Foscam cameras hacked... again

[thewireguys 3]

Those looking at Foscam cameras might think again.

 

http://www.nbcnews.com/tech/security/man-hacks-monitor-screams-baby-girl-n91546

[Numb-nuts 1]

Just wish I could get my hands on such people for 10 minutes.

[TheUberOverLord 0]

Those looking at Foscam cameras might think again.

 

http://www.nbcnews.com/tech/security/man-hacks-monitor-screams-baby-girl-n91546

Two things.

 

1. The family in other articles, admitted that they did not realize that they needed to change the "Default" password to the camera.

 

2. The family also admitted in other articles, that they did not realize that new firmware versions had been available for their camera for some time.

 

One of those articles:

 

http://www.philly.com/philly/blogs/lifestyle/20140504_PopSugar_Until_We_Fix_Our_Connected_Homes__Hackers_Will_Keep_Screaming_at_Babies.html

 

Notes:

 

Older firmware versions, did not prompt the IP Camera owner to change the default password. All firmware versions now do that and have done that, for almost a year now.

 

No new firmware versions were required to be released, because this specific case was not caused by a firmware vulnerability.

 

As I am sure you must know as well. Any device which has Internet access, including IP Cameras, needs to be kept up to date with firmware/software changes when vulnerabilities are found.

 

Virtually all IP Cameras have had some kind of vulnerabilities found at times. More here, showing some of them:

 

http://www.openipcam.com/forum/index.php/topic,534.0.html

 

So this "Myth" that Foscam IP Cameras are somehow more exposed to potential vulnerabilities then other IP Camera brands and models or that as required, new firmware versions are not being released by Foscam, when any vulnerability is found. Based on the facts, is a false one.

 

Point being. That even Operating Systems, Browsers, Applications and Devices of all kinds that have Internet access will/do require that they be maintained with firmware/software fixes as needed.

 

It's also important to note that Foscam.us does now send emails to new IP Cameras owners informing them that new firmware is available for their camera as well. Just in case a IP Camera owner does not occasionally check the firmware download page to see if new firmware is available for their IP Camera. Which is located here:

 

http://www.foscam.com/down3.aspx

 

As an example. One can't always blame Microsoft, Apple, and Linux Operating System suppliers for owners using their Operating Systems not being diligent about maintaining the devices that use them.

 

Currently. To date. There is no single device worldwide, which is exposed to the Internet, that can be or should be considered a "Set It Up And Forget It" device. Technology is not there yet.

 

Don

[CBX 0]

I had similar thoughts myself, and agree with everything you said. It's because it's technology and most people don't understand the details. If you say the following:

 

My credit card account has been hacked and 1000s stolen! Admittedly I did give my card with the pin number written on the back to a local thief but I can't believe my bank allowed their systems to be hacked!

 

...then people wouldn't be blaming the bank would they. I'm not saying this analogy is exactly the same as this situation but I think it shows that if it is something more tangeble that people understand it can be looked upon very differently.

[ssnapier 0]

Yeah that was operator error in my opinion. Never checked for updates, and never changed the default password? Why not just hang a sign that says "I'm wide open and clueless, go nuts!"

 

Foscam needs to have a setup wizard that FORCES the password change... problem solved. Their PR department must hate this stuff, I know I would be coming up with solutions to prevent this from being my brand again. You could also add an auto-update function for the stupid thing since it is on the net.... sheesh.

[TheUberOverLord 0]

Yeah that was operator error in my opinion. Never checked for updates, and never changed the default password? Why not just hang a sign that says "I'm wide open and clueless, go nuts!"

 

Foscam needs to have a setup wizard that FORCES the password change... problem solved. Their PR department must hate this stuff, I know I would be coming up with solutions to prevent this from being my brand again. You could also add an auto-update function for the stupid thing since it is on the net.... sheesh.

Yes.

 

For close to a year now, as stated in my prior post here. All Foscam firmware updates for all Foscam IP Camera models, force the camera owner to change the default password. When the default User credentials are still being used.

 

But since no firmware updates were applied to this camera, since it was purchased. That process never forced a change of the default password.

 

Don

[Lebeter 0]

There is an obvious correlation between a popular brand getting hacked vs other brands. Foscam is widely sold just as Windows is more widely deployed. If you were to spend time coming up with a hack/exploit for something, wouldn't you choose to exploit the most widely available and produced product vs something there are few deployments of. I'm not saying Foscam is one of the better cameras, its just more widely sold in the market. The only thing these people do with the media is bring attention to how stupid as @$%^ they are. Foscam wants to appeal to the everyday idiot home user so they in turn get to deal with the bad press these idiots bring upon their product, that is the reality. Most of the competing products have similar vulnerabilities, much like idiots who don't change their WiFi Router Passwords. Other companies choose to stay under the radar and sell to installers so they avoid some of this bad press brought upon by the special folk among us.