Samsung’s SmartCam appears to have a critical flaw that makes it extremely vulnerable to hackers.
The SmartCam is part of Samsung’s SmartThings range that allows users to control “smart devices” in their homes using just a tablet or a smartphone.
SmartCam allows users to stream video over the internet and has various features including night vision, movement sensors and two-way audio.
The flaw, which was found by Exploitee.rs, a group of “ethical hackers”, allowed them to turn on cameras remotely, change settings and most worryingly, change the administrator’s login details.
The researchers tested the SNH-1011 model but it is said the affect “the entire series of devices.”
Samsung were made aware of the problem by Exploitee.rs and responded disabling the option that allowed direct web access to the SmartCams.
To access the devices, users now need to logon through SamsungCloud and this will allow access to live feeds although it does prevent the devices from being used in any DIY monitoring solutions.
Exploitee.rs claim that this hasn’t resolved the problem as coding scripts left behind mean that hackers can still gain access to the devices remotely.
“This vulnerability highlights the difficulty in securing smart devices, even for large manufacturers,” said Javvad Malik, security advocate at AlienVault.
“It shows that finding issues in devices is one thing, but fixing them is another. It’s typically not so easy to push out updates or fixes to smart devices, and when they do get sent it doesn’t always achieve the desired result.”