Vote 2020 graphic
Everything you need to know about and expect during
the most important election of our lifetimes

Tons and Tons of Security Cameras Are Wide Open to Hackers

Illustration for article titled Tons and Tons of Security Cameras Are Wide Open to Hackers

Apparently security cameras are even less secure than we thought. Eighteen popular brands of cameras have been found to have serious flaws in their own security, leaving at least 58,000 unsecured, open-to-basically-anyone security cams out there.


Security firm Rapid7 discovered how the widespread flaw is after reading a blog post by someLuser, detailing the failings of one company, Swann. In short, the flaw allows anyone connected to a specific port full access to the DVR functions of the cameras. Rapid7 applied the same code used on Swann to other major camera companies, and turned up this list of vulnerable manufacturers:

Swann, Lorex, URMET, KGuard, Defender, DSP Cop, SVAT, Zmodo, BCS, Bolide, EyeForce, Atlantis, Protectron, Greatek, Soyo, Hi-View, Cosmos, and J2000


The flaws have only been tested through a scan of their code, not actual spying, but Rapid7 is confident it would work on all listed companies' cameras. Anyone with a system made by one of those companies would have to wait for a firmware update to come out addressing the flaw.

We've known about unsecured net-connected gear—security cameras in particular—for a while. Last summer it came out that three of the most popular brands were vulnerable to a similar attack, and there's even a map to look in on a bunch of unsecured feeds. Not to mention the almost 90,000 unsecured printers around the world, which could just start spitting out just about anything at any given moment. So this is concerning—deeply so—but only one more step down a path we were already walking. [Forbes]

Image by Tischenko Irina/Shutterstock


Share This Story

Get our newsletter



You don't need to be a hacker to this, nor is this hacking.

It's called a Google DORK.

You can find insecure cameras easily.

Here's a list of them:

Here's a printer control panel. No hacking needed to find it:

Someone's backyard:

See how simple that is? I could EASILY remotely brick that printer.

I could write a script that will scrape Google for these insecure printers and auto brick them if I felt like it.

It's called a FIREWALL people. Disable inbound traffic...