Malicious cyber actors may assume full control over camera devices produced by the technology company, the ACSC has warned.
The Australian Cyber Security Centre (ACSC) has identified vulnerabilities in particular products developed by internet protocol camera manufacturer Hikvision.
According to the cyber agency, some Hikvision users may be susceptible to hacks from malicious actors, which may be capable of assuming full control of the vulnerable device.
Once assuming control, cyber actors may gain access to device functionality or target other devices on the same network in a bid to steal information or install malware.
Cyber criminals can reportedly exploit the devices by hacking web server exposed by the Hikvision device via the internet or a local WiFi network.
“It is common that these products are exposed to the internet to allow for remote monitoring or administration,” ACSC noted.
Hikvision has provided a list of affected products, which include the following models:
The ACSC noted that it is possible that other device manufacturers may leverage Hikvision hardware and firmware, and encouraged users to monitor individual vendors for relevant security advisories.
The agency has urged Australian owners of Hikvision products to consult the company’s security advisory and potentially apply firmware updates.
“As part of cyber security best practice Australian owners should, if possible, prevent such devices from being accessed from anywhere on the internet,” the ACSC concluded.