VMB3010 – SECURITY CAMERA FIRM ARLO ZAPS HIGH-SEVERITY VULNERABILITIES
Researchers have discovered some severe safety vulnerabilities in Arlo Wi-Fi safety cameras. These vulnerabilities may enable a possible attacker to take management of the cameras, thus threatening a victims dwelling safety. Severe vulnerability in Arlo technologies’ equipment allow a local attacker to take control of Arlo wireless home video security cameras VMB3010.
Two high-severity vulnerabilities in Arlo Technologies’ wireless has allow Arlo camera hack for home security camera to gear up. The flaws, which indirectly impact Arlo’s popular fleet of wireless home security cameras, are limited to adversaries with local network and physical access to Arlo Base Stations.
Both vulnerabilities were publicly disclosed Monday by Arlo Technologies and Tenable, the security firm that found the bugs. Impacted are Arlo Base Station models VMB3010, VMB4000, VMB3500, VMB4500 and VMB5000. The bugs could ultimately lead to an adversary taking complete control of affected base station models and eventually any connected cameras.
One of the vulnerabilities (CVE-2019-3949) is described as an insufficient universal asynchronous receiver-transmitter (UART) protection mechanisms bug. Simply put, UART is a type of digital communications between two devices found on integrated circuits or a component.
Well, according to an Arlo security advisory, if someone has physical access to an Arlo base station, they can connect to the UART port using a serial connection. After making the connection, an attacker can gain access to sensitive information.
According to Jimi Sebree, senior research engineer at Tenable and the researcher who found the bugs, access via the UART port is tied to default credentials. And the Security Advisory for Networking Misconfiguration and Insufficient UART Protection Mechanisms stated Arlo camera hack can work in the favor for VMB3010.
The senior research engineer even wrote further, “with physical access, connecting to the serial port is relatively trivial as it immediately drops the user to a login prompt. While the UART credentials (username and password) are encrypted in the nvram entries, the encryption key is hardcoded on the device via the PASS_ENC (GEARNET) environment variable (which is cleared after the initial boot and nvram encryption)”.
The second flaw mentioned in Arlo hacks record (CVE-2019-3950) is a networking misconfiguration bug in the Arlo Base Station that allows an attacker to control a user’s Arlo camera. The prerequisite for the attack is being connected to the same network as the base station. Arlo describes that, “Arlo base stations have two networking interfaces: one for the internal camera network and one for connection to an external LAN, such as a home network. If an attacker is connected to the same LAN as an Arlo base station, they can access the interface used for the internal camera network,”
After the Arlo camera hack, Jimi Sebree said part of the problem is that the Arlo base station is based on a Netgear consumer routing device that was recycled into the Arlo Base Station without proper review. He also added that, specifying the router as your gateway (or simply add the appropriate route to your host machine) and boom, it forwards traffic between interfaces. In particular, the default http listener deployed by the station model VMB3010 that contains a passthru api endpoint that allows the arbitrary download or upload of files on the device.
Jimi Sebree wrote in a separate breakdown of the bugs on Medium revised by Arlo camera hack, this passthru api endpoint could allow an attacker to completely take over the device since it allows the arbitrary upload and download of files on the system.
Arlo said that the updates of Arlo camera hack have been sent to impacted base stations and that ‘firmware updates are sent to your devices automatically. You do not need to manually update your firmware’.
VMB3010 – ARLO WIFI DEFAULT PASSWORD SECURITY VULNERABILITY
Arlo is aware of an Arlo Wi-Fi default password vulnerability that uses an easily identifiable code that can allow hackers to log in to an Arlo camera or base station and capture traffic and images. The vulnerability can occur in the following circumstances:
- When a user first connects an Arlo base station or an Arlo Q or Arlo Q Plus camera to the Internet and the base station or camera is using an easily identifiable default password.
- When a user performs a factory reset, causing the base station to generate an easily identifiable default password.
- When a user removes the base station from their account using any of the Arlo user interfaces, causing the base station to reset to the easily identifiable factory default password.
This vulnerability affects the following Arlo products and firmware versions:
- Arlo base stations (model numbers VMS3xx0, VMK3xx0, and VMB30x0) running firmware version 1.7.5_ 6178 or older
- Arlo Q cameras (model number VMC3040) running firmware version 1.8.0_5551 or older
- Arlo Q Plus cameras (model number VMC3040s) running firmware version 1.8.1_6094 or older
And for more updates and similar blogs, you are free to contact the experts at Securityx.