Swann’s home security camera recordings could be intervened

Share this…

This camera can be purchased in both large commercial chains and online stores

According to reports from experts in enterprise data protection services, a popular wireless security camera designed to monitor businesses and households is vulnerable to espionage attacks.

Thanks to this failure it was possible to hijack video and audio transmitted from the properties of other people making a small adjustment to the Swann Security app.

Specialists in enterprise data protection services found the problem after the BBC reported a case in which a client had received recordings from another Swann camera user, causing the discomfort of the exposed user.

Swann and OzVision, the Israeli provider of their cloud technology, said the problem had already been solved. Swann mentioned that the vulnerability had been limited to a model, the SWWHD-Intcam, also known as the Swann Smart Security Camera, which went on sale for the first time in October 2017, and can be found in stores like Walmart and Amazon.

Anyway, there is concern that cameras from other companies compatible with OzVision support may have problems too.

Open access

A team of enterprise data protection services from different information security consultants teamed up to investigate the problem: Ken Munro, Andrew Tierney, Vangelis Stykas, Alan Woodward and Scott Helme.

The group of experts discovered a new vulnerability; the free software tools commonly used in the cyber security industry could be used to intercept messages sent from OzVision’s computer servers to the Safe by Swann app.

Safe by Swann is used to view motion detection recordings through a smartphone. Intercepted messages included references to a unique serial number given to each camera in the factory.

By altering the serial number, the investigators were able to get video from other cameras, something they tried writing numbers from other cameras they had bought. At no time were they asked to enter the user names and passwords of the other accounts.

They also found a way to identify the serial numbers used by the Swann cameras, which theoretically gave researchers the ability to see any active account and move quickly from one to the other, although they did not access any account, because this would threaten the Computer Misuse Act.

Instead, the group of experts in enterprise data protection services reported the vulnerability to Swann, which recognized the flaw. “Swann managed to detect the flaw in question for early attention to the vulnerability”, the company’s spokespersons mentioned.

After reporting the problem with the Swann chamber, the researchers found that an EU-based security consultant had identified a previous problem with Flir FX, another brand backed by OzVision, with two models of compromised cameras, the FXV101H and the FXV101W.