Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Samsung SmartCam Flaw Allows Remote Command Execution

Samsung SmartCam IP cameras are affected by a severe remote command execution flaw that can be exploited to hijack vulnerable devices, researchers have warned.

Samsung Electronics sold its security division, Samsung Techwin, to South Korean conglomerate Hanwha Group in 2014. However, Hanwha’s SmartCam products are still branded as “Samsung.”

Samsung SmartCam IP cameras are affected by a severe remote command execution flaw that can be exploited to hijack vulnerable devices, researchers have warned.

Samsung Electronics sold its security division, Samsung Techwin, to South Korean conglomerate Hanwha Group in 2014. However, Hanwha’s SmartCam products are still branded as “Samsung.”

Back in 2014, researchers at Exploitee.rs disclosed some SmartCam exploits that could have been used to execute arbitrary commands and change a device’s administrator password. A few months ago, Pen Test Partners also reported discovering nearly a dozen security issues in these products.

The vendor addressed most of the flaws by disabling SSH and local access to the web interface – users can now view and manage their videos via the SmartCloud online service. However, Exploitee.rs have once again analyzed the cameras and discovered a way to enable the telnet service and the local web interface.

This is possible due to a command injection vulnerability in a set of scripts that were not removed by the vendor. These scripts, associated with the iWatch webcam monitoring service, provide firmware update functionality.

“The iWatch Install.php vulnerability can be exploited by crafting a special filename which is then stored within a tar command passed to a php system() call,” researchers explained. “Because the web-server runs as root, the filename is user supplied, and the input is used without sanitization, we are able to inject our own commands within to achieve root remote command execution.”

Exploitee.rs has published proof-of-concept (PoC) code for the vulnerability, and it has shared a workaround that involves executing a command after exploiting the flaw itself. An official fix does not appear to be available and researchers have warned that enabling the web interface reintroduces some of the older weaknesses.

The exploit has been confirmed to work on the SNH-1011 model, but experts believe all Samsung SmartCam devices are affected.

Advertisement. Scroll to continue reading.

Vulnerable IP cameras are a tempting target for Internet of Things (IoT) botnets. Critical flaws that are easy to exploit have been found in many products and, in some cases, the devices don’t include any firmware update capabilities, which makes them impossible to patch.

Related: Surveillance Cameras From 70 Vendors Vulnerable to Remote Hacking

Related: Backdoor Found in Many Sony Security Cameras

Related: Serious Flaw Found in Popular D-Link Wi-Fi Camera

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.