Smart Security Cameras Lack Brains to Stay Safe | WHAT REALLY HAPPENED X-Frame-Options: DENY X-Frame-Options: SAMEORIGIN

Smart Security Cameras Lack Brains to Stay Safe

Today we will address the topic of video surveillance cameras. A lot of them have plenty of security vulnerabilities. In addition, user guides and manuals have gaps and fail to present all those security controls that manufactures managed to put into their devices.

It is impossible to describe all vulnerabilities of all security cameras out there so we will focus on one camera that represent a vivid example of the poor state of security around video surveillance devices.

The subject of this article is the Hanwha SNH-V6410PN camera from Techwin. This company was previously owned by Samsung. Although the company changed its owners several years ago, they produced the mentioned cameras with the Samsung logo till 2017. And you can still find these cameras on sale.

Hanwha cameras are advertised as a universal monitoring tool that can be used in children's rooms, homes, and in small offices. They can work in the dark, monitor and detect moving objects, send images or video to a smartphone. These cameras also allow communicating through the built-in speaker and microphone.

The owner of such a camera can control all functions through the cloud service, which can be accessed from a computer or mobile device. According to a study by Kaspersky Lab, the vulnerabilities in the camera allow unauthorized persons to gain full control over it. Unfortunately, such state of affairs creates many opportunities for attackers.

Threats that are not visible

An attacker can substitute image or video data transmitted to the camera owner - just as it happens in films where somebody deceives a guard by showing him an old record. Unfortunately, this trick can be used by real criminals who are about to enter a home or office protected by this smart camera.

Experts managed to capture the transmitted video, go to the audio channel and even get location data. This means that intruders can find out the location of the device and learn the habits and behavior of residents or employees in order to carefully plan the attack - and all this remotely, over the Internet.

Espionage with the help of electronic eyes

There is no need to draw any dramatic scenarios: the hacker has many other opportunities to play with the device. As many other "smart" devices, cameras can use social networks and services to notify their owners about events that occur in a protected zone. After gaining control over them, hackers can not only retrieve your Facebook account information, but also use the device to send messages to people in your friends list.

In order to close the traces of their activity (or just for pleasure), cybercriminals can also completely destroy the camera.

As mentioned before, cameras can also play sounds through the built-in speaker. We will not come up with brutal examples here - it's enough to know that someone else can speak through such device with your child.

Zombie botnets

About a year ago the world learned about the existence of a botnet consisting of IoT devices. Thousands of "smart" cameras worked under the control of criminals, paralyzing the activities of many large Internet services.

Hundreds of not protected and vulnerable Hanwha Techwin smart cameras were also used by criminals to carry out DDoS attacks and to infect other connected devices.

Dark future

Apart from the cameras for home and office, Hanwha also produces industrial television systems. Interestingly, the portfolio of this manufacturer also includes robots and drones. We hope that with these devices, company puts security to the highest priority.


Until manufacturers of smart devices begin solving their security issues, that is, already at the stage of the project development - we offer users several tips on how protect their devices on their own:

  • Think twice before buying any smart device. Do you really need it?
  • Look for news and information on previous hacking attempts and known security vulnerabilities.
  • Learn and read as much as possible about the devices that you already have to reduce the risk of future attacks.
  • If you do not need to, do not connect your device to an external network.
  • Disable all network services that you do not need.
  • Set up a VPN that will encrypt all traffic and mask device’s IP address.
  • If the device uses a universal password that cannot be changed, or you cannot disable the preinstalled account, turn off the network services in which they are being used or disable access to the external network.
  • Before starting to use the device, change the default password and set a new one.
  • If possible, update firmware up to the latest version as soon as updates are available with the device manufacturer.