Critical security vulnerability in Samsung SmartCam range can give hackers full control

Security researchers have uncovered a critical and easy-to-exploit vulnerability in Samsung's SmartCam range of cloud-based cameras that can be used by hackers and cybercriminals to gain complete control of the devices.

Detailed in a blog post and a lengthy technical analysis, a team of ethical hackers known as The Exploitee.rs, formerly called GTV Hacker, explained the flaw exists in a set of scripts that allow for firmware updates to be sent to the devices over the internet.

In previous research, the same team found exploits that allowed for "remote command executions" and the ability to change administrators' password details.

In the wake of this, Samsung released patches and made significant changes, forcing users to use a dedicated "SmartCloud" website to interact with the camera.

Yet according to the researchers, problems remain. In short, the set of coding scripts left behind which allow for security updates to be provided through Samsung's "iWatch" webcam monitoring service also contain a bug that can be exploited to give "root" access to anyone.

The researchers said they tested the bug on the Snh-1011 model of SmartCam but believe the vulnerability affects the "entire series of devices."

"The iWatch Install.php vulnerability can be exploited by crafting a special filename which is then stored within a tar command passed to a php system call," the blog post explained.

"Because the web-server runs as root, the filename is user supplied, and the input is used without sanitisation, we are able to inject our own commands within to achieve root remote command execution."

Craig Young, a security researcher at Tripwire and one of the founding members of the GTV Hacker group, said: "While this flaw by default would not directly allow attacks from the internet suitable for something like Mirai, it would be pretty trivial to use [...] to infect devices on home networks."

He added: "It is always disappointing when a vendor eliminates features rather than fixing vulnerabilities as was the case in this camera."

As Young noted, fears over cloud-connected devices spiked last year after the emergence of the Mirai botnet, a series of infected internet-of-things (IoT) devices that were channelling malicious traffic towards servers to take them offline.

Yet security cameras pose an altogether different risk. In many cases, they protect homes or children. If hackers are provided with "root" access, they are effectively given the keys to your kingdom.

"This vulnerability highlights the difficulty in securing IoT or smart devices, even for large manufacturers," said Javvad Malik, an expert at cybersecurity firm AlienVault.

He continued: "It shows that finding issues in devices is one thing, but fixing them is another. It's typically not so easy to push out updates or fixes to smart devices, and when they do get sent it doesn't always achieve the desired result."

Luckily, The Exploitee.rs have provided some instructions users can follow to manually patch the bug. You can read the full technical details here.