Hackers Exploit SmartCam Vulnerability Which Samsung Left Unpatched

By Lynn Palec / 1484853027
(Photo : YouTube) Shortly after Samsung launch the SmartCam, hackers and security researchers have found out several vulnerabilities that could put users’ data in danger.

The current proliferation of Internet of Things devices have made them a prime target for hackers. Meanwhile, IoT device makers do not appear to be very concerned about securing their products. The latest victim is Samsung's SmartCam.

Shortly after Samsung launched the SmartCam, hackers and security researchers have found out several vulnerabilities that could put users' data in danger. Samsung was quick to acknowledge the issue and immediately released a fix.

However, recent assessments revealed that instead of fixing the vulnerabilities, Samsung only provided a sort of workaround that might have rendered the device more vulnerable to hackers. Samsung did this by removing the SmartCam's entire Web admin interface which allows users to configure the smart camera, according to Hot Hardware. Samsung now redirects users to a cloud-based service to use the same operations.

In a post shared on the Exploitee website, it revealed that a script which was formerly used for firmware updates was not removed even after Samsung halted the Web interface service. This very script has a command injection bug which can allow malicious hackers to escalate remote user permissions to admin or even root privileges.

An Exploitee researcher said, "The iWatch Install.php vulnerability can be exploited by crafting a special filename which is then stored within a tar command passed to a php system()call."

In a hacking video shared on YouTube, the user was able to successfully carry out the exploit from start to finish. Using a special command, the hacker was able to trick the SmartCam into triggering the bug and making the device accessible through a telnet login. Using the same exploit, hackers can also re-enable the Web admin interface that Samsung originally disabled.

Samsung is yet to comment on the recently revealed vulnerability of SmartCam.