Swann Managing Security Camera Drama
Australian based security Company Swann claims that problems associated with their Smart Security Camera have been fixed after claims that a simple tweak of the third-party software allowed other cameras to be easily highjacked and people spyed on.
The flaw meant it was possible to hijack video and audio streamed from other people’s properties by making a minor tweak to the Swann Security’s app which ChannelNews understands was delivered by OzVision an Israeli Company.
Swann said that the vulnerability had been limited to one model – the SWWHD-Intcam, also known as the Swann Smart Security Camera – which first went on sale in October 2017. In Australia this camera is being sold by JB Hi Fi, Harvey Norman and The Good Guys as well as other retailers.
OzVision claims that their platform is currently connected to over 3 million camera channels with several other brands set to face the same problem as Swann.
OzVision claims that they are a video and IoT data management, analytics and storage company,
They offer a cloud-based solution that enables real-time transmission of high-quality video with zero latency.
Oz Vision’s cloud platform ingests data streams (including video, audio, sensors, meta data and log-files) from millions of data sensors, such as cameras, DVRs/ NVRs, set-top boxes, smart thermostats, smart plugs, connected doorbells, and routers.
The cloud platform provides live streaming, device management, data indexing and storage, and a foundation for analysis for a variety of business and residential purposes (such as facial recognition, anomaly detection or motion tracking). The services are offered through partner applications running over the OzVision data store.
We are real – OzVision platform is connected to over 3M camera channels.
One Swann customer in the UK said “It’s a gross breach of privacy” adding that he owned five of the affected cameras.
“I’ve got a four-year-old and it sends a shiver down my spine to think somebody could have been watching my family.
“It’s quite a scary thought.”
According to the BBC five Europe-based security consultants teamed up to investigate Swann’s cameras after the June report: Ken Munro, Andrew Tierney, Vangelis Stykas, Alan Woodward and Scott Helme.
They discovered a new vulnerability – that free software tools commonly used within the cyber-security industry could be used to intercept messages sent from Oz Vision’s computer servers to the Safe by Swann app.
The intercepted messages included a reference to a unique serial number given to each camera in the factory.
By altering the serial number, the researchers were able to obtain video feeds from other cameras – something they tested by typing in numbers belonging to other cameras that they had bought.
At no point were they required to type in the other accounts’ usernames and passwords.
They also found a way to identify the serial numbers Swann’s cameras were using, which theoretically gave the researchers the ability to view any active account and flick between them at speed.
However, they did not view these feeds as this would have been a breach of the Computer Misuse Act.
Instead, they reported their findings to Swann, which confirmed the problem.
“Swann was able to detect the subsystem Ken Munro and his team were attempting to hack and promptly addressed the vulnerability,” said a spokeswoman for the company.
“This vulnerability did not apply to any other Swann products. We have not detected any other such attempts.”