back to article Flaw in Google's Dropcam sees it turned into SPYCAM

Hackers could inject fake video into popular home surveillance kit Dropcam and use the system to attack networks, researchers Patrick Wardle and Colby Moore say. The wide-ranging attacks were tempered by the need for attackers to have physical access to the devices but the exploits offer the chance to inject video frames into …

  1. jake Silver badge

    Dropcam is MARKETED as a spycam.

    See the "NBC" ("Nothing But Calculus") television commercial, as an example.

    Yet another example of the gootard's fuckwittery ...

  2. Christian Berger

    The spy is inside the device

    It runs probably closed source code from a company known to store and process every bit of information they get. Even if said company is not evil, they are under US, and possibly even UK legislation forcing to hand over every bit of information they have.

    1. Anonymous Coward
      Anonymous Coward

      @Christian Berger

      "they are under US, and possibly even UK legislation forcing to hand over every bit of information they have"

      What legislation would that be?

      1. jake Silver badge

        @AC "in the last few minutes" (whatever that means, ElReg) Was: Re: @Christian Berger

        See: United Kingdom – United States of America Agreement

        HTH, HAND.

      2. phil dude
        WTF?

        Re: @Christian Berger

        it doesn't need to be written down, just a firm hand shake will do...

        P.

  3. Swarthy

    Stating the Obvious

    "If someone has physical access, it's pretty much game over,"

    -Maxim of Computer Security since Time Immemorial (the 1960's)

  4. Anonymous Coward
    Big Brother

    Flaw in Google's Dropcam?

    I am given to understand BusyBox comes as a single binary, it would be interesting to see how a persistant exploit was achieved. But then again with physical access, it's game over as far as security is concerned. Unless, as I've seen elsewhere, you erase all the chip makings and encase the device in epoxy resin.

    --

    ref: 'Synack, the Menlo Park, Calif.-based company started by former NSA agents Jay Kaplan and Mark Kuhr, announced this morning'

    1. jake Silver badge

      Re: Flaw in Google's Dropcam?

      BusyBox source code is freely available, from BusyBox. See:

      http://www.busybox.net/downloads/

      THAT said, if you want to see how a persistent exploit can exist, see:

      http://cm.bell-labs.com/who/ken/trust.html

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like