nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

IoT camera crew Titathink tells Reg it'll patch GET bug in a week

Apologises for 'serious mistake' in older kit, says latest things are secure

By Richard Chirgwin, 5 Dec 2016

Titathink has become the second vendor to respond to the modified firmware that exposed a variety of surveillance cameras to a malicious URL attack.

As we wrote last week, a security pro called Slipstream looked long and hard at the cameras' firmware, and found a URL that carried a parameter called “basic” would be copied to a fixed-length 256-byte stack buffer. A long URL would therefore overflow the buffer and start writing to the stack.

The bug affected 35-plus cameras from more than seven vendors, because they were apparently taking both their devices and their firmware as white-label from Titathink.

Shortly after we asked, UCam247 told us it was working on its fix – but until now, it was the only company to respond.

The Register has now heard from Titathink, which says it's giving the issue its full attention.

Apologising for the inconvenience caused by the “serious mistake”, Titathink e-mailed via a spokesperson that its programmers are now troubleshooting the code.

The bug only affects older platforms, the note said: devices using current firmware and chipsets are not affected. The e-mail promises to post new firmware for affected devices within a week. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing