Yi Technology Home Cameras Exploitable Using Multiple Vulnerabilities

Multiple vulnerabilities were found in Yi Home Camera's firmware allowing potential attackers to execute code remotely via command injection, to bypass authentication, or to completely disable the device.

As detailed in Cisco Talos's advisory, all vulnerabilities have been patched in the latest firmware released by Yi Technology, but unpatched 27US version devices can still be exploited locally and remotely.

Although being the most basic model of the lineup, the Yi Home Camera comes with a full spectrum of capabilities one could also find in high-end surveillance devices, from remote camera feed viewing and offline storage to easy setup and subscription-based cloud storage.

Attackers who would successfully exploit the vulnerabilities found to affect the firmware of the Yi 27US Home Camera could view live video feeds, delete recordings or disable the device, as well attack the smartphone app used to control the camera, or, even worse, use the compromised camera to ... (read more)

No comments:

Post a Comment