The Samsung Smartcam is a great example of why consumers should be wary of 'Internet of Things' devices. Multiple exploits for the camera have been found since the Smartcam initially went on sale, previously allowing for remote command execution and changing the admin password without knowing the original one. Now another exploit has been discovered for the Smartcam, this time allowing commands to be executed as the root user.

After the first wave of exploits, the Smartcam's local web interface was completely removed, only allowing users to connect to it via the Samsung SmartCloud website. The company hoped that this would remove all possible exploits, but they neglected to remove the actual web server itself (only deleting the interface that the server was running).

Because the web server is still available, another exploit was found - allowing commands to be run on the Smartcam as root. The full technical details can be found on the Exploitee.rs wiki, but essentially, this works by injecting a specific file into the device's "iWatch" webcam monitoring service as a firmware update. This can then be used to execute commands remotely as the root user, because the web server runs as root.

Interestingly, the Smartcam was developed by Samsung Techwin, a former division of Samsung. Samsung sold its holding stake of Techwin in 2015 to South Korean conglomerate Hanwha Group. The company, now called Hanwha Techwin, is still responsible for the Samsung Smartcam - likely explaining the camera's poor user experience and security.

Source: Exploitee.rs