article
They found that weaknesses in the devices could allow an attacker to view video and "hot-mike" audio on the cameras to spy on the targets, as well as inject their own video frames into the DropCam feed or freeze frames in order to hide malicious activity, such as a physical break-in.
Wardle and Moore say DropCam runs older software components, including the Heartbleed-vulnerable version of OpenSSL, and an outdated and unpatched version of BusyBox, an open source Unix toolkit typically found in embedded devices and Android devices.
Follow this link for addtional details:
http://www.darkreading.com/dropcam-vulnerable-to-hijacking/d/d-id/1297275
No comments:
Post a Comment