Chinese Manufacture’s IP Cameras and DVRs Vulnerable to Third Party Access

chinese ip cam vulnerable

Security researchers discovered vulnerabilities in  IP cameras and DVRs manufactured by Hangzhou Xiongmai Technology Co., LTD  that would allow bad actors to gain remote access. This would grant hackers to gain real-time video feed from IP security cameras. What makes this more troubling is the fact that it is hard to know whether a consumer has a compromised device. This is because Hangzhou Xiongmai Technology does not sell their products as a brand but as white label products which are then rebranded by other companies.

According to researchers at the cybersecurity firm SEC Consult, over 100 devices from multiple companies have been found to contain the compromised Hangzhou Xiongmai Technology hardware. The vulnerability in question involves a feature in the devices named “XMEye P2P Cloud.” This is the attribute that allows remote access to the IP cameras and DVRs.

SEC Consult researchers found that XMEye P2P Cloud contains vulnerabilities such as default admin passwords and a hidden account interface that also includes a default password login. This alone could grant third-parties access to the device’s camera feed. Furthermore, since Hangzhou Xiongmai Technology devices are not signed, hackers with access to the account can install firmware updates that could compromise the devices even further.

Follow Reactionary Times on WordPress.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: