As reported by CNET, cybersecurity researchers from Kaspersky Labs have uncovered critical security flaws with a smart camera. The camera, produced by Hanwha Techwin America, had 13 vulnerabilities, as noted by Vladimir Dashchenko, head of vulnerability research at Kaspersky Labs.
During testing of Hanwha’s PNW SmartCam, the research team discovered that the flaws did not simply allow an hacker to access the camera’s video and audio feeds but also control or disable the camera and use it as an entry point to the network system. Most unnerving, however, was the ability to access the audio and video feeds from other Hanwha cameras connected to their vulnerable cloud service.
Hanwha has addressed the flaws and removed the undocumented functionality that undergirded the security issues.
Security and the Internet of Things
This incident points to persistent issues with the ever-expanding Internet of Things (IoT). For example, though this camera was primarily marketed for home security or monitoring, it’s price point and functionality made it an appealing option for small businesses. And even if businesses opted for a different Hanwha system, the nature of the security flaws and the reliance on vulnerable cloud service potentially put other users of their cloud-connected cameras at risk, regardless of their own network security.
What are some ways to protect your network, data, and hardware from these kinds of intrusions?
Most of the discussion around security and the IoT is directed at device manufacturers and software developers rather than the consumer. Many of these issues, as noted by the Department of Homeland Security, could have been prevented by providing stronger initial protections, such as unique personal identification numbers (PINs) and quick response (QR) codes for devices They also suggest that more transparency between hardware and software developers during design and manufacturing phases could resolve security issues.
Perhaps the best advice aimed at IoT consumers, however, is tried and true: When setting up your fancy new IoT gadget, do not rely on the default security provided by the company. As the Hanwha camera incident shows, even a strong firewall may not be enough to protect your network, hardware, and data. Instead, immediately change the username and password to something both strong and unique. Placing IoT devices on a separate network, with their own firewall (if possible), could help minimize risk to your infrastructure.
Additionally, do your research before purchasing. What was the manufacturer’s track record with device security? If a company had previous security issues with its devices, how did it respond? Discuss any concerns you have with your IT professionals.
If you’re still unsure, holding off on incorporating newer IoT devices for your business until security flaws (or lack of) are known and fixed may be your best bet.