Home > Cyber News > iWatch Install.php Flaw in Samsung Smartcam Allows Root Access
CYBER NEWS

iWatch Install.php Flaw in Samsung Smartcam Allows Root Access

by   |  Last Update:  |  0 Comments  

Another day, another vulnerability! This time the culprit is Samsung Smartcam. The flaw, dubbed iWatch Install.php vulnerability, could allow attackers to gain root access to the device and control it remotely.

The iWatch Install.php Samsung Smartcam Vulnerability Explained

What is Samsung Smartcam? It’s an IP cam that allows the user to connect Samsung’s services and view live or recorded video from various locations. The cam also includes seamless baby or pet monitoring, business and home security and real-time notifications. The cam is user-friendly and easy to configure and use.

However, a problem has been discovered and it is regarding the security of the device. Vulnerabilities have been discovered several times in the past, and it appears that a new one should be added to the list.

According to exploitee.rs, the vulnerability allows gain root access, through a web server that has been previously reported vulnerable. Samsung has attempted to fix the flaws by removing the local web interface and making users access the SmartCloud website. In the meantime the local server was still running. Researchers have discovered that the flaw enables attackers to connect to the web interface as it follows:

The iWatch Install.php vulnerability can be exploited by crafting a special filename which is then stored within a tar command passed to a php system() call. Because the web-server runs as root, the filename is user supplied, and the input is used without sanitization, we are able to inject our own commands within to achieve root remote command execution.

Unfortunately, the vulnerability hasn’t been fixed yet.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Remove Wowmovies.cam Browser Redirect Wowmovies.cam redirect is in your browsers? Wowmovies.cam is a suspicious...
  2. CVE-2019-5736 Linux Flaw in runC Allows Unauthorized Root Access CVE-2019-5736 is yet another Linux vulnerability discovered in the core...
  3. The Best Smartphone for Oct 2014 The review for the best smartphone for October 2014 will...
  4. Vexvideo.cam Pop-up Ads Removal Guide [Solved] What Is Vexvideo.cam? Vexvideo.cam is an intrusive browser hijacker that...
  5. The Most Secure Smartwatches List This is a comprehensive Top 10 list that summarizes the...
  6. Cosmovideo.cam Pop-up Ads – Virus Removal Guide [Solved] What Is Cosmovideo.cam? Cosmovideo.cam is a browser hijacker that can...
  7. Which Are The Best Gaming Smartphones in 2018 PRICE PRICE/VALUE RATING OS LED HDR CPU RAM & STORAGE...
  8. SVE-2019-15435 Critical Bug: 40 Million Samsung Users at Risk SVE-2019-15435 is one of 21 vulnerabilities in Samsung devices which...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree