There is a debate going on about the security of smart home appliances, connected objects, the Internet of Things, and so on. Basically there doesn’t seem to be some kind of standardized security that all manufacturers adhere to, which means that while one smart home camera could be secure, another make and model might not.
That being said, it seems that Samsung really needs to beef up their security because the company’s SmartCam has been hacked not just once, but twice. The first time was back in August where hacking blog Exploiteers revealed the exploits that could allow hackers to break into the SmartCam. Instead of plugging the leak, Samsung decided to go an alternate route that forced users to run the SmartCam through Samsung’s SmartCloud website.
Turns out it was just a temporary measure because the folks at Exploiteers have managed to break into it again. According to a post on their website, “The Samsung Smartcam suffers from a vulnerability which allows for remote command execution as the root user. The vulnerability occurs because of improper sanitization of the iWatch firmware update filename. A specially crafted request allows an attacker the ability to inject his own command providing the attacker remote root command execution.”
The good news is that the Exploiteers have posted how to fix the vulnerability and so whether or not Samsung will patch it up properly this time remains to be seen.
Filed in . Read more about Connected Objects, Hack, IoT (Internet of Things), Samsung and Security.