One Article Review
| Source |  Network World |
|---|---|
| Identifiant | 297233 |
| Date de publication | 2017-01-23 03:00:00 (vue: 2017-01-23 03:00:00) |
| Titre | REVIEW: Home security cameras fall short on security |
| Texte | How secure are IP-based “security cameras� Based on our review of seven home security cameras, the answer is: Not very. While these devices may get high marks for features and ease of use, security is another story. Our tests turned up results like these: One camera allows plaintext logins as the root user, with no password. That's horrifying in this day and age. The same camera uses an outdated version of SSL that allows data leakage. A firmware update fixes both issues, but the upgrade is optional and many users skip it. Another camera leaks its private API structure in plaintext even though it uses TLS to encrypt traffic. This potentially allows attackers to change video streams and possibly other device parameters. Yet another camera can run a hacked firmware image that disables some services and enables others. Two more cameras present SSL certificates that not only claim to be a different host, but also come from a certificate authority with a record of issuing bogus credentials. It's not all bad news. One camera, the CAN100USWT from Canary Connect, stood head and shoulders over the field in baking security into its product design. The Canary camera runs no services onboard, removing a whole class of attacks in which intruders try connecting to the device. And users cannot disable its automatic firmware upgrades, something we'd like to see in every device.To read this article in full or to leave a comment, please click here |
| Envoyé | Oui |
| Condensat | age all allows also another answer api are article attackers attacks authority automatic bad baking based bogus both but camera cameras cameras†can can100uswt canary cannot certificate certificates change claim class click come comment connect connecting credentials data day design device devices different disable disables ease enables encrypt even every fall features field firmware fixes from full get hacked head here high home horrifying host how image intruders is: issues issuing its leakage leaks leave like logins many marks may more news not onboard one only optional other others outdated over parameters password plaintext please possibly potentially present private product read record removing results review review: root run runs same secure security see services seven short shoulders skip some something ssl stood story streams structure tests that these these: though tls traffic try turned two update upgrade upgrades use user users uses version very video which whole yet “security |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.