Skip navigation

Duo Security is now a part of Cisco

Join us at the Cisco Partner Summit, Nov 13-15th in Las Vegas

IZON IP Camera: Hardcoded Passwords and Unencrypted Data Abound

With an ever increasing list of Internet and WiFi enabled devices, it shouldn't be shocking to find out that some of them have serious security flaws. With recent action by the FTC against TRENDnet, the government and public are watching more closely than ever with regard to the security of devices that form this concept of "The Internet of Everything".

The Security Ledger published an article about security research that I had performed against an IP-enabled camera called the IZON. I had installed one of these cameras in my home some time ago, and began to notice concerning traits about it's network presence that took me down a long process of assessing the issues within the camera's security profile while also attempting to open appropriate communication with the manufacturer to resolve these issues. I'll let the Security Ledger article help to explain those nuances further.

Long story short; be wary.

My hope (aside from seeing all of these issues fixed in the IZON) is that developers and security professionals will do a better job at assessing the security of these devices we are so readily plugging into our home and business networks. There's a lot at stake for consumer privacy right now and we will have to weigh the risks against the immense convenience we've been given by vendors.

Below are the slides that I recently presented at both the Triangle InfoSeCon and Rochester Security Summit in the last week. If you're keeping track at home, you'll note that CVE-2013-6236 is attached to the hard-coded password issues for this device (both the Linux and web application credentials).

Mark Stanislav

Mark Stanislav

Director of Security Engineering

Mark Stanislav is the Director of Security Engineering for Duo Security. Stanislav has spoken internationally at over 100 events, including RSA, DEF CON, SOURCE Boston, Codegate, SecTor and THOTCON. His security research and initiatives have been featured by news outlets such as the Wall Street Journal, the Associated Press, CNET, Good Morning America and Forbes. Stanislav is the Author of the book Two-Factor Authentication. Stanislav holds a BS in networking and IT administration and an MS in technology studies focused on information assurance, both from Eastern Michigan University. During his time at EMU, Stanislav built the curriculum for two courses focused on Linux administration and taught as an adjunct lecturer for two years. He holds CISSP, Security+, Linux+, and CCSK certifications.