Krebs on Security reports on a security problem that exposes the private streams of IP surveillance cameras and baby video monitors:
A bug in the software that powers a broad array of Webcams, IP surveillance cameras and baby monitors made by Chinese camera giantÂ FoscamÂ allows anyone with access to the deviceâ€™s Internet address to view live and recorded video footage, KrebsOnSecurity has learned.
The issueÂ came to lightÂ on the companyâ€™s support forum after camera experts discovered that the Web interface for many Foscam cameras can be accessed simply by pressing â€œOKâ€ in the dialog box when prompted for a username and password. Reached via email, the companyâ€™s tech support division confirmed that the bug exists inÂ MJPEGÂ cameras runningÂ .54 versionÂ of the companyâ€™s firmware.
Foscam said it expects to ship an updated version of the firmware (Ver. 55) that fixes the bug by Jan. 25. […]
Don Kennedy, a camera enthusiast and active member of the Foscam support forum who helped to diagnose and report the firmware problem, also postedÂ a workaround for the bugÂ until Foscam issues an official fix. Kennedy said the vulnerability comes on the heels of another Foscam flaw that drew widespread media attention in August 2013, in which some creep reportedlyÂ used a similar vulnerability to shout obscenities at a sleeping toddler.