Vulnerability Found in Kasa Camera
A hobby farmer on the hunt for a vegetable-eating critter has discovered a flaw in a popular outdoor home security camera.
Midwesterner Jason Kent purchased a Kasa camera to help identify whatever creature it was that had been eating his cucumber plants. In addition to uncovering the antics of a groundhog, Kent was alarmed to discover an account takeover (ATO)/credential stuffing vulnerability in the security device.
Kent said: “Upon installation I realized the mobile application was connecting directly over the network to the camera, and if I wasn’t on the network, I still could see the images from my camera on the mobile app. As a security professional, this concerned me.”