Researchers from Bitdefender have detected multiple vulnerabilities in EZVIZ smart cameras. Three of the flaws – a stack-based buffer overflow vulnerability, an insecure direct object reference vulnerability, and a strong passwords in a recoverable format vulnerability – can be exploited remotely. A fourth flaw – an improper initialization vulnerability – is locally exploitable. The flaws can be chained to gain remote control of vulnerable cameras and download and decrypt images. The issues affect at least five models of EZVIZ cameras. Patches are available.
- Unlike the old hard-wired analog devices of the past, modern IoT security cameras need to be kept updated. And the frequency of those updates may not be sufficient for all scenarios, which means they should be able to connect only to the services they absolutely need. Use a separate network or SSID, just as your old CCTV system was dedicated to that purpose. Lastly, if your vendor seems disinclined to address security issues, you should be disinclined to continue using their devices.