Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Wireless Cameras and Webcams: Are You Being Watched?

Trustwave SpiderLabs recently disclosed vulnerabilities in several models of Y-Cam brand wireless cameras. The most severe of these could allow anyone to access an internet connected camera. Although these vulnerabilities affect only some discontinued Y-cam models, these models were widely sold and inventory is still being sold to consumers.

Over the past several months there has been a growing trend of web camera hacking. Just last week law enforcement agencies arrested nearly 100 people internationally for the illegal use of the Blackshades remote administration tool (RAT). Although it is a typical malicious RAT, Blackshades is popular for being able to control a victim's webcam. A 20-year-old computer science student was sentenced to a year and a half in prison for using Blackshades to spy on and attempt to extort a former Miss Teen USA.

This is hardly the first time webcams have been used to spy on people. Last month an attacker gained access to a family's Foscam brand baby monitor. This individual was able to monitor the baby's nursery and, in this case, scream at their sleeping child.

A vulnerability in multiple Foscam camera models allowed anyone to access the camera even without a proper username and password. Foscam released firmware updates to patch the vulnerability but, unfortunately, your average consumer doesn't even patch their laptop, let alone their wireless camera or baby monitor. To make matters worse, webcams are easily searched for using tools like Shodan. Even Google archives webcams and so-called "Google Dork" search parameters can be used to identify webcams.

11952_d1a047f0-6563-48c7-89cc-253f4600583a

In the case of Y-Cam, Trustwave SpiderLabs discovered a vulnerability that allows for administrative authentication bypass. This bypass allows for the viewing of restricted pages on the device, including pages which display information such as administrative username(s) and password(s), internal IP addresses, MAC address of the device, SSID names, encryption keys, recorded video, ftp server IP's, and more in cleartext.*

The following Y-cam models are affected by this vulnerability:

SD range models – YCB003, YCK003, YCW003
S range models – YCB004, YCK004, YCW004
EyeBall - YCEB03
Bullet VGA models – YCBL03, YCBLB3
Bullet HD 720 – YCBLHD5
Y-cam Classic Range – YCB002, YCK002, YCW003
Y-cam Original Range – YCB001, YCW001

More current Y-cam models like the Y-cam Cube, BabyPing Wi-Fi Baby Monitor or Y-cam HomeMonitor are not affected. Affected users are recommended to install a firmware fix as soon as possible. A fix is available directly from Y-cam: http://www.y-cam.com/y-cam-security-fix/

Even cameras without known vulnerabilities are often opened up to the internet without adequate protection. Controls like default passwords are left in place and SSL is often not enabled.

For laptop webcams, users will want to take standard precautions to avoid malware. Keep your antivirus up to date. Avoid clicking on strange links or opening unexpected email attachments. For the paranoid out there, a simple folded post-it note will block the camera from seeing anything when not in use while not leaving a residue on the lens.

9826_6deb8acd-9fbf-4bc3-bc4f-ad7158b9d77b

Consumers that have wireless security cameras or baby monitors should take extra steps to ensure the security of those devices. Make sure that the passwords on these devices are changed from the default. Set up your wireless network with WPA2 and make sure access to the camera is encrypted with HTTPS. Users should also learn what the update process is for their camera and set a calendar alert every two to three months to check for updates. If the camera allows for automatic updates, make sure this option is enabled.

In the end, no one likes the idea of being spied on without their knowledge. Users of wireless cameras and webcams should understand that these devices, like any computer, could be vulnerable if not locked down.

*At the request of a Y-cam representative, we have updated this paragraph and changed the description of the vulnerability to match the original advisory.

Latest SpiderLabs Blogs

Hunting For Integer Overflows In Web Servers

Allow me to set the scene and start proceedings off with a definition of an integer overflow, according to Wikipedia:

Read More

Welcome to Adventures in Cybersecurity: The Defender Series

I’m happy to say I’m done chasing Microsoft certifications (AZ104/AZ500/SC100), and as a result, I’ve had the time to put some effort into a blog series that hopefully will entertain and inform you...

Read More

Trustwave SpiderLabs: Insights and Solutions to Defend Educational Institutions Against Cyber Threats

Security teams responsible for defending educational institutions at higher education and primary school levels often find themselves facing harsh lessons from threat actors who exploit the numerous...

Read More