A popular IP camera can be remotely tapped due to a vulnerability in the device. At issue is the Amcrest IP2M-841B, one of the best-selling dome cameras on Amazon.
In reality, it is a camera from manufacturer Dahua, sold under a different name.
Security researcher Jacob Baines of security company Tenable found out that it is possible to eavesdrop on users remotely. The audio appears to be accessible via HTTP without authentication. If the camera can be accessed via the Internet, it is easy to listen in on the audio stream. Only by specifying the IP address of the camera in VLC media player, can the audio stream be intercepted.
VLC does not recognize the container of the audio stream, but the researcher wrote a script after which the audio can be listened to via FFplay. Baines found more than 117,000 IP cameras that can be accessed via the Internet. Amcrest was notified of the vulnerability on May 8 of this year. Last Monday, the company released a security update. Users are advised to install the update and not connect their cameras to the Internet.
This news item can also be found in the Data Breach file
