Foscam Security Vulnerabilities Discovered


#1

The models affected include the following:

Foscam R2

Foscam C1

Foscam C1 Lite

Foscam C2

Foscam FI9800

Foscam FI9826P

Foscam FI9828P

Foscam FI9851P

Foscam FI9853EP

Foscam FI9901EP

Foscam FI9903P

Foscam FI9928P

(Source CVE Details report available here:) https://www.cvedetails.com/cve/CVE-2017-7648/

“We wanted to reach out as soon as possible to inform you of recently discovered security vulnerabilities affecting “Foscam” branded cameras manufactured by China-based Shenzhen Foscam. Foscam US has been notified of 18 security vulnerabilities that exist on cameras manufactured by Shenzhen Foscam which leave users vulnerable to hacks which allow attackers to remotely take-over cameras, live stream, download stored files and even compromise other devices located on the local network.”


What are the most "recommended" cameras that work with SmartThings currently (2017)?
(supa) #2

Got a reply from Foscam:

With regard to the bugs mentioned in the F-secure reports, Foscam attributes great importance to it and arranged our Research and Development Department to analyze each of the items these days.

We find out some items mentioned in the report do not exist, and our cameras have mechanism to change default password mandatorily that avoids some mentioned case to happen.
For the existing bugs, please be patient while we are developing the new firmware now. Suggest you keep an eye on our website,
we’ll release the new firmware for our top models within this week. Firmware for other models will also be released in the following days.

Some competitors have abused the report to exaggerate the situation, and spread panic among our faithful user in order to take advantage.
Each software may have bugs and what we do is keep improving the security of Foscam cameras.
Foscam always attached great importance to our product security and we have a special department who are dedicated to improve our product security by having updated firmware in time.


(ActionTiles.com co-founder Terry @ActionTiles; GitHub: @cosmicpuppy) #3

Honestly, that’s a very good response from Foscam.

Armcrest is definitely playing a tad dirty with this one and it might backfire one day. There’s quite a feud between these two companies.


(supa) #4

New firmware for some cameras: http://www.foscam.com/downloads/index.html