Swann security cameras found vulnerable to creepy spying hack

30 Jul 2018

Swann smart security camera. Image: Swann

A Swann security camera was found to have a major security loophole, allowing people to view feeds from other cameras.

Last week, US president Donald Trump was once again up in arms about a perceived vendetta Twitter holds against prominent Republicans on its website. He accused the platform of shadow-banning Conservative figureheads, but Twitter said it doesn’t implement the practice.

Meanwhile, taking back the smart city was on the agenda for the EU-wide Decode project, which released a report detailing the ways a number of pilot cities are giving people more control over their data while still benefiting their environments.

Over at Google, physical security keys are being credited for reducing instances of phishing.

Also, at-home DNA testing kits are becoming increasingly popular and a recent partnership between 23andMe and GlaxoSmithKline has drawn a lot of attention. The two companies will use the data of 23andMe customers to design new medicines but some privacy experts are concerned about what this means for the security of the genetic information.

Swann snafu leaves users vulnerable to snoopers

Swann security cameras are designed to keep homes and businesses safe, but a team of researchers recently found that anyone could access any user’s device if they put in a little effort.

The SWWHD-Intcam, also known as the Swann Smart Security Camera, was the model affected.

Researchers at Pen Test Partners said it was simple to trick the Swann app into streaming footage from another camera. They added: “We successfully switched video feeds from one camera to another through the cloud service, proving arbitrary access to anyone’s camera.”

Each Swann device uses a hard-coded serial number to communicate with its cloud service, provided by New York firm OzVision. Researchers simply replaced a serial number with another using proxy software to model network traffic. Thankfully, Swann fixed the problem within a week of private disclosure. OzVision is working on resolving the errors on its end.

Blockchain ‘assassination market’ revealed

Non-profit Forecast Foundation recently launched its Augur protocol on the Ethereum network to create the first blockchain-based betting platform. Now, it has been revealed that it is already hosting bets on whether certain public figures will die, with a cryptocurrency prize fund going to the winner. Public figures featured include Warren Buffett, Donald Trump and Jeff Bezos.

Known as ‘assassination markets’, they could potentially incentivise bet-makers to make their predictions come true by taking matters into their own hands.

Augur was created as a protocol for prediction markets, which are based on the notion that getting a crowd opinion is more accurate than sourcing input from a single person. The assassination of a public figure due to Augur is at this point unlikely. There are still relatively few people involved, so the incentive is not quite there yet.

Amazon passes the regulation baton to government

The accuracy of facial recognition is something that has been under the microscope for some time now. Microsoft recently vocalised the need for government regulation and, following an ACLU investigation into its own proprietary technology, Amazon seems to share the opinion.

The investigation found that the Rekognition service mistakenly matched 28 members of US Congress with criminal mugshots, a test that Amazon said was not entirely fair. The ACLU fired back: “At no time has Amazon taken any responsibility for the very grave impact that their face surveillance product has on real people.”

CNet spotted a notable message in a recent blogpost from the company that shows it may want outside regulation. “It is a very reasonable idea, however, for the government to weigh in and specify what temperature (or confidence levels) it wants law enforcement agencies to meet to assist in their public safety work.”

Shipping industry shaken by ransomware attack

COSCO (China Ocean Shipping Company) is one of the largest shipping firms in the world, so the news that its US network fell victim to a ransomware attack will make some people nervous. The company initially described it as a “network breakdown”, which was upgraded later to “network security problem”.

While not as serious as the effects felt by shipping giant Maersk following NotPetya, companies will still be concerned about the potential chaos one opened phishing email could cause.

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects