Smart Home Security Camera Bug Exposed

Written by

Security researchers have found a flaw in a home security camera model which could allow individuals to view users’ video feeds.

The bug was found in the SWWHD-Intcam, also known as the Swann Smart Security Camera, which has been on sale in several high street retailers including Currys and Walmart for the past eight months.

The problem relates to the Safe by Swann cloud system which allows users to view their feeds remotely via smartphone, according to the BBC.

The researchers — Ken Munro, Andrew Tierney, Vangelis Stykas, Alan Woodward and Scott Helme — claimed that they could intercept messages sent by provider OzVision from its servers to the app.

These contain a serial number unique to each camera, which can be manually altered to allow access to other devices, the report claimed.

They apparently also identified a way to work out which serial numbers Swann cameras were using, allowing them to theoretically view any account with ease.

"Swann was able to detect the subsystem Ken Munro and his team were attempting to hack and promptly addressed the vulnerability", a spokeswoman for the company told the BBC.

"This vulnerability did not apply to any other Swann products. We have not detected any other such attempts."

However, there are concerns that other camera brands supported by Israel-headquartered supplier OzVision may be vulnerable to attack. A problem was discovered in Flir cameras back in October last year, with a patch apparently imminent.

Some 40% of UK consumers are concerned that devices can listen in to their private conversations, according to McAfee research.

“People need to feel empowered and protected so they can embrace new technologies that aim to deliver peace of mind. Businesses manufacturing these devices must do their bit and ensure that security is built-in from the get-go,” said chief scientist, Raj Samani.

“There are also simple measures consumers can take when introducing new connected gadgets to their home environments. For example, people need to ensure they have protected Wi-Fi in place with multi-factor authentication and complex passwords. This will help prevent cyber-criminals from accessing devices and getting their hands on personal information.”

What’s hot on Infosecurity Magazine?