Security Alerts & News
by Tymoteusz A. Góral

#1890 It’s shockingly easy to hijack a Samsung SmartCam camera
Smart cameras marketed under the Samsung brand name are vulnerable to attacks that allow hackers to gain full control, a status that allows the viewing of what are supposed to be private video feeds, researchers said.

The remote code-execution vulnerability has been confirmed in the Samsung SmartCam SNH-1011, but the researchers said they suspect other models in the same product line are also susceptible. The flaw allows attackers to inject commands into a Web interface built into the devices. The bug resides in PHP code responsible for updating a video monitoring system known as iWatch. It stems from the failure to properly filter malicious input included in the name of uploaded files. As a result, attackers who know the IP address of a vulnerable camera can exploit the vulnerability to inject commands that are executed with unfettered root privileges.
Read more
#1894 Facebook’s ImageTragick story
#1893 Router vulnerabilities disclosed in July remain unpatched
#1892 Secret tokens found hard-coded in hundreds of Android apps
#1891 Vulnerabilities leave iTunes, App Store open to script injection
#1890 It’s shockingly easy to hijack a Samsung SmartCam camera
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12