Krebs on Security reports on a security problem that exposes the private streams of IP surveillance cameras and baby video monitors:
A bug in the software that powers a broad array of Webcams, IP surveillance cameras and baby monitors made by Chinese camera giant Foscam allows anyone with access to the device’s Internet address to view live and recorded video footage, KrebsOnSecurity has learned.
The issue came to light on the company’s support forum after camera experts discovered that the Web interface for many Foscam cameras can be accessed simply by pressing “OK” in the dialog box when prompted for a username and password. Reached via email, the company’s tech support division confirmed that the bug exists in MJPEG cameras running .54 version of the company’s firmware.
Foscam said it expects to ship an updated version of the firmware (Ver. 55) that fixes the bug by Jan. 25. […]
Don Kennedy, a camera enthusiast and active member of the Foscam support forum who helped to diagnose and report the firmware problem, also posted a workaround for the bug until Foscam issues an official fix. Kennedy said the vulnerability comes on the heels of another Foscam flaw that drew widespread media attention in August 2013, in which some creep reportedly used a similar vulnerability to shout obscenities at a sleeping toddler.