Thursday, March 4, 2021

A webcam app left thousands of user accounts exposed online – TechCrunch

Must Read

SpaceX launches 60 new Starlink satellites, while Starship moves closer to being able to launch up to 400 at a time – TechCrunch

SpaceX has launched another batch of its Starlink satellites – the usual complement of 60 of the low Earth...

Schumacher spent week in quarantine for Haas F1 seat fit

Due to coronavirus restrictions imposed by the British government, all arrivals from Switzerland, where Schumacher lives, have...

Apple’s App Store is now also under antitrust scrutiny in the UK – TechCrunch

Apple is facing another antitrust investigation in Europe into how it operates the iOS App Store. The UK’s Competition...


A webcam app installed by thousands of users left an exposed database packed with user data on the internet without a password.

The Elasticsearch database belonged to Adorcam, an app for viewing and controlling several webcam models including Zeeporte and Umino cameras. Security researcher Justin Paine discovered the data exposure and contacted Adorcam, which secured the database.

Paine said in a blog post shared with TechCrunch that the database contained about 124 million rows of data for the several thousand users, and included live details about the webcam — such as its location, whether the microphone was active and name of the WiFi network that the camera is connected to — and information about the webcam owner, such as email addresses.

Paine also found evidence of the camera uploading captured stills from the webcam to the app’s cloud, though he could not verify since the links had expired.

He also found hardcoded credentials in the database for the app’s MQTT server, a lightweight messaging protocol often used in internet-connected devices. Paine did not test the credentials (as doing so would be unlawful in the U.S.), but also alerted the app maker to the vulnerability, who then changed the password.

Paine verified that the database was updating live by signing up with a new account and searching for his information in the database. Although the data was limited in sensitivity, Paine warned that a malicious hacker could craft convincing phishing emails, or use the information for extortion.

Adorcam did not return our emails with questions — including if the company planned to inform users of the incident.



Source link

- Advertisement -

Leave a reply

Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

SpaceX launches 60 new Starlink satellites, while Starship moves closer to being able to launch up to 400 at a time – TechCrunch

SpaceX has launched another batch of its Starlink satellites – the usual complement of 60 of the low Earth...
- Advertisement -

More Articles Like This

- Advertisement -