Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Samsung SmartCam Flaw Allows Remote Command Execution

Samsung SmartCam IP cameras are affected by a severe remote command execution flaw that can be exploited to hijack vulnerable devices, researchers have warned.

Samsung Electronics sold its security division, Samsung Techwin, to South Korean conglomerate Hanwha Group in 2014. However, Hanwha’s SmartCam products are still branded as “Samsung.”

Samsung SmartCam IP cameras are affected by a severe remote command execution flaw that can be exploited to hijack vulnerable devices, researchers have warned.

Samsung Electronics sold its security division, Samsung Techwin, to South Korean conglomerate Hanwha Group in 2014. However, Hanwha’s SmartCam products are still branded as “Samsung.”

Back in 2014, researchers at Exploitee.rs disclosed some SmartCam exploits that could have been used to execute arbitrary commands and change a device’s administrator password. A few months ago, Pen Test Partners also reported discovering nearly a dozen security issues in these products.

The vendor addressed most of the flaws by disabling SSH and local access to the web interface – users can now view and manage their videos via the SmartCloud online service. However, Exploitee.rs have once again analyzed the cameras and discovered a way to enable the telnet service and the local web interface.

This is possible due to a command injection vulnerability in a set of scripts that were not removed by the vendor. These scripts, associated with the iWatch webcam monitoring service, provide firmware update functionality.

“The iWatch Install.php vulnerability can be exploited by crafting a special filename which is then stored within a tar command passed to a php system() call,” researchers explained. “Because the web-server runs as root, the filename is user supplied, and the input is used without sanitization, we are able to inject our own commands within to achieve root remote command execution.”

Advertisement. Scroll to continue reading.

Exploitee.rs has published proof-of-concept (PoC) code for the vulnerability, and it has shared a workaround that involves executing a command after exploiting the flaw itself. An official fix does not appear to be available and researchers have warned that enabling the web interface reintroduces some of the older weaknesses.

The exploit has been confirmed to work on the SNH-1011 model, but experts believe all Samsung SmartCam devices are affected.

Vulnerable IP cameras are a tempting target for Internet of Things (IoT) botnets. Critical flaws that are easy to exploit have been found in many products and, in some cases, the devices don’t include any firmware update capabilities, which makes them impossible to patch.

Related: Surveillance Cameras From 70 Vendors Vulnerable to Remote Hacking

Related: Backdoor Found in Many Sony Security Cameras

Related: Serious Flaw Found in Popular D-Link Wi-Fi Camera

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.