Cybersecurity specialists report the detection of a set of severe vulnerabilities in a popular baby monitor whose exploitation would allow hackers to execute arbitrary code on the affected devices. According to the report, prepared by Bitdefender experts, these failures reside in the equipment manufactured by the Chinese company Victure.
Through a security wing, the researchers detailed the detection of stack-based buffer overflow in the ONVIF server component of the Victure PC420 smart camera. This issue would allow threat actors to execute remote code on the affected device, leading to subsequent attack scenarios such as interception of signals transmitted by these devices and compromise of the affected firmware.
Bogdan Botezatu, research director at Bitdefender, says that these devices and their cloud platform are very popular deployments among Internet of Things (IoT) users, so there could be up to 4 million implementations affected. It should be clarified that the fault lies in the Victure PC420 devices with firmware version 1.2.2 and earlier.
The researchers tried to contact Victure to present their findings, although they decided to reveal the flaw after receiving no response: “We made several attempts to contact the provider, although we were unsuccessful,” adds Botezatu.
Considering that the manufacturer seems to be unaccupied with the flaws and that the firmware of these devices has not been updated, users concerned about their safety are advised to completely stop using any Victure equipment: “Threat actors have abused similar flaws on previous occasions, putting at severe risk the minors who are supposed to monitor these monitors,” adds the expert.
Experts point out that evading vulnerability reports is a negligent practice on the part of IoT device manufacturers, as they choose not to release updates, let alone alert users to the security risks related to the affected devices. At the time of writing, the China-based company keeps without answering to the constant requests for information.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.