Dropcam (Now a Google Nest company) took the remote internet connected video world by storm by allowing anyone to remotely monitor their homes or business' cheaply and without being a technical genius. There are countless media articles about business and homeowners using it to catch thieves, but now we learn that it can be exploited by cybercriminals against you.
Two researchers from Synack (Patrick Wardle and Colby Moore) discovered vulnerabilities in Dropcam which they will demonstrate at Defcon 22 in Las Vegas next month.
Like a bad hacker movie, the researchers claim to have discovered that it is possible to hack the system to watch videos remotely, turn on the microphone (hot mic), inject fake video into the stream (to cover tracks) and even to use the Dropcam to compromise your network.
"If someone has physical access [to a DropCam device], it's pretty much game over," says Wardle, who is director of research at Synack. "People need to be aware that these devices can be accessed by hackers or adversaries, and they should be scrutinized in the way people protect their laptops," for instance. [source DarkReading]
It seems the software running on the Dropcam is also old and unsupported which may explain why it is also vulnerable to Heartbleed.
All in all a pretty bad situation that should serve as a wake up call to everyone that we need to pay more attention to the Internet of Things. Too many small companies are trying to seel sensors, cameras and mic to consumers without paying enough attention to protecting their devices (and therefore my privacy). hopefully Google and Apple will force more secure standards to bring these small players in line.