From the latest SANS Newsbites:
Vulnerabilities in Axis Cameras
(June 18, 2018)
Security flaws in Axis Internet-connected video cameras could be exploited to gain remote control of vulnerable devices and use them to spy on users, take control of the camera, or make it part of a botnet. In all, seven flaws were identified. Axis has updated firmware for the affected devices.
Editor's Notes
[Ullrich]
The authentication bypass vulnerability will likely be exploited soon. Patch. Or better: Do not expose ANY cameras to the Internet.
[Murray]
While more cameras than baby monitors are attached directly to the Internet, few are able to resist malicious traffic from that network. Few are directly managed or maintained. Updated firmware late is not an effective or efficient remedy for poor early design and implementation.
Read more in:
- http://threatpost.com/axis-cameras-ridd ... ol/132888/: Axis Cameras Riddled With Vulnerabilities Enabling "Full Control"
- http://www.bleepingcomputer.com/news/se ... ra-models/: Vendor Patches Seven Vulnerabilities Across 392 Camera Models
- http://www.zdnet.com/article/vulnerabil ... searchers/: Vulnerabilities in these IoT cameras could give attackers full control, warn researchers