Chinese company Foscam has warned all its remote controlled CCTV camera users about a flaw which when exploited by hackers can pave the way to cyber espionage. In an email notice sent by Foscam USA, a subsidiary of Foscam Intelligent Technology Co. LTD, the company specified that 12 models of its cameras contain security flaws which allow hackers to launch massive cyber attacks such as Distributed Denial of Service (DDoS).
Last year, the Shenzhen-based company discovered from an alert driven by a security company F-Secure that some of its cameras allow cyber crooks to download stored files on the cameras, download live stream content and even compromise other devices located on the local network.
Reacting to the alert issued by the security company, Foscam immediately issued an email notice to all its users to disconnect the cameras from the internet until a security patch is made available to users. The company did not respond to media reports which claimed that its cameras were responsible for the cyber attack on DYN.
Foscam which operates in more than 60 nations and regions including the United States, Brazil, Canada, France, Britain and Singapore was slapped with a lawsuit recently which said that it was encouraging some Chinese hackers to conduct a civilian spy program which could lead to large-scale cyber espionage against the Unite States in near future.
In the last fall, a cyber attack was triggered by a group of Chinese hackers through Foscam CCTV cameras which led to a partial US Internet blackout. Cyber criminals used Foscam security surveillance cameras to target New Hampshire web hosting company called Dyn. The hack led to a massive network of hijacked devices such as DVRs, cameras, IoT, and routers.
FBI which was pressed into service to carry out a detailed probe concluded that the attack was a test run for a future cyber attack designed to disrupt or shut down internet service in the United States.
Security experts from F-Secure confirm that the flaw in Foscam security cameras allows hackers to stop or freeze the video feed and use the compromised device to launch future attacks such as DDoS.
The Finnish firm also made it official that it has informed Foscam about the flaw in some model of its IP cameras last year. But the company took it lightly and never bothered to issue a fix to the vulnerability.