Samsung Smartcam has a critical remote execution vulnerability, update coming

Critical remote execution vulnerability, firmware update coming to Samsung smartcam

samsung smartcam has remote execution vulnerability snh 1011n 2 100704208 large
Securing a PC is hard enough, with an entire industry of security software vendors working to make your PC safe and companies like Microsoft making security a primary focus. There are many other pieces of the technology puzzle today where security seems to be taking a back seat, and they are all connected to the same risky internet.

One of the most vulnerable members of the Internet of Things (IoT) seems to be the humble webcam, which by its very nature can open you up to privacy concerns and that can be used to host botnets for distributed denial-of-service (DDoS) attacks. Recently, one model in Samsung’s Smartcam line of webcams has been identified as having a serious vulnerability, PCWorld reports.

Samsung’s Smartcam is quite popular, offering a relatively simple device with easy setup and configuration using smartphone apps and the company’s My Smartcam cloud service. The move away from using an onboard web service for configuration was a decision made by the webcam’s original developer, Samsung Techwin, based on vulnerabilities identified in the web-based management interface.

In response, the Smartcam SNH-1011’s local web-based management portal was disabled, leaving only the apps and online service. While that was a logical response, there was only one problem with its implementation — while the administrative access was disabled, the web server was left running and actively utilized for a variety of functionality. For example, PHP scripts used in the iWatch video monitoring system were left alone.

It’s this PHP code that created the recently identified vulnerability discovered by “hacking collective” the Exploiteers. According to researchers from that organization, “The iWatch Install.php vulnerability can be exploited by crafting a special filename which is then stored within a tar command passed to a PHP system() call. Because the web-server runs as root, the filename is user supplied, and the input is used without sanitization, we are able to inject our own commands within to achieve root remote command execution.”

Samsung has reached out with a statement clarifying the situation: “It was recently discovered that the Samsung Smartcam SNH-1011 security cameras contain a code execution vulnerability that could allow hackers to gain root access and take full control of them. Upon further inspection, the web server running on this device hosted a PHP script related to a third-party service. This vulnerability only affects the SNH-1011 model and will be removed in an upcoming firmware update. As a result, we are taking every precaution to prevent additional issues with products in the SmartCam line. As a reminder, it is best practice for consumers to ensure their home networks are protected with passwords that are complex and regularly updated.”

That limits the situation a bit to only a single Smartcam model. If you’re using the SNH-1011, then you might want to turn it off until Samsung issues the promised firmware update.

This story was originally published in January 2017. Updated on 01-18-2017 by Mark Coppock: Added official Samsung statement.

Computing

These are the worst passwords of 2018. Is yours on this list?

Do you use a bad password that makes your online accounts easy to break into? SplashData has compiled a list of the top 100 worst passwords for 2018 and there are quite a few listings that were carryovers from prior lists.
Computing

Windows Update not working after October 2018 patch? Here’s how to fix it

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you step by step.
Mobile

Want to watch Netflix in bed or browse the web? We have a tablet for everyone

There’s so much choice when shopping for a new tablet that it can be hard to pick the right one. From iPads to Android, these are our picks for the best tablets you can buy right now whatever your budget.
Computing

5 reasons your Macbook keeps restarting and how to fix the issue

It can be frustrating when your Apple MacBook keeps restarting, but this serious problem can be fixed! We'll go over the common causes for this issue, what you can do to fix them, and why it's okay to take your Mac to a pro!
Computing

Edit, sign, append, and save with six of the best PDF editors

There are plenty of PDF editors to be had online, and though the selection is robust, finding a solid solution with the tools you need can be tough. Here, we've rounded up best PDF editors, so you can edit no matter your budget or OS.
Computing

Go hands-free in Windows 10 with speech-to-text support

Looking for the dictation, speech-to-text, and voice control options in Windows 10? Here's how to set up Speech Recognition in Windows 10 and use it to go hands-free in a variety of different tasks and applications within Windows.
Computing

Microsoft could split up search and Cortana in the next Windows 10 release

In the latest Insider preview build, Microsoft is exploring ways to split up Cortana and search on Windows 10. If Microsoft moves ahead with this change, we could see separate search and Cortana options in the Spring 2019 Update.
Computing

Mining cryptocurrency for Razer Silver isn’t worth your computing power

Gaming peripheral maker Razer launched a cryptocurrency mining scheme called SoftMiner. You use its software to mine and in return, you get Razer Silver which you can use to buy Razer gear.
Computing

Microsoft’s latest patent paves the way for Andromeda dual-screen mobile device

The latest patent discovery from Microsoft showcases a new hinge design for quickly opening a dual-screen mobile device with a single hand. Could this be additional proof surrounding the rumors of the company's Project Andromeda device?
Computing

Heal your wrist aches and pains with one of these top ergonomic mice

If you have a growing ache in your wrist, it might be worth considering changing up your mouse for something ergonomic. But which is the best ergonomic mouse for you? One of these could be the ticket to the right purchase for you.
Computing

Nvidia’s Jetson AGX Xavier module is designed to give robots better brains

Nvidia's pricey Jetson AGX Xavier might help drive the next generation of smart robots. Nvidia hopes that developers will use its new Xavier module to power AI-driven machines like delivery drones and robots used in manufacturing.
Computing

These Windows 10 keyboard shortcuts will update your OG Windows skills

Windows 10 has many new features, and they come flanked with useful new keyboard shortcuts. Check out some of the new Windows 10 keyboard shortcuts to improve your user experience and save more time!
Computing

Leaked AMD Ryzen 3000 mobile benchmarks look fit for thin, low-power laptops

AMD is poised to give Intel a run for its money in the ultra-low-power processor space for laptops. Leaked benchmarks for the Ryzen 3000 APU series show the AMD processor besting Intel's Core i7 Y series in multicore performance.
Mobile

Apple is spending $1 billion to hire up to 15,000 new employees in Austin

Apple has announced a series of expansions across the U.S. -- including a massive expansion to the company's Austin campus that will see it spending $1 billion to accommodate for up to 15,000 new employees.