Samsung’s SmartCam has fit into users’ DIY surveillance setups for years thanks to its smartphone control and local (non-cloud) storage. But at last August’s DEFCON 22 security conference, members of the hacking blog Exploiteers listed exploits for the networked camera that allowed remote camera execution and let them change the administrator’s password. Rather than fix it, Samsung ripped out the accessible web interface and forced users to run their SmartCams through the device giant’s SmartCloud website. So, like good little hackers, Exploiteers broke into the camera again with a different exploit.
Samsung had patched the original vulnerabilities but left one set of scripts untouched: The php files which provide firmware updates via the camera’s “iWatch” webcam monitoring service. Those scripts have a command injection bug allowing a user without admin privileges to allow root remote command execution. Exploiteers helpfully provided a technical writeup explaining how to do it, fix the vulnerability and even re-enable the web interface.