Our analysis uncovered several vulnerabilities in the EZVIZ smart devices
Bitdefender has released comprehensive research that identified multiple vulnerabilities in several lines of EZVIZ cameras, a globally a global smart home security brand used in Australia and New Zealand. It is estimated about 10 million devices are impacted based on known Android/iOS installs.
When daisy-chained, the discovered vulnerabilities could allow an attacker to remotely control the camera, download images, decrypt them, and bypass authentication to execute code remotely.
Key Findings:
- A stack-based buffer overflow vulnerability has been identified which can lead to remote code execution in the motion detection routine.
- An insecure direct object reference vulnerability in multiple API endpoints allows an attacker to fetch images and issue commands on behalf of the real owner of the camera.
- Storing passwords in a recoverable format vulnerability (in [3}/api/device/query/encryptkey) allows an attacker to recover the encryption key for images.
- Improper initialisation vulnerability lets an attacker recover the administrator password and completely own the device.
“Our analysis uncovered several vulnerabilities in the EZVIZ smart devices and their API endpoints that could allow an attacker to carry out a variety of malicious actions, including remote code execution and access to video feed,” said Dan Berte, Director, IoT Security at Bitdefender.
“One of the main features of these devices is the ability to be accessed from anywhere the user has an internet connection. To accomplish this, user-device communication is relayed through servers in the cloud. When the smartphone app needs to contact a device, the cloud servers relay the messages back and forth.”
Bitdefender recommends anyone who owns an EZVIZ camera applies the patches, updates their software immediately, and keeps a lookout on the manufacturer’s website for any EZVIZ camera security-related news.