Home Upload Photo Upload Videos Write a Blog Analytics Messaging Streaming Create Adverts Creators Program
Bebuzee Afghanistan Bebuzee Albania Bebuzee Algeria Bebuzee Andorra Bebuzee Angola Bebuzee Antigua and Barbuda Bebuzee Argentina Bebuzee Armenia Bebuzee Australia Bebuzee Austria Bebuzee Azerbaijan Bebuzee Bahamas Bebuzee Bahrain Bebuzee Bangladesh Bebuzee Barbados Bebuzee Belarus Bebuzee Belgium Bebuzee Belize Bebuzee Benin Bebuzee Bhutan Bebuzee Bolivia Bebuzee Bosnia and Herzegovina Bebuzee Botswana Bebuzee Brazil Bebuzee Brunei Bebuzee Bulgaria Bebuzee Burkina Faso Bebuzee Burundi Bebuzee Cabo Verde Bebuzee Cambodia Bebuzee Cameroon Bebuzee Canada Bebuzee Central African Republic Bebuzee Chad Bebuzee Chile Bebuzee China Bebuzee Colombia Bebuzee Comoros Bebuzee Costa Rica Bebuzee Côte d'Ivoire Bebuzee Croatia Bebuzee Cuba Bebuzee Cyprus Bebuzee Czech Republic Bebuzee Democratic Republic of the Congo Bebuzee Denmark Bebuzee Djibouti Bebuzee Dominica Bebuzee Dominican Republic Bebuzee Ecuador Bebuzee Egypt Bebuzee El Salvador Bebuzee Equatorial Guinea Bebuzee Eritrea Bebuzee Estonia Bebuzee Eswatini Bebuzee Ethiopia Bebuzee Fiji Bebuzee Finland Bebuzee France Bebuzee Gabon Bebuzee Gambia Bebuzee Georgia Bebuzee Germany Bebuzee Ghana Bebuzee Greece Bebuzee Grenada Bebuzee Guatemala Bebuzee Guinea Bebuzee Guinea-Bissau Bebuzee Guyana Bebuzee Haiti Bebuzee Honduras Bebuzee Hong Kong Bebuzee Hungary Bebuzee Iceland Bebuzee India Bebuzee Indonesia Bebuzee Iran Bebuzee Iraq Bebuzee Ireland Bebuzee Israel Bebuzee Italy Bebuzee Jamaica Bebuzee Japan Bebuzee Jordan Bebuzee Kazakhstan Bebuzee Kenya Bebuzee Kiribati Bebuzee Kuwait Bebuzee Kyrgyzstan Bebuzee Laos Bebuzee Latvia Bebuzee Lebanon Bebuzee Lesotho Bebuzee Liberia Bebuzee Libya Bebuzee Liechtenstein Bebuzee Lithuania Bebuzee Luxembourg Bebuzee Madagascar Bebuzee Malawi Bebuzee Malaysia Bebuzee Maldives Bebuzee Mali Bebuzee Malta Bebuzee Marshall Islands Bebuzee Mauritania Bebuzee Mauritius Bebuzee Mexico Bebuzee Micronesia Bebuzee Moldova Bebuzee Monaco Bebuzee Mongolia Bebuzee Montenegro Bebuzee Morocco Bebuzee Mozambique Bebuzee Myanmar Bebuzee Namibia Bebuzee Nauru Bebuzee Nepal Bebuzee Netherlands Bebuzee New Zealand Bebuzee Nicaragua Bebuzee Niger Bebuzee Nigeria Bebuzee North Korea Bebuzee North Macedonia Bebuzee Norway Bebuzee Oman Bebuzee Pakistan Bebuzee Palau Bebuzee Panama Bebuzee Papua New Guinea Bebuzee Paraguay Bebuzee Peru Bebuzee Philippines Bebuzee Poland Bebuzee Portugal Bebuzee Qatar Bebuzee Republic of the Congo Bebuzee Romania Bebuzee Russia Bebuzee Rwanda Bebuzee Saint Kitts and Nevis Bebuzee Saint Lucia Bebuzee Saint Vincent and the Grenadines Bebuzee Samoa Bebuzee San Marino Bebuzee São Tomé and Príncipe Bebuzee Saudi Arabia Bebuzee Senegal Bebuzee Serbia Bebuzee Seychelles Bebuzee Sierra Leone Bebuzee Singapore Bebuzee Slovakia Bebuzee Slovenia Bebuzee Solomon Islands Bebuzee Somalia Bebuzee South Africa Bebuzee South Korea Bebuzee South Sudan Bebuzee Spain Bebuzee Sri Lanka Bebuzee Sudan Bebuzee Suriname Bebuzee Sweden Bebuzee Switzerland Bebuzee Syria Bebuzee Taiwan Bebuzee Tajikistan Bebuzee Tanzania Bebuzee Thailand Bebuzee Timor-Leste Bebuzee Togo Bebuzee Tonga Bebuzee Trinidad and Tobago Bebuzee Tunisia Bebuzee Turkey Bebuzee Turkmenistan Bebuzee Tuvalu Bebuzee Uganda Bebuzee Ukraine Bebuzee United Arab Emirates Bebuzee United Kingdom Bebuzee Uruguay Bebuzee Uzbekistan Bebuzee Vanuatu Bebuzee Venezuela Bebuzee Vietnam Bebuzee World Wide Bebuzee Yemen Bebuzee Zambia Bebuzee Zimbabwe
Blog Image

