Samsung Smartcam HD Plus Hacked Through iWatch

Advertisement
Advertisement

Samsung's Smartcam HD Plus has fallen to security researchers over at Exploitee.rs, who were able to gain root access to the camera by pushing a malicious file to the camera through the iWatch interface. The bug, in short, uses leftover scripts that Samsung did not remove following a previous bug, left in place to allow for easy firmware updates over the web. This interface can be duped into installing a malicious file to the camera fairly easily through a PHP system call. Once the exploit has been used, a user has full access to the camera, including root access, through any network connection that the camera is on.

The exploit itself, as noted above, is quite easy to commit; all a user has to do is push a .tar file containing a specially named .php file, named install.php, with any code they want to run. In this particular exploit, the code can gain root access for remote commands, and even re-enable the administration panel that Samsung ripped out of the camera in response to an earlier exploit that used it. In order to fix the bug and secure the camera, a user can actually use the exploit to modify a file that runs underneath remote code on the device. The fix is to simply add in code that checks for an administrator, which means that only the administrator that a user sets through the exploit can get into the system.

The implications of this exploit are quite far-reaching; a hacker that breaks into the camera through this exploit can not only watch the feed and send any remote command to the camera that they want, they can even use the fix described above to lock a user out of their own camera, in essence seizing it for their own in every way except physical. Samsung has yet to comment on this newest exploit. Exploitee.rs has made the exploit completely public, down to the last technical detail, which means that owners of these cameras should be careful about security, and if they are technically inclined, consider applying the fix, which can be found through the source link, as a temporary fix until Samsung pushes their own patch.

Advertisement

Share this page

Copyright ©2017 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Advertisement
Senior Staff Writer

Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, Voice assistants, AI technology development news in the Android world. Contact him at [email protected]

View Comments