Roughly about 175,000 Internet of Things (IoT) connected security cameras manufactured by Shenzhen Neo Electronics are vulnerable to cyber attacks.
According to Bitdefender researchers, several buffer overflow vulnerabilities were discovered in two camera models (iDoorbell and the NIP-22) manufactured by the surveillance and security solutions company.
"Several buffer overflow vulnerabilities (some before authentication) are present in the two cameras studied, the iDoorbell mode and NIP-22 mode, but we suspect that all cameras sold by the company use the same software and are thus vulnerable," the post read. "These vulnerabilities could allow, under certain conditions, remote code execution on the device. This type of vulnerabilities is also present on the gateway which controls the sensors and alarms."
Researchers at Bitdefender believes that other models made by the company running the same firmware are vulnerable to the hack too. Bitdefender explains that the security cameras uses Universal Plug and Play (UPnP) which opens port automatically in the routers's firewall to allow the access from the internet. The researchers found between 100,000 and 140,000 vulnerable when querying for the HTTP web server and RTSP server.
Also Read: UK hacker exploits online bank loophole to steal £100,000
"We found between 100,00 and 140,000 devices when searching for the HTTP web server, and a similar number when searching for the RSTP server (both vunlerable). These are not necessary the same devices, as some have only one service forwarded. We estimate that the real number of unique devices is around 175,000," the report read.
The researchers said anyone could easily exploit the flaws and access the livestream by logging in the default credentials such as "user or "guest" for both password and username.