Despite more awareness of the risks associated with Chinese surveillance equipment, the news this week that cameras from the world's second-largest manufacturer of such devices can be used to secretly listen in to users still comes as a shock.
Put simply, the newly disclosed backdoor vulnerability means that millions of cameras have been carrying the potential to be used as eavesdropping devices—even when the audio on the camera is disabled.
"Essentially," warned Jacob Baines, the researcher who first disclosed the vulnerability with cameras used by both consumers and enterprises, "if this thing is connected directly to the internet, it’s anyone’s listening device."...
Baines initially shared this latest issue with Dahua OEM Armcrest two months ago, reporting that he could "remotely listen" to a tested camera "over HTTP without authentication." The vulnerability can be seen in action in a video shared by Baines on YouTube. more