Connect with us

Hi, what are you looking for?



Remotely Exploitable Flaws Found in SmartCam Cameras

Hanwha’s SmartCam cameras are affected by more than a dozen vulnerabilities, including critical flaws that can be exploited remotely to take control of devices.

Hanwha’s SmartCam cameras are affected by more than a dozen vulnerabilities, including critical flaws that can be exploited remotely to take control of devices.

The impacted cameras are widely used for surveillance and monitoring. They can record at high resolutions, they have night vision capabilities and motion sensors, and they allow their users to talk to the person being monitored via a built-in speaker. The product can be controlled remotely from any type of device and all the recorded video is stored in the cloud.

Samsung Electronics sold its Samsung Techwin security division to South Korean conglomerate Hanwha Group in 2014. However, Hanwha’s SmartCam products are still branded “Samsung.”

Researchers have analyzed these devices and discovered a significant number of flaws. The issues were disclosed last week by Vladimir Dashchenko, senior security researcher at Kaspersky Lab, at the company’s Security Analyst Summit (SAS) in Cancun. The security firm also published a blog post on Monday describing the findings.Vulnerabilities found in Hanwha SmartCam cameras

The vulnerabilities can be exploited for intercepting traffic due to the use of HTTP for firmware updates and interaction with the camera, manipulating the web-based user interface, remote code execution with root privileges, denial-of-service (DoS) attacks, brute-force attacks on the admin account, and bypassing authentication.

Experts have identified roughly 2,000 IP addresses associated with cameras exposed to the Internet, but they believe the actual number of vulnerable devices is much higher considering that the flaws can be exploited even against devices that are not directly accessible from the Web due to weaknesses in the SmartCam cloud infrastructure.

One of the flaws found by Kaspersky can be exploited to register cameras that have yet to be registered. This not only prevents legitimate owners from registering and using their cameras, but also allows hackers to take control of the cameras they have registered.

Due to vulnerabilities in the cloud infrastructure, an attacker could have spoofed the update server in an effort to push malicious firmware to a device. Modified firmware can provide privileged access to the targeted camera, serving as an entry point to the rest of the network housing the device, experts say.

Advertisement. Scroll to continue reading.

Researchers also discovered that a hacker can easily clone a camera in an effort to spoof its video feed.

“The attacker then resets the password using a vulnerability in the password generation algorithm and modifies the firmware of the cloned camera (which is an identical camera located on the attacker’s side). The victim’s camera is then remotely disabled. As a result, the victim will receive a video signal from the attacker’s cloned camera,” Kaspersky researchers explained.

The setup process for the cameras also involves providing credentials for social media and other online services for sending notifications to the user, which can be abused by cybercriminals for phishing and spam campaigns.

Dashchenko told SecurityWeek that remote attacks against these cameras are a multi-stage process that starts with identifying the targeted device’s serial number and MAC address. The serial number can be obtained by either guessing or brute-forcing it.

Large-scale attacks are also possible with the use of scripts and automation mechanisms, Dashchenko said.

Kaspersky’s ICS-CERT team has conducted its research on Hanwha SNH-V6410PN/PNW SmartCam devices, but the same firmware is used for multiple camera models — different features in the firmware are active depending on the model — which means many of the company’s products are likely affected by these vulnerabilities.

The vendor patched many of the vulnerabilities shortly after being notified and Kaspersky has only disclosed the details of the flaws that have been fixed.

Related: Samsung SmartCam Flaw Allows Remote Command Execution

Related: Flaws Expose FLIR Thermal Cameras to Remote Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.