Vulnerability in Insta360 Cameras Lets Anyone Download Your Photos

Earlier this year, a major vulnerability in Insta360 camera software was discovered by users on Reddit. In short, it let anyone connect to any Insta360 camera and download the photos. Seven months later and much of the issue remains unfixed.

The Exploit Revealed on Reddit

In January, Reddit user cmdr_sidhartagautama published a detailed breakdown of a vulnerability he discovered in the Insta360 One X2 camera. He realized that out of the box, the camera would always broadcast a Wi-Fi signal named “ONE X2 XXXXXX.OSC,” where the “X” stands for the last characters of any camera’s serial number.

Anyone in range of the camera could discover this network on their laptop or smartphone, but most probably weren’t concerned since it still required a password. But cmdr_sidhartagautama pointed out that the password to Insta360 cameras is not only always the same on every camera, but it also cannot be changed.

“This camera has more holes than Swiss cheese. Honestly, I don’t remember seeing a consumer product — with a reach as big as Insta360 — as insecure as this. This is beginner CTF levels of broken… and in multiple places,” he writes.

In that report, cmdr_sidhartagautama was able to connect to the camera and see all of the content on it using a computer browser and a specific URL. He also demonstrated the ability to gain root access to the camera over Wi-Fi.

“It would be trivial for a hacker to do a drive-by attack on these cameras, injecting malware into the SD card which would later be read by your work/home computer… in fact, I’m pretty sure this could be wormable, using one camera to attack another in a cascading effect,” cmdr_sidhartagautama claims.

While the report is now months old, the issue was brought to PetaPixel’s attention late last week when a new Reddit post noted that the issue had not yet been fixed by Insta360 despite being brought to the company’s attention back in January.

Insta360 Says it is Working On It

PetaPixel reached out to Insta360 for comment.

“We are indeed aware of it and have been working on updating the firmware and app in the past few months based on the user feedback from our community,” an Insta360 representative says.

“Currently the list_directory has already been terminated and it is no longer possible to access the camera content through the browser. We’re also updating the app and firmware to let users change their own password to improve security. This change will be announced to users in the app/firmware release notes once implemented.

“We’ll make sure to follow up and implement the app/firmware update in a reasonable timeframe.” Read More...

Previous Post

Picflow is a New Photo Gallery and Client Proofing Service

Next Post

Straight Out of Camera is the Purest Form of Photography… or IS It?

Comments