Experts in Cybersecurity from the International Cybernetic Security Institute report tht the rpesence of critical vulnerabilities in some security cameras models developed by the company Guardzilla that would allow a malicious user without advanced hacking abilities to access the data or videos stored by the users in their devices.
According to the reports of the specialists, the error is a problem with the firmware of the guardzilla systems. The experts say they discovered that all of the security devices use the same encoded codes, si that the passwords are easier to crack. “Getting this codes must be easy to any hacker with the minimum abilities”, declare the investigators.
Guardzilla works with the Amazon S3 service to store their clients’ data sent from any device. According to the investigators, due this security protocol aparently weak, all users from the security system Guardzilla All-In-One could access to the recordings and images from other users.
The investigators detected this vulnerability during the cybersecurity event made in September, and the informed Guardzilla about the error one month later. Through a blog, the specialists stated that the company haven’t made any declaration about this investigation.
“Guardzilla could simply update the access passwords and the firmware of their equipment, but the vulnerability could be exploited again using the same techniques”, stated the investigators in their blog. The only way to solve this problem is changing the passwords, installing a proxy and updating the firmware”, they added.
The facts that proof the vulnerabilities in security cameras are not new at all. Cameras used my pilice departments, baby monitors, and other similar devices proved to have similar security errors. According to an investigation made 2 years ago, the 3 main manufacturers of these devices turned up having important security errors.
Although the multiple investigations about the security errors in these systems, these vulnerabilities keep on appearing even when the experts state that with the knowledge and techniques that we have nowdays, these kind of errors shouldn’t appear at all.
Everyone is still waiting for Guardzilla to oficially make some declarations about this investigation, nad about possibles software updates for their surveillance systems.