Smart homes are rather popular these days, promising a higher amount of comfort and security to homeowners. These homes appeared together with the development of the Internet of Things, or IoT, which allows for the gadgets and appliances we use to connect with each other and create a smarter and more intuitive environment.
But, the devices that should keep us safe may do the contrary. For instance, it was discovered that the Guardzilla cameras may allow outsiders to view your personal footage. This happens due to a flaw in the design of the camera. So, if you have a Guardzilla camera or you intend on getting one, the following lines may interest you.
When it comes to surveillance cameras, the Guardzilla All-In-One Video Security System was made to offer indoor monitoring. The data this camera records is then stored on the Amazon clouds, with the help of S3 hard-coded credentials.
Unfortunately, all the users of this security system will utilize the same password. This means that every user will have access to the records saved by the rest of the users. But, this also means that outsides could obtain access into the system and get the footage as long as they know details concerning the storage of the data.
Allow us to explain how this happens. When it comes to S3 credentials, they offer all-times access to each and every S3 bucket containing information, as mentioned by the researchers that conducted the study.
They reached this conclusion after analyzing the firmware that came along with the device. Static analysis was used to make the required measurements, which also led the researchers to the previously mentioned results. The process involved the extraction of the firmware, cracking the root password, and retrieving the S3 access key for Amazon.
When this key ends up in the wrong hands, like a cuber-attacker, it can be used to access the Amazon accounts destined for private data storage. Practically, with the key, a person can access the S3 buckets of a particular account without any problems.
So, in spite of the fact that these services appear more than inviting, telling users that they will have the chance to store their data in the clouds in an unlimited manner, they can have the unpleasant surprise of having their data accessed by unauthorized persons. Was the provider of these security systems notified about the problem? According to the team of specialists involved in the study, the provider found out about the security matter discovered in the Guardzilla cameras. Unfortunately, up to this point, the matter has not been solved by the provider.
In case you are using such a camera, to avoid unwanted access in your home, you should make sure that the feature enabling the camera to store data in the cloud is disabled. In the absence of a patch that should be meant to cover for this matter, this is, currently, the best option users have. If the provider will come up with a better solution, we will certainly hear about it.