Experts warn that hackers can remotely hijack certain Foscam IP surveillance cameras and baby monitors by exploiting a vulnerability in their software.
Posts on the Chinese company’s support forum reveal that the web interfaces of certain cameras can be easily accessed. Normally, a username and a password are required, but users can access the interface simply by pressing the OK button when prompted to enter credentials.
According to Brian Krebs, MJPEG devices running firmware version .54 are impacted. The list includes FI8904W, FI8905W, FI8909W, FI8906W, FI8907W, FI8905E, FI8910E, FI8916W, FI8918W, FI8910W and FI8919W.
Foscam has promised to roll out an update to address the issue by the end of this week. In the meantime, Don Kennedy, one of the members of the Foscam support forum who has been involved in diagnosing and reporting the vulnerability, has published a workaround.