![]() ![]() Makers of the camera say they are aware of the problem and are working on a fix. All it takes for a potential attacker to infect your phone/PC with malware is to sit there on a bench with a laptop and some python script running ,” Reddit user bmajkii explained. “Imagine that you’re on vacation and strolling through a busy city center while recording some footage via your camera. While some users were dismissive of the vulnerability on the subreddit dedicated to Instax360, others were more concerned. “In fact, I’m pretty sure this could be wormable, using one camera to attack another in a cascading effect,” cmdr_sidhartagautama said.Īnother Reddit post from six days ago claims that the vulnerability still hasn’t been fixed, even though close to eight months have passed since it was first reported. ![]() ![]() The user added that threat actors with basic tools could perform a drive-by attack on the camera, injecting malware into the SD card, which would transfer malware to the user’s computer. Literally, ZERO barrier to entry,” the Reddit user behind the discovery wrote sarcastically.Īccording to cmdr_sidhartagautama, the user could gain root access to the camera over Wi-Fi. “Hassle free content sharing! This is brilliant if you ask me. Investigating further, cmdr_sidhartagautama discovered that following a simple URL with an IP address of the camera holder allowed to access and download camera content straight from the browser. That means that virtually anyone in the vicinity of the camera can connect to it. Due to firmware limitations, users cannot change their password. To make matters worse, eight symbol password consisting of a single number is the same for every device. So, you (or anyone else) can connect to that Wi-Fi network,” the Reddit user wrote. “When you have your camera on, it’s always broadcasting a 5G Wi-Fi signal that is named “ONE X2 XXXXXX.OSC” where the X marks the last characters of your camera’s serial number. Reddit user cmdr_sidhartagautama discovered the vulnerability affecting Insta360 One X2 device in January 2022. A software flaw discovered seven months ago allows anyone to access and download photos users made with Insta360 cameras. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |