14 DAY TRIAL // Multiple vulnerabilities were found in Yi Home Camera's firmware allowing potential attackers to execute code remotely via command injection, to bypass authentication, or to completely disable the device.
As detailed in Cisco Talos's advisory, all vulnerabilities have been patched in the latest firmware released by Yi Technology, but unpatched 27US version devices can still be exploited locally and remotely.
Although being the most basic model of the lineup, the Yi Home Camera comes with a full spectrum of capabilities one could also find in high-end surveillance devices, from remote camera feed viewing and offline storage to easy setup and subscription-based cloud storage.
Attackers who would successfully exploit the vulnerabilities found to affect the firmware of the Yi 27US Home Camera could view live video feeds, delete recordings or disable the device, as well attack the smartphone app used to control the camera, or, even worse, use the compromised camera to attack other devices on the network.
The Cisco Talos researchers discovered that while some of the vulnerabilities required attackers to have local access to the Yi Home Camera, the other ones would be exploitable remotely which makes updating the camera's firmware an urgent task to avoid having their devices hacked.
Five of the vulnerabilities found by Cisco Talos in the Yi Home Camera are exploitable remotely
Moreover, all these security issues stream from an information disclosure vulnerability which "exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D."
This firmware bug could allow a potential attacker to sniff the camera's network traffic while it communicates with the Yi Home phone app and trigger this vulnerability.
Moreover, "any communications between any two devices mentioned in this advisory are potentially vulnerable to a MITM attack, whether it be replaying or modification of traffic, or a similar attack."
The security issues found in Yi Home Camera's firmware by Cisco Talos range from code execution, firmware downgrade, and denial of service to data transmission and authentication bypass.
A detailed listing of all exploitable vulnerabilities found in the 27US version of the Yi Home Camera is available on Cisco Talos' "Vulnerability Spotlight: Multiple Vulnerabilities in Yi Technology Home Camera" disclosure post.