Complete Story
 

07/13/2020

Vulnerability Found in Kasa Camera

Info Security

A hobby farmer on the hunt for a vegetable-eating critter has discovered a flaw in a popular outdoor home security camera. 

Midwesterner Jason Kent purchased a Kasa camera to help identify whatever creature it was that had been eating his cucumber plants. In addition to uncovering the antics of a groundhog, Kent was alarmed to discover an account takeover (ATO)/credential stuffing vulnerability in the security device.

Kent said: “Upon installation I realized the mobile application was connecting directly over the network to the camera, and if I wasn’t on the network, I still could see the images from my camera on the mobile app. As a security professional, this concerned me.”

Read more...

Printer-Friendly Version