Hello and welcome to the Tuesday, May 23rd, 2023 edition of the Sansonet Storm Sturt, Stormcast.

My name is Johannes Ulrich, and I am recording from Jacksonville, Florida.

Well, this morning I looked at our web honey pod logs and the one URL that I sort of spotted there looked kind of new and different.

Wireless underscore MFT was the name of the exploited script there.

So looked into it appears to be a relatively recent found vulnerability in Abis cameras.

You may be familiar with the brand name Abis from their locks, their reasonable, respected

padlock company.

And well, I didn't even know that they made security cameras.

Apparently, they actually don't really make them.

Digging into the vulnerability showed that this vulnerability is actually about, well,

not quite, but let's say 10 years old.

2015 is when core security first released vulnerability in air life cameras.

Same URL, same command injection of vulnerability,

and that vulnerability kept coming back later in a couple of other cameras. What this really

shows us is that these cameras are made, of course, by fairly generic companies. They're then resold under

different brands and these resellers really either don't bother or really don't have the

expertise in order to figure out that they are vulnerable to all of these different issues

that have been discovered years and years

ago because they all share fundamentally the same software. Another thing to take from this is

if you are owning any kind of IoT device and these cameras are really just sort of one of the

popular examples of these IOT devices.

And you do see a vulnerability being published in a device that's somewhat functionally similar

...