Motorola IP cameras security hole gets exposed!

Motorola Focus 73 outdoor security cameras are easy to get exploited by hackers and this was proved by some White Hats from Context Information Security. The security researchers were able to obtain full control of camera’s pan-tilt-zoom controls and were able to redirect the video feed and movement alerts after hacking the IoT enabled cameras.

This clearly proves that even IoT products from some biggest techs have security issues.

Motorola IP Camera is manufactured by Binatone and offers cloud connectivity via the Hubble Service, hosted by Amazon Elastic Cloud Compute. This facility allows customers to watch and control their cameras remotely as well as receive movement alerts through a free mobile application.

Security researchers found that during the set up Motorola Focus 73 Outdoor security cameras, the private Wi-Fi security key is transmitted unencrypted over an open network, using only basic HTTP Authentication with the username “camera” and password “000000”. A number of legacy web pages on the camera revealed that the device is based on the same hardware as a legacy baby monitor product.

The researchers obtained root access to the camera after discovering its password was the usual “123456”. It allowed the device users to obtain factory wireless credentials for secure test networks and even more surprisingly, credentials for the developers Gmail, Dropbox and FTP accounts.

The device logs are accessible via the open web interface and also contained the AES encryption key for the remote control messages and FTP credentials for video clip storage. The wholly insecure setup allowed context’s white hats to install their own malicious firmware because of the absence of security checks that would have questioned the validity of downloaded software.

The camera uses the STUN (Session Traversal Utilities for NAT) protocol to run communications with the Hubble server and control the camera. Armed with the AES key, Context’s boffins were able to access encrypted commands sent from the cloud to the camera and re-create them to initiate instructions such as start recording, change video server, move left and reboot.

After the security researchers owned the camera, the researchers were able to subvert and redirect the Hubble DNS configuration to receive a feed of movement alert through JPEG images and video clips which were otherwise available to Hubble’s premium customers.

All the results obtained from the security hacks were presented to Motorola Monitors in early October 2015. The company reacted immediately then and released the new firmware updates.

However, not many users of Motorola Focus 73 Outdoor security camera users have taken note of the firmware update.

So, a big disappointment!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s