The popular Samsung SmartCam IP cameras have been affected by a security flaw that could make the devices prone to hijacking and be exploited by remote attackers.
Smartcam HD Pro will not connect via wifi. I ended up using the Samsung Techwin SmartCam app to connect it to my wifi, and then SmartThings.
The flaw was discovered by a hacking group called the Exploitee.rs. The group discovered a local server vulnerability that could be used to gain root access to the device.
The hack can be done by injecting a command file into a web script while using the device's 'iWatch' webcam monitoring service to execute commands remotely as the root user.
Samsung SmartCam's History
The Samsung SmartCam is a cloud-enabled IP camera that allows people to view live or recorded video from any location. The device is used in real-time monitoring of babies, pets, or old people, and is also used to improve home and business security. The product was originally developed by Samsung Techwin but was later sold to the South Korean conglomerate Hanwha Group.
This is not the first time that security flaws were discovered in the Samsung camera device. Earlier, the company was forced to disable the local administration panel to address the flaws that were reported in the web interface of various SmartCam models in the past few years.
Issues Detected On The Samsung IP Camera
Aside from the security breach that the Exploitee.rs exposed in a blog post, the Pen Test Partners also conducted a test on the Samsung SNH-6410BN device to explore its vulnerabilities even further. Here's what they found:
1. The device does not make use of transport encryption, so one has to secure protocols whenever possible.
2. The device allows only one web service user account, so a breach could lead to full control of the device's functionality.
3. An attacker can connect and take over the device if the owner is unaware of the existence of the device's web interface.
4. An attacker can remotely reset the password and take over the device.
5. The device firmware is not secure, making it prone to reverse engineering.
6. The device has only a single system user, which allows easy root access.
7. A weak password can be easily compromised with the device's use of a password hashing algorithm.
8. The debug functionality cannot be used because it is still in a release build.
9. Command injection as root is possible because user input is seen as trusted and taken through to a system call.
For additional information on the security issues that may be affecting your Samsung camera, we highly recommend that you visit the Pen Test Partners' report to learn more.
Samsung, IP Cameras, Samsung SmartCam, Hacking, Hijacking
ⓒ 2018 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Today's Best Tech Deals
Picked by TechHive's Editors
![Smartcam Smartcam](https://images-na.ssl-images-amazon.com/images/I/418BHSaK7LL._SX425_.jpg)
Top Deals On Great Products
Picked by Techconnect's Editors
Samsung SmartCam HD Pro SNH-P6410BN
There aren’t many pies that Samsung doesn’t have its fingers in these days. From smartphones to vacuums, Samsung has a version of pretty much anything you want to buy, but with such an enormous breadth of products, it’s hard to sweat the details. I’ve used many a Samsung product that falls victim to a lack of focus, and the SmartCam HD Pro is a perfect example.
While it’s a very capable security camera that promises to keep a close eye on whatever needs watching, the SmartCam HD Pro (model SHN-P6410BN) suffers from an overall lack of imagination and attention. Throughout the course of my testing, the SmartCam presented enough problems that I was never quite sure if it would work, a frustration that overshadowed everything I liked about it.
Looks familiar
Samsung has a history of mimicking market leaders to get its products on shelves as quickly as possible, and in this instance, Dropcam was clearly the inspiration. Unlike its competitor’s matte-black metal enclosure, however, the SmartCam’s body is made of glossy white plastic. It doesn’t necessarily feel cheap, but it’s a far cry from a premium product, and I got the impression that it wouldn’t hold up to much abuse. Setup using the included Ethernet cable was mostly painless (a WPS-supported router won’t need one), though I needed to download a proprietary plug-in before I could begin the process.
A tiny light lets you know that the camera is connected and running, and once it turns green, the SmartCam can operate solely over Wi-Fi. It rests nicely on its small stand, which doubles as a wall mount, but the power cable sticking rather inelegantly out of the back limits its placement somewhat.
You can see what your camera is monitoring via the Android and iOS apps or over the web, and each is able to display streaming video in full 1080p. The video was certainly sharp and vibrant, but the overall clarity didn’t quite seem up to HD standards, and quite frankly, I didn’t see a major difference in quality when switching to 720p. The camera position can be slightly adjusted when using the stand, but 128-degree viewing angle does a fantastic job of of showing a very wide area, with only minor fish-eying at the edges.
Video woes
While both the website and the mobile apps beam video with surprisingly little lag, each offers its own set of frustrations. On the web you’ll find a more expansive array of professional options, including “advanced” motion and sound sensitivity sliders that control how often you receive the appropriate notifications. There’s not much of a middle ground, though—either I was bombarded with dozens of alerts every few minutes or I barely received any at all. My experiences with other security cameras and baby monitors utilized smarter notification systems right out of the box, and I’d like to see Samsung address this in the future.
The mobile apps might not be much to look at, but they do a nice job of protecting your camera from prying eyes by utilizing a pair of passwords. However, connection was a constant issue; I spent a lot of time in the low-resolution relay mode (sometimes even when sitting just a few feet away from the camera), and while hard-wiring it to my router as suggested helped some, it still inexplicably struggled to get a strong connection at times. And there were more than a few times when I couldn’t connect at all, including one stretch that lasted several hours. A mid-review firmware update went off without a hitch, however, and the camera seemed a bit more reliable after a restart.
My viewing issues weren’t limited to the mobile apps, either. Halfway through my testing I stopped being able to log in to the SmartCam web portal on my MacBook, and every browser I tried continuously prompted me to redownload the plug-in that was already installed. Samsung’s support was little help, but it may have been a Mavericks-related issue, since I had no problems on an iMac running Mountain Lion.
Mobile-only features like built-in lullabies and two-way talk, although the speaker was rather muddled. Samsung does not include any cloud storage options for the SmartCam, but if you want to save a clip locally, it does offer a handy SD card slot. It’s a decent solution that requires a bit more maintenance than Dropcam’s version, but it’ll save you a bundle in recurring fees.
Bottom line
Samsung’s SmartCam HD Pro is another in the company’s long line of me-too products, but this one doesn’t improve on much of anything.
Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
Samsung SmartCam HD Pro SNH-P6410BN
The camera itself takes good enough images, but the apps are disappointing.Pros
- SD slot for storing footage, which means no cloud storage fees
- Excellent viewing angle