Buying Guides
by Review Geek

Browse All Buying Guides
How-to Geek Best Of Badge Award

Reader Favorites

8 Best Wireless Mechanical Keyboards
5 Best Places to Buy Vinyl Records Online
8 Best Hot Swappable Mechanical Keyboards
Apps to Share Your Location with Family
The 5 Best Trip Planning Apps
The Best Multi-Device Mice and Keyboards for Power Users
7 LEGO Alternatives That Still Work With LEGO Bricks

More from Review Geek

Browse All Buying Guides
Browse All Latest News

Review Geek Editorials

Why Everyone Needs to Stock up on Power Banks
I Switched to a Galaxy S21 and I Hate It
I Tried Carvana: It Was Worse Than The Dealer
Don't Buy an Electric Riding Lawn Mower
Why We Can't Recommend Wyze or eufy Cameras
Don't Buy This Fake 16TB Portable Hard Drive
You Don't Really Ever Own an EV

More from Review Geek

Browse All Reviews
Browse All Buying Guides
How-to Geek Editor Choice Badge Award

Across LifeSavvy Media

FROM LIFESAVVY
BedJet 3 Review: Personalized Bed Climate Control Made Easy
BlendJet 2 Portable Blender Review: Power on the Go
FROM HOW-TO GEEK
Poly Voyager Free 60+ Review: Rise of the Enterprise Earbuds
Jeep Grand Cherokee 4xe Review: Dipping Into Electric
We select and review products independently. When you purchase through our links we may earn a commission. Learn more.
X
Popular Searches
News

Netatmo Patches a Gaping Security Hole in Its Security Camera

Josh Hendrickson
Josh Hendrickson
Editor in Chief

Josh Hendrickson is the Editor in Chief of Review Geek and is responsible for the site's content direction. He has worked in IT for nearly a decade, including four years spent repairing and servicing computers for Microsoft. He’s also a smart home enthusiast who built his own smart mirror with just a frame, some electronics, a Raspberry Pi, and open-source code. Read more...

About Review Geek
@canterrain
| 1 min read
A Netatmo indoor camera next to a set of keys.
Netatmo

One of the best parts about Netatmo indoor cameras is their capability to recognize family and ignore them or strangers in your house and warn you. Unfortunately, the cameras had a vulnerability that allowed an attacker to gain access to your entire network. The good news is, the vulnerability was difficult to exploit. The better news is Netatmo already patched issue.

The point of Netatmo’s cameras is to provide security. That makes it all the worse that a hacker could potentially use one to breach your network. That’s what Bitdefender discovered when it investigated the cameras. As PCMag explains, in a joint venture with Bitdefender, a hacker could potentially take over your camera and run any code they wanted.

With that capability, the bad actor could then do nearly anything they wanted on your network.
As Bitdefender explained:

The Bitdefender IoT Vulnerability Research Team discovered that the device is susceptible to an authenticated file write that leads to command execution (CVE-2019-17101), as well as to a privilege escalation via dirtyc0w—a local privilege escalation bug that exploits a race condition in the implementation of the copy-on-write mechanism in the kernel’s memory-management subsystem.

But, exploiting the vulnerability wouldn’t have been easy. The hacker needed local access to your camera and to know your login credentials. Breaking into your house and stealing your username and password is no small feat, the most plausible scenario seems like someone you know deciding to break into your network.

Bitdefender did point out that the vulnerability could have a legitimate use. With access to your own camera and your credentials, you could use this method to jailbreak your device. But the security site went on to say that jailbreak scenarios are still vulnerabilities that hackers can exploit.

Thankfully Bitdefender practiced responsible disclosure and gave Netatmo 90 days to fix the issue before making the information public. For its part, Netatmo responded responsibly too. It acknowledged the issue within three days of receiving the report, and then turned around and released a patch in less than a month.

As long as security and smart home devices exist, so will vulnerabilities. The important part is how a company responds to vulnerability disclosures, and Netatmo did well in this instance. If you own a Netatmo indoor camera, you don’t need to do anything. The camera company patched every affected.

via PCMag, Bitdefender

Josh Hendrickson Josh Hendrickson
Josh Hendrickson is the Editor in Chief of Review Geek and is responsible for the site's content direction. He has worked in IT for nearly a decade, including four years spent repairing and servicing computers for Microsoft. He’s also a smart home enthusiast who built his own smart mirror with just a frame, some electronics, a Raspberry Pi, and open-source code. Read Full Bio »