EZVIZ smart home cameras’ security risks revealed

Bitdefender has identified multiple vulnerabilities in EZVIZ smart home cameras used in Australia and New Zealand, which could potentially allow attackers to execute malicious actions like controlling cameras, downloading images, and accessing people’s video feeds.

Bitdefender IoT security director Dan Berte flagged the open connectivity of the devices, which can be accessed from anywhere the user has an internet connection, with user-device communication relayed via cloud servers.

Multiple vulnerabilities in several lines of EZVIZ cameras, a global smart home security brand used in Australia and New Zealand, were identified. Bitdefender has estimated about 10 million devices are impacted based on known Android/iOS installs.

Bitdefender researchers have discovered vulnerabilities could allow an attacker to remotely control the camera, download images, decrypt them and bypass authentication to execute code remotely when daisy chained.

============

Key Findings:

A stack-based buffer overflow vulnerability has been identified which can lead to remote code execution in the motion detection routine.
An insecure direct object reference vulnerability in multiple API endpoints allows an attacker to fetch images and issue commands on behalf of the real owner of the camera.
Storing passwords in a recoverable format vulnerability (in [3}/api/device/query/encryptkey) allows an attacker to recover the encryption key for images.
Improper initialisation vulnerability lets an attacker recover the administrator password and completely own the device.

The analysis uncovered several vulnerabilities in the EZVIZ smart devices and their API endpoints that could allow an attacker to carry out a variety of malicious actions, according to Berte, including remote code execution and access to video feed.

“One of the main features of these devices is the ability to be accessed from anywhere the user has an internet connection.

“To accomplish this, user-device communication is relayed through servers in the cloud.”

Bitdefender recommends anyone who owns an EZVIZ camera to apply the patches, update their software immediately, and keep a lookout on the manufacturer’s website for any EZVIZ camera security-related news.