Categories: NetworksSecurity

Siemens Patches CCTV Camera Hijacking Bug

Siemens said IP-based CCTV cameras bearing its brand are vulnerable to attacks that could allow them to be taken over by anyone with access to the devices over the Internet.

The company said a list of camera products contain a bug that could allow remote attackers to gain administrative credentials by sending specially crafted requests to the device’s built-in web server.

Patch available

It said Vanderbilt Industries, which acquired the Siemens IP Cameras business last year, has made a patch available and urged users to apply it.

“Until patches can be applied, restricting access to the integrated web server with appropriate mechanisms is recommended,” Siemens said in an advisory.

The company said in general it recommends the cameras be operated within trusted networks that are protected by perimeter security measures.

It also recommends enabling authentication on the device’s web server, which isn’t switched on by default.

The lack of security of Internet-connected devices, sometimes collectively called the “Internet of Things”, has received more attention recently following a disruptive attack that made use, in part, of hacked gadgets to cut off access to a number of high-profile websites.

The October denial-of-service attack on DNS provider Dyn was carried out in part using traffic generated by a Mirai botnet, which drew on hacked IP cameras, set-top boxes and the like.

It resulted in limited access to sites such as Twitter, Amazon, Reddit and Netflix.

US and EU regulators have suggested taking action to improve IoT security, but several billion insecure devices are already in use around the world.

Many of them use default administrative credentials that are publicly known, meaning they can be taken over without the need to exploit a software bug.

Do you know all about security in 2016? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

4 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

6 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

7 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

8 hours ago