Foscam camera vulnerabilities

9

got this email from Foscam today. i know meh has sold the R2 and C2 (which are on the below list), but not sure what others.

Hello <name redacted to protect the innocent>,

We wanted to reach out as soon as possible to inform you of recently discovered security vulnerabilities affecting “Foscam” branded cameras manufactured by China-based Shenzhen Foscam. Foscam US has been notified of 18 security vulnerabilities that exist on cameras manufactured by Shenzhen Foscam which leave users vulnerable to hacks which allow attackers to remotely take-over cameras, live stream, download stored files and even compromise other devices located on the local network. (Source: F-Secure Report available here).

The vulnerabilities affect “Foscam” branded cameras and cameras manufactured by China-based Shenzhen Foscam only. The vulnerabilities DO NOT affect Amcrest or FDT branded cameras which are produced by a separate factory and R&D team led by US-based Amcrest (formerly Foscam US and now Amcrest), which is totally unrelated to China-based Shenzhen Foscam.

Amcrest split off from China-based Shenzhen Foscam in 2015 / 2016 due to issues relating to distribution, lack of security and quality control and thus Amcrest and FDT cameras are totally unaffected by these latest security vulnerabilities.

The models affected include the following:

Foscam R2
Foscam C1
Foscam C1 Lite
Foscam C2
Foscam FI9800
Foscam FI9826P
Foscam FI9828P
Foscam FI9851P
Foscam FI9853EP
Foscam FI9901EP
Foscam FI9903P
Foscam FI9928P

(Source CVE Details report available here)

We recommend disconnecting your current Foscam branded cameras from the internet until these issues have been resolved. If you have any questions, please reach out to China-based Shenzhen Foscam directly.

Shenzhen Foscam currently have not responded and have not yet provided any patch or fix to address the vulnerabilities.(Source: Arstechnica https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/

More details available here:

https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls

http://www.tomsguide.com/us/foscam-camera-flaws,news-25254.html