Bitdefender has released comprehensive research that identified multiple vulnerabilities in several lines of EZVIZ cameras, a globally a global smart home security brand used in ANZ. It is estimated about 10 million devices are impacted based on known Android/iOS installs.
When daisy-chained, the vulnerabilities could allow an attacker to remotely control the camera, download images, decrypt them and bypass authentication to execute code.
What were the findings of the survey?
- A stack-based buffer overflow vulnerability has been identified which can lead to remote code execution in the motion detection routine.
- An insecure direct object reference vulnerability in multiple API endpoints allows an attacker to fetch images and issue commands on behalf of the real owner of the camera.
- Storing passwords in a recoverable format vulnerability (in [3}/api/device/query/encryptkey) allows an attacker to recover the encryption key for images.
- Improper initialisation vulnerability lets an attacker recover the administrator password and completely own the device.
What were the executive’s thoughts on the survey?
“Our analysis uncovered several vulnerabilities in the EZVIZ smart devices and their API endpoints that could allow an attacker to carry out malicious actions, including remote code execution and access to video feed,” said Dan Berte, Director, IoT Security at Bitdefender.
“One of the main features of these devices is the ability to be accessed from anywhere. To accomplish this, user-device communication is relayed through cloud servers. When the app needs to contact a device, the cloud servers relay the messages back and forth.”
Bitdefender recommends anyone with an EZVIZ camera apply the updates their software, and check the manufacturer’s website for any EZVIZ camera security-related news.