Axis Communications, the Swedish maker of high end security cameras (up to $1,000 each), announced patches to seven vulnerabilities that affect almost 400 camera models.
Axis is not some cheap Chinese knockoff; these are well respected cameras used in businesses the world over.
The vulnerabilities, discovered by the security firm VDOO, comes with in depth documentation and proof of concept code for all of the kiddie hackers to copy.
The vulnerabilities, used in combination, allow an attacker to take over a camera knowing only it’s IP address and not needing the password.
If the camera has a public IP address and is not meant for public consumption, these flaws would allow a hacker to bypass the security that the owner put in place and look at whatever the camera is pointed at, in real time.
So what do you do?
One more time, this is an example of the Internet of Things at its most challenging.
Most companies do not have a patch regimen for IoT devices.
In fact, most companies don’t even check for firmware updates for IoT devices on a regular basis,
This is like PCs 10 years ago.
So, the first step is to inventory all of your IoT devices and keep the inventory current.
Step 2 is to set up a protocol for checking for firmware updates at least monthly. Since IoT devices could be a dishwasher, TV and refrigerator, you will likely be checking with multiple different manufacturers to find all the patches.
Finally, the last step is to set up a protocol to patch your smart coffee maker and security cameras whenever new firmware is available.
Definitely a pain in the <bleep>, but necessary.