2 Million Internet Cameras Vulnerable to Takeover

Millions of low-cost cloud-based cameras, baby monitors, doorbells and security systems other smart devices have proven vulnerable to easy hacking, takeover and monitoring by third parties allowing complete access to the units and spying on their owners.

The lure of easily monitoring your property and family remotely holds great appeal and millions of consumers are gobbling up the inexpensive cameras and other devices that allow them to track and monitor from a distance and record activity using their smartphones and other devices and store activity in the cloud. These devices operate on their home networks and bypass existing security features to reach out to the cloud but have such poor security that they leave the door open for hackers into your home.

Researcher Paul Marrapese published a list of vulnerable devices and demonstrated their vulnerability using a series of tests. He began advising offending manufactures in January of 2019 and received no responses from multiple manufactures and regulatory agencies until he ultimately felt compelled to reveal the vulnerability to Krebs on Security and others on April 24, 2019. On his website, Mr. Marrapese explains the vulnerability in great technical detail and tells you how you can check if your IP or webcam is vulnerable. If it is, there are complex steps you can take to reduce your risk but the real solution is to buy a better camera with strong security.

Faulty iLnkP2P Component

Vulnerable devices share a component called the iLnkP2P or Peer to Peer component found in hundreds of brands HiChip, TENVIS, SV3C, VStarcam, Wanscam, NEO Coolcam, Sricam, Eye Sight, and HVCAM. Users need to check a special serial number called a UID on the bottom against a list on Mr. Marrapese’s website to see if these Chinese made cameras contain the vulnerability.

Another way to determine your vulnerability is through the app you use to monitor your cloud device. There is a long list of Android cloud based camera monitoring apps that are tied to use of cameras vulnerable to this hack.

Worldwide Exposure of Risk

While the source of this risk is inexpensive Chinese devices, the cameras are located throughout the world. A map found on the Krebs on Security website shows a map of the iLinkP2p-enabled devices vulnerable to hacking, takeover and eavesdropping. They are located in virtually every corner of the globe.

The insidious nature of this vulnerability cannot be overstated. Hackers have easy access to these devices and thus the ability to spy on the homes and offices where they are located. The security on these devices is so lax that no matter what users do to change default passwords or alter router settings, there is little they can do to protect themselves. These devices are designed to punch holes through network security – to seek out a way through the firewalls and find a way to the outside world. The steps required to control their access would completely handicap their core functions – monitoring your home and family.

So What Should You Do?

MyProfyle recommends that you check any Internet of Things devices against these lists provided and discontinue the use of any vulnerable devices. Upgrade to higher quality devices where you can. There is no safe way to use any of these devices. Recognize that inexpensive devices make you vulnerable. Also recognize that when you set up a camera or smart device you do not necessarily need to provide your real personal information. You can often set up fake names and addresses – at least if there is no monthly service fee involved. Dummy profiles are not foolproof but they offer some protection.

At MyProfyle, we believe this threat is further proof that everyone’s information is at risk from many different sources and that we are all exposed multiple times per year. The solution to identity fraud is not to try to lock your identity or seek unobtainable privacy but to control your identity – not just your credit – by putting yourself in the position know of, approve or decline activity conducted in your name. That’s MyProfyle Free For Life ™ Identity Protection.


Paul Marrapese Website

Krebs on Security

Did You Find This Post Interesting?

Join our email list to get the latest blog posts sent to you