Photo by Scott Webb on Unsplash

I'm going to try experimenting with this format of writing.

Who is affected?

According to a research effort conducted by the researcher Paul Marrapese, a security flaw found on millions (2+ million) of Internet of Thinks (IoT) devices involving the software iLnkP2P was discovered. Affected brands include: HiChip, TENVIS, SV3C, VStarcam, Wanscam, NEO Coolcam, Sricam, Eye Sight, and HVCAM. This impacts devices such as webcams, smart doorbells, and baby monitors.

What is the threat?

iLnkP2P allows for users to quickly access their devices remotely from anywhere around the world (Provided that there is internet connection). The issue with this is that users don’t even have to put in a password to access the devices, they only need to download an app and scan a barcode or input an ID labeled on the IoT devices. There is no authentication or encryption involved. This allows potentially anyone to connect to these devices.

Devices with the prefix (First 4 digits) of the following are known to be vulnerable:

https://hacked.camera/

In correlation to the prefix chart, If you are not able to find or detect the UID, the following apps may be vulnerable to this flaw:

HiChip: CamHi, P2PWIFICAM, iMega Cam, WEBVISION, P2PIPCamHi, IPCAM P

VStarcam: Eye4, EyeCloud, VSCAM, PnPCam

Wanscam: E View7

NEO: P2PIPCAM, COOLCAMOP

Sricam: APCamera

Various: P2PCam_HD

How to protect against this flaw?

If you can, it’s suggested that you buy a new device from a different brand to combat this problem. If you can’t, you can block outbound traffic to UDP port 32100. This will prevent devices from being accessed externally.