Samsung's SmartCam has fit into users' DIY surveillance setups for years thanks to its smartphone control and local (non-cloud) storage. But at last August's DEFCON 22 security conference, members of the hacking blog Exploiteers listed exploits for the networked camera that allowed remote camera execution and let them change the administrator's password. Rather than fix it, Samsung ripped out the accessible web interface and forced users to run their SmartCams through the device giant's SmartCloud website. So, like good little hackers, Exploiteers broke into the camera again with a different exploit.
Samsung had patched the original vulnerabilities but left one set of scripts untouched: The php files which provide firmware updates via the camera's "iWatch" webcam monitoring service. Those scripts have a command injection bug allowing a user without admin privileges to allow root remote command execution. Exploiteers helpfully provided a technical writeup explaining how to do it, fix the vulnerability and even re-enable the web interface.
Update: Samsung shared the following statement in regards to the hack:
It was recently discovered that the Samsung SmartCam SNH-1011 security cameras contain a code execution vulnerability that could allow hackers to gain root access and take full control of them. Upon further inspection, the web server running on this device hosted a PHP script related to a 3rd party service. This vulnerability only affects the SNH-1011 model, and will be removed in an upcoming firmware update.
As a result, we are taking every precaution to prevent additional issues with products in the SmartCam line. As a reminder, it is best practice for consumers to ensure their home networks are protected with passwords that are complex and regularly updated.