Swann security cameras 'fixed' after major security flaw discovered. Again.

Tweet
Facebook
Send to

SMART SECURITY COMPANY Swann is in trouble again after researchers discovered that a minor tweak could give users access to other users camera streams.

The news comes after an earlier incident which caused several customers to make similar complaints. Five European security analysts investigated Swann after the last revelation. They are Ken Munro, Andrew Tierney, Vangelis Stykas, Alan Woodward and Scott Helme.

Swann acknowledges the issue, saying that it was limited to one camera, the Swann Smart Security Camera, which is widely available since its release in October 2017.

However, although the Australian company and its Israeli software partner OzVision say the issue has been resolved, there's still concern that there could be a third or fourth problem for Swann waiting in the wings (geddit?).

Adam Brown, manager of security solutions at Synopsys said: "I personally have experience with Swann cameras - I used to have one, albeit different from the one in the report. I found that the camera feed itself could be accessed directly from the network the camera was on, and there was some access control over that video feed - a hardcoded password as I remember - this is bad practice.

"If that camera was placed directly on the internet (not behind a firewall) then prying eyes could potentially see what my camera could see. Obvious lax security controls indicate systemic failings. Without speculating on the technicalities of what went wrong here, I would surmise that the software security initiative at Swann is either lacking or could benefit from some deliberate improvement driven from management.

"The camera market is catching up in cybersecurity. Leading Chinese manufacturers are integrating privacy and security into their cameras and infrastructure. Privacy and security are going to be vital for the camera industry, itself placed as a security solution."

The researchers discovered that simple freeware packages could be used to intercept data from OzVision to Swann. All they had to do was change the camera serial number in the app and they'd have access to that camera - along with a way to identify different cameras easily.

"Swann was able to detect the subsystem Ken Munro and his team were attempting to hack and promptly addressed the vulnerability," said a spokeswoman for Swann

"This vulnerability did not apply to any other Swann products. We have not detected any other such attempts." μ