Smart-doorbells and cameras made by Merkury Innovations suffer from vulnerabilities that could enable attackers to manipulate the devices, including downloading and deleting files. Researchers from the Florida Institute of Technology (FIT) found that most of the flaws stem from the use of default passwords on the devices.
More from FIT:
- In one model, the FIT researchers found a backdoor that could enable an attacker to access the device without being detected.
- These devices are sold by Walmart, Amazon, and other retailers.
- The researchers were able to identify the bugs by reading the firmware from the devices, analyzing it in the ReFirm Labs Centrifuge Platform, and reverse-engineering the code in Binary Ninja.
- The researchers informed Merjury about the flaws in November, but so far the vendor has not patched them.