Researchers have found that a popular wireless smart security camera is vulnerable to cyberattacks. Flaws in the Swann Security app allowed hackers to “hijack” video footage and audio streamed from other people’s properties.
The Australia-based company, along with its cloud technology provider, OzVision, said the issue has now been resolved, however concerns still remain.
The discovery comes after an incident in June which caused a number of customers to make similar complaints about privacy. Five European security analysts – Ken Munro, Andrew Tierney, Vangelis Stykas, Alan Woodward and Scott Helme – launched an investigation after the last revelation and have now contacted the company with fresh recommendations.
According to Swann, the vulnerability that was identified by researchers was limited to one particular model, the SWWHD-Intcam; more commonly known as the Swann Smart Security Camera.
The Swann smart security camera first went on sale in late 2017, and has been available at a number of retailers in the UK, such as Maplin, Debenhams and Curry’s. Amazon and US giant, Walmart, have also widely circulated the device.
The vulnerability highlighted the fact that software tools used within the cybersecurity industry could be used to intercept messages sent from OzVision’s servers to the Safe by Swann app. The app is available on smartphones and is used to view motion-triggered recordings.
The intercepted messages, researchers said, included references to unique serial numbers delegated to each camera in the factory.
Researchers were able to alter the product serial number which allowed them to access video feeds from other devices. Most concerningly, they highlighted that at no point in this process were they required to provide login credentials.
According to the BBC, a West Midlands-based IT worker had footage from his kitchen shown to another Swann camera owner. This has since left the man unhappy and concerned over his privacy.
Swann insisted the issue had been solved, however, despite its attempts to dispel consumer fears this fresh discovery has raised new concerns that similar products supported by OzVision’s cloud network could be vulnerable.
Researchers said that upon reporting their findings to Swann, the company confirmed the problem and said it would act upon recommendations.
A spokesperson for the company said: “Swann was able to detect the subsystem Ken Munro and his team were attempting to hack and promptly addressed the vulnerability.
“This vulnerability did not apply to any other Swann products. We have not detected any other such attempts.”
Smart Device Vulnerabilities
Cybersecurity vulnerabilities in IoT devices have been raised recently. According to a report published by Allot Communications in June, Internet of Things (IoT) and mobile devices continue to be primary attack vectors and are contributing to a significant rise in cryptojacking, adware and DDoS attacks.
The most concerning aspect of the report findings, however, is that consumers appear to lack the necessary cyber security expertise to adequately protect themselves from threats.