14 DAY TRIAL // A new vulnerability was discovered in Samsung Smartcam, allowing attackers to gain root access to the device and run commands remotely.
Samsung Smartcam is essentially an IP cam that allows you to connect with Samsung’s own services and view live video or recorded events from any location. It offers seamless baby or pet monitoring, business and home security with super easy configuration and real-time notifications.
But one of the problems with Smartcam is its questionable security, as vulnerabilities in its software have already been discovered several times in the past. And a new one is making the rounds these days.
exploitee.rs revealed a vulnerability that can allow an attacker to gain root access to the device, using a web server that Samsung has reportedly left behind after trying to deal with previous vulnerabilities.
Local server vulnerability
Specifically, the company tried to repair security flaws in the device by removing the local web interface and forcing users to access the SmartCloud website, but at the same time, the firm also left the local server running.
And as it turns out, a vulnerability makes it possible for an attacker to connect to this web interface by pushing a custom firmware file.
“The iWatch Install.php vulnerability can be exploited by crafting a special filename which is then stored within a tar command passed to a php system() call. Because the web-server runs as root, the filename is user supplied, and the input is used without sanitization, we are able to inject our own commands within to achieve root remote command execution,” the security experts write.
Samsung hasn’t yet issued a patch for this new vulnerability, but it goes without saying that a new firmware should be delivered as soon as possible.
In the meantime, you can find additional information, including a proof of concept plus a workaround to patch the vulnerability without an official fix on exploitee’s Smartcam wiki page detailing the flaw.
