Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Samsung SmartCam Flaw Allows Remote Command Execution

Samsung SmartCam IP cameras are affected by a severe remote command execution flaw that can be exploited to hijack vulnerable devices, researchers have warned.

Samsung Electronics sold its security division, Samsung Techwin, to South Korean conglomerate Hanwha Group in 2014. However, Hanwha’s SmartCam products are still branded as “Samsung.”

Samsung SmartCam IP cameras are affected by a severe remote command execution flaw that can be exploited to hijack vulnerable devices, researchers have warned.

Samsung Electronics sold its security division, Samsung Techwin, to South Korean conglomerate Hanwha Group in 2014. However, Hanwha’s SmartCam products are still branded as “Samsung.”

Back in 2014, researchers at Exploitee.rs disclosed some SmartCam exploits that could have been used to execute arbitrary commands and change a device’s administrator password. A few months ago, Pen Test Partners also reported discovering nearly a dozen security issues in these products.

The vendor addressed most of the flaws by disabling SSH and local access to the web interface – users can now view and manage their videos via the SmartCloud online service. However, Exploitee.rs have once again analyzed the cameras and discovered a way to enable the telnet service and the local web interface.

This is possible due to a command injection vulnerability in a set of scripts that were not removed by the vendor. These scripts, associated with the iWatch webcam monitoring service, provide firmware update functionality.

“The iWatch Install.php vulnerability can be exploited by crafting a special filename which is then stored within a tar command passed to a php system() call,” researchers explained. “Because the web-server runs as root, the filename is user supplied, and the input is used without sanitization, we are able to inject our own commands within to achieve root remote command execution.”

Exploitee.rs has published proof-of-concept (PoC) code for the vulnerability, and it has shared a workaround that involves executing a command after exploiting the flaw itself. An official fix does not appear to be available and researchers have warned that enabling the web interface reintroduces some of the older weaknesses.

The exploit has been confirmed to work on the SNH-1011 model, but experts believe all Samsung SmartCam devices are affected.

Advertisement. Scroll to continue reading.

Vulnerable IP cameras are a tempting target for Internet of Things (IoT) botnets. Critical flaws that are easy to exploit have been found in many products and, in some cases, the devices don’t include any firmware update capabilities, which makes them impossible to patch.

Related: Surveillance Cameras From 70 Vendors Vulnerable to Remote Hacking

Related: Backdoor Found in Many Sony Security Cameras

Related: Serious Flaw Found in Popular D-Link Wi-Fi Camera

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.