Foscam camera vulnerabilities
9got this email from Foscam today. i know meh has sold the R2 and C2 (which are on the below list), but not sure what others.
Hello <name redacted to protect the innocent>,
We wanted to reach out as soon as possible to inform you of recently discovered security vulnerabilities affecting “Foscam” branded cameras manufactured by China-based Shenzhen Foscam. Foscam US has been notified of 18 security vulnerabilities that exist on cameras manufactured by Shenzhen Foscam which leave users vulnerable to hacks which allow attackers to remotely take-over cameras, live stream, download stored files and even compromise other devices located on the local network. (Source: F-Secure Report available here).
The vulnerabilities affect “Foscam” branded cameras and cameras manufactured by China-based Shenzhen Foscam only. The vulnerabilities DO NOT affect Amcrest or FDT branded cameras which are produced by a separate factory and R&D team led by US-based Amcrest (formerly Foscam US and now Amcrest), which is totally unrelated to China-based Shenzhen Foscam.
Amcrest split off from China-based Shenzhen Foscam in 2015 / 2016 due to issues relating to distribution, lack of security and quality control and thus Amcrest and FDT cameras are totally unaffected by these latest security vulnerabilities.
The models affected include the following:
Foscam R2
Foscam C1
Foscam C1 Lite
Foscam C2
Foscam FI9800
Foscam FI9826P
Foscam FI9828P
Foscam FI9851P
Foscam FI9853EP
Foscam FI9901EP
Foscam FI9903P
Foscam FI9928P
(Source CVE Details report available here)
We recommend disconnecting your current Foscam branded cameras from the internet until these issues have been resolved. If you have any questions, please reach out to China-based Shenzhen Foscam directly.
Shenzhen Foscam currently have not responded and have not yet provided any patch or fix to address the vulnerabilities.(Source: Arstechnica https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/
More details available here:
http://www.tomsguide.com/us/foscam-camera-flaws,news-25254.html
- 7 comments, 5 replies
- Comment
Got the same email. None of my 4 Foscams are among the listed models.
Whose innocent?
/image innocent person
@RiotDemon i’m innocent. was that ever in doubt?
@carl669
Fuck, yeah.
/giphy doubt
/giphy pretend to be shocked
/giphy internet camera
That’s quite the family squabble.
And the divorce puts the formerly Foscam US / now Amcrest (one hopes they never want to get into the toothpaste business) in a tough spot since they sold the cameras to their customers but no longer have control over the support of those cameras.
Interesting that as part of that divorce, Foscam Shenzhen (where a close relative might happen to live BTW) did not acquire the rights to the folks who bought its cameras.
I would never be willing to expose IP cameras to a public network in the first place.
It’s kind of a Battlestar Galactica scenario.
@InnocuousFarmer i don’t know. if 6 were to show up at my door, i’d be happy to expose my…
/giphy Tricia Helfer
Foscam Firmware Update Now Available:
http://www.foscam.com/important-security-firmware-announcement.html
@VnQ59JtrM9xVYw Mine models’s latest firmware listed there is from 2015.