The owners of the vulnerable indoor cameras are advised to unplug the devices immediately
Around 3.5 million security cameras installed in homes and offices mainly in Asia and Europe have serious vulnerabilities that expose the gadgets’ owners to the risk that attackers will spy on them, steal their data or target other devices on the same networks, the United Kingdom’s consumer watchdog Which? has warned.
“Brands with potentially vulnerable cameras include Alptop, Besdersec, COOAU, CPVAN, Ctronics, Dericam, Jennov, LEFTEK, Luowice, QZT, and Tenvis,” says Which?, adding that any wireless camera using the CamHi app and sporting a certain type of Unique Identification Number (UID) could be susceptible to a hack. Some 700,000 of the cameras are in use in Europe, including 100,000 in the UK.
These gadgets use peer-to-peer (P2P) features, which allow users to connect to their devices instantly when they come online. The vulnerabilities, indexed as CVE-2019-11219 and CVE-2019-11220, involve iLnkP2P, a P2P solution developed by Shenzhen Yunni Technology Company. If exploited, the loopholes can allow attackers to bypass firewalls and steal passwords.
The consumer watchdog believes that as many as 47 wireless camera brands worldwide may potentially have these flaws. The full list of vulnerable gizmos is available on this site run by Paul Marrapese, an American security engineer who uncovered the issues.
If own such a camera and it is hijacked, cybercriminals could warning issued hackable security cameras
