Bitdefender has discovered a security vulnerability in IoT connected cameras, that is estimated to affect over 175,000 devices worldwide.
The vulnerability was found in two camera models, the iDoorbell and the NIP-22. Both of the cameras are manufactured by Shenzhen Neo Electronics: a Chinese company that offers surveillance and security solutions in the form of sensors, alarms and IP cameras.
The tested cameras use UPnP to open ports on the router, so they can be accessed from the outside world. A full technical breakdown of the attack is available in the form of a whitepaper here.
The vulnerability serves as yet another demonstration that many IoT devices are trivial to exploit because of improper quality assurance at the firmware level, which in turn could facilitate the creation of malicious botnets.