Thousands of Adorcam users, applications used to control webcam models, their personal information exposed one after another The database Elitixearch, which belongs to the company.
Who discovered the vulnerability was Justin Penn, a security researcher who immediately warned AdorCam about the problem. To resolve this, the company denied the database.
Nevertheless, the expert shared that while he was weak, Cyber criminal Can access approximately 120 million data lines connected to thousands of users.
The information contained details about the webcam, such as the location, whether the microphone was active, and the network name Wifi The camera was connected – in addition, data about the device owner, such as an e-mail address, was available.
Evidence shows that the camera was also sending pictures captured by the webcam A cloud Application. However, Paine was unable to verify this discovery, as the links to the files were exhausted.
Finally, the expert says that he found the credentials encoded in the database for the application’s MQTT server, a messaging protocol often used on Internet-connected devices. Internet.
Despite the discovery, Pine did not test the credibility. This is because according to the law Us, This practice would be illegal. Even the company was informed about this.
Most interestingly, Pine found that the database was being updated live. To confirm this, he created an account on the company’s services and looked for information. After getting them further.
Although the sensitivity of the data was limited, Pine warned that a hacker could take advantage of the blame for creating an email campaign for it Phishing Definitely to get personal information. The company has not yet commented on what happened.