silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,176
A vulnerability in the consumer-grade Amcrest IP2M-841B IP home security video camera would allow an attacker to remotely listen to the camera’s audio over the internet, without authentication.
“Essentially, if this thing is connected directly to the internet, it’s anyone’s listening device,” explained Jacob Baines, researcher with Tenable Security, in a posting on the flaw this week.
The bug (CVE-2019–3948) exists in the firmware of the device, which is based on OEM code from another vendor, Dahua (a Chinese company that the U.S. is considering blacklisting over espionage concerns). Tenable found that, like many Wi-Fi-enabled Dashua devices, the IP2M-841B has a service listening on TCP port 37777.
Trivial Bug Turns Home Security Cameras Into Listening Posts
Anyone can listen to the camera's audio over the internet.
threatpost.com