
Swann cameras 'fixed' after researchers uncover spying flaw, again
Swann Vexxed-Us: Mis-Matches

SMART SECURITY COMPANY Swann is in trouble again after researchers discovered that a minor tweak could give users access to other users camera streams.
The news comes after an earlier incident which caused several customers to make similar complaints. Five European security analysts investigated Swann after the last revelation. They are Ken Munro, Andrew Tierney, Vangelis Stykas, Alan Woodward and Scott Helme.
Swann acknowledges the issue, saying that it was limited to one camera, the Swann Smart Security Camera, which is widely available since its release in October 2017.
However, although the Australian company and its Israeli software partner OzVision say the issue has been resolved, there's still concern that there could be a third or fourth problem for Swann waiting in the wings (geddit?).
Adam Brown, manager of security solutions at Synopsys said: "I personally have experience with Swann cameras - I used to have one, albeit different from the one in the report. I found that the camera feed itself could be accessed directly from the network the camera was on, and there was some access control over that video feed - a hardcoded password as I remember - this is bad practice.
"If that camera was placed directly on the internet (not behind a firewall) then prying eyes could potentially see what my camera could see. Obvious lax security controls indicate systemic failings. Without speculating on the technicalities of what went wrong here, I would surmise that the software security initiative at Swann is either lacking or could benefit from some deliberate improvement driven from management.
"The camera market is catching up in cybersecurity. Leading Chinese manufacturers are integrating privacy and security into their cameras and infrastructure. Privacy and security are going to be vital for the camera industry, itself placed as a security solution."
The researchers discovered that simple freeware packages could be used to intercept data from OzVision to Swann. All they had to do was change the camera serial number in the app and they'd have access to that camera - along with a way to identify different cameras easily.
"Swann was able to detect the subsystem Ken Munro and his team were attempting to hack and promptly addressed the vulnerability," said a spokeswoman for Swann
"This vulnerability did not apply to any other Swann products. We have not detected any other such attempts." μ
Further reading
INQ Latest
Intel Comet Lake-S leak teases AMD-chasing six-core Core i5-10600
Hype for HyperThreading
Apple's parental controls in iOS 13.3 can be easily bypassed
Hey kids, leave them iPhones alone
Opera GX brings gaming-led browsing to macOS
The Mac lady sings
Google Assistant gets 'Interpreter Mode' on iOS and Android
Babel in yo ear