In the Netherlands, 27,000 IP cameras are at risk of being hacked. This is evident from research by the Consumentenbond. The vulnerability has to do with the unique identification number (UID): this is too predictable.
"Hackers scan the Internet and, with clever searches, find numerous cameras with similar UIDs. They send a message to the corresponding server and can then contact such a camera. The password to be entered is usually weakly secured, so a little hacker can crack it," said Karen Reijneveld of the Consumers' Association.
The UIDs are part of the ILnkP2P module that cameras from hundreds of brands are equipped with. All of these brands use diverse apps to control the cameras. Users install the mobile app and either scan the barcode on the IP camera or key in the six-digit UID themselves. The P2P software then does the rest. Because iLnkP2P devices do not use authentication or encryption, an attacker can remotely connect to the cameras.
From then on, the attacker can, among other things, watch the camera and change the password. According to Consumers Union, IP cameras that can be controlled via the CamHi app are especially vulnerable. This app is made by the Chinese manufacturer HiChip. That company is responsible for 38 percent of the 27,000 insecure IP cameras in the Netherlands.
The Consumers Union website has a list of unsafe security cameras.
This news item can also be found in the files Information Security and Data Breach
