Samsung SmartCam Security Vulnerability

FYI, there is a serious security vulnerability/flaw in Samsung’s SmartCams. Looks like testing hasn’t been done on every model yet, but the security researchers that published the flaw think it’s likely all models. Nothing yet from Samsung that I’ve seen. I’ve unplugged my cam for now…

ArsTechnica write up:

Original research group post:
https://www.exploitee.rs/index.php/Samsung_SmartCam​#iWatch_install.php_Remote_Root_Command_Execution

If following the suggested fix be careful using escapeshellarg as it can open up another vulnerability, after multiple attempts terminating quote is eaten away which opens shell command injection.

1 Like

Also, note that it is an remote code execution vulnerability, so it could be used as a pivot point into other unsecured/vulnerable machines in the same network. If you have this camera on the same network/vlan as other stuff, I’d suggest unplugging it ASAP until there is a “proper” fix from Samsung, especially given Chris’ note above.

2 Likes

I think this is the biggest concern when it comes to this type of thing. No offense to comments like the ones from @anon36505037 above, but the issue is that this can be used as a foothold into your network. You basically have a vulnerable web server with remote access and php installed, from that point on who knows what else you can do inside the network… packet captures, DNS poisoning, etc.

There’s a “fix” in the page that you can roll yourself if you’re technical enough though… it basically requires you to use the exploit to gain access to a shell, then using sed to fix the iwatch/web/install.php itself.

1 Like

That fix shouldn’t even be considered a bandaid though as it opens up another vulnerability.

I do this type of thing for a living (pen testing, network analysis and vulnerability, forensic and reverse engineering, white hat hacking, etc), there are other ways to prevent it and you don’t want to know how many of your devices allow access.

Here’s something that may help Safe Port Forwarding for Cameras

1 Like

Looks like Samsung released a statement saying that only the SNH-1011 model is affected, and a patch is incoming. A number of news sources are quoting the Samsung statement, including the above link to ArsTechnica…

1 Like

We’re looking to release a comment as well, but simply put we’ve performed deep testing on the SmartCam camera(s) that can connect to SmartThings and they do not have the vulnerability.

2 Likes

Update, 1/18/2017, 1:25 PM California time: In an e-mail, a Samsung representative said the vulnerability affects only the SNH-1011 model and will be fixed in an upcoming firmware update.

Watching the video from mobile I had no idea what they were typing but it looks like someone would have to be on my LAN in order for this to work. But I also do not have that model.

Thanks @Tyler… I’m certainly glad that this vuln was limited to the one model. It’s unfortunate that the researchers made a blanket statement without testing other models, but of course that’s a common issue with researchers due to limited time/budget/interest, etc.

If I could suggest something: this is the sort of thing that SmartThings should probably be a lot more proactive about. It’s understandable that it takes time to verify security issues, but this is another Samsung product, and people should feel comfortable that the SmartThings staff are on top of security issues like this. Certainly there are a ton of other devices outside your control, and I’m not suggesting your teams have to track everything in the world. But, with the current security issues and concerns with IoT in general I would think SmartThings as an industry leader should really step up here. My two cents…

Thanks!!

1 Like

Thanks for sharing your feedback Jerry - you’re absolutely right.

1 Like