IoT researchers at cybersecurity firm Bitdefender have identified several vulnerabilities in popular cameras from Wyze, Roku, and Owlet that could allow attackers to fully compromise the devices.
According to a Bitdefender blog post, the vulnerabilities exist in the ThroughTek Kalay platform, a framework used in over 100 million devices worldwide. The platform contains four publicly disclosed vulnerabilities affecting devices from these three companies that, when chained together, could allow unauthorized root access within the local network or remote code execution to completely take over the device.
Regarding the three affected devices, Bitdefender said:
Owlet Cam v1 and v2
Owlet Cam communicates with clients over the internet using the ThroughTek Kalay solution. Chaining together three vulnerabilities (CVE-2023-6323, CVE-2023-6324, CVE-2023-6321) could allow an attacker to gain root access from the local network and execute commands on the device. In Owlet Cam, command execution is achieved via CVE-2023-6321, a vulnerability in the IOCTL message 0x6008E used to unpack archives containing OTA updates.
WiseCam v3
Bitdefender researchers identified three vulnerabilities in the Wyze Cam v3, which they track as CVE-2023-6322, CVE-2023-6323, and CVE-2023-6324. Chaining these vulnerabilities together allows an attacker to gain root access from the local network. In this case, command execution on the Wyze Cam v3 is gained via CVE-2023-6322, a stack-based buffer overflow vulnerability in the handler for IOCTL message 0x284C, which is used to set motion detection zones.
Roku Indoor Camera SE
The vulnerability in the Roku Indoor Camera SE is identical to that in the Wyze Cam v3 (and potentially other security cameras), with Bitdefender researchers chaining CVE-2023-6322, CVE-2023-6323, and CVE-2023-6324 together to obtain the prerequisites necessary to communicate with the camera and execute OS commands as the root user.
According to Bitdefender, the impact of these IoT security bugs goes far beyond the realm of theoretical vulnerabilities and directly impacts users' privacy and safety.
The company has notified affected companies of its findings and has released updated firmware and SDK versions for these devices.
If you enjoyed this article and would like to receive more valuable industry content like this, click here to sign up for our digital newsletter.
