If there is no way to fix a vulnerability what do you do if you have a camera with a vulnerability?
Here is the quote on Threatpost (from the engineer that found the flaw):
“Over 2 million vulnerable devices have been identified on the internet, including those distributed by HiChip, TENVIS, SV3C, VStarcam, Wanscam, NEO Coolcam, Sricam, Eye Sight and HVCAM,” said Paul Marrapese, a security engineer who discovered the flaws setup the hacked.camera website
So the key from Paul’s website is the following two CVE’s:
What is CVE-2019-11219?
CVE-2019-11219 refers to an enumeration vulnerability in iLnkP2P that allows attackers to rapidly discover devices that are online. Due to the nature of P2P, attackers are then able to directly connect to arbitrary devices while bypassing firewall restrictions.
What is CVE-2019-11220?
CVE-2019-11220 refers to an authentication vulnerability in iLnkP2P that allows attackers to intercept connections to devices and perform man-in-the-middle attacks. Attackers may use this vulnerability to steal the password to a device and take control of it.
So mostly iLnkP2P with many companies potentially affected.
This problem has just been relesed to the public, with initial advisories to vendors by Mr. Marrapese 1/15/19.
so in theory the vendor should have been working on this issue, but they did not respond. So vulnerability sent to CERT/CC and then the 2 official CVEs were setup by MITRE:
|CVE-2019-11219 and CVE-2019-11220|
Devices that use the following Android apps may be vulnerable:
- HiChip: CamHi, P2PWIFICAM, iMega Cam, WEBVISION, P2PIPCamHi, IPCAM P
- VStarcam: Eye4, EyeCloud, VSCAM, PnPCam
- Wanscam: E View7
- NEO: P2PIPCAM, COOLCAMOP
- Sricam: APCamera
- Various: P2PCam_HD
Time to start to make people aware and get their vendors on fixing these problems, because some vendors are foot draggers on security.
So real bad news is that the hackers now definitely know the problems so attacks coming soon???
Coming back to original question… How can you protect cameras with this flaw? Have to put a New NGFW system in front of it to protect it. Kind of like how one protects a WindowsXP machine, or a system that is no longer getting updates.
Here is my old post on NGFW : https://oversitesentry.com/what-is-an-advanced-firewall-utm-ngfw/
Contact us to discus this with you.