No one wants to have their photos stolen, especially not from a hacked device.
But it looks like an exploit found in Insta360 cameras is allowing unauthorized users just that and the kicker?
This issue was identified almost a year ago and it seems like still there is no solution to the problem.
As noticed by Reddit users and covered by PetaPixel, the camera’s broadcasted WiFi signal allowed others to access it because the camera’s password cannot be changed and this allows for it to essentially be exploited using a specific URL address and that same WiFi feature.
The Reddit users that identified this issue then go on to explain that such an exploit could be daisy chained to infect other cameras potentially and their users’ home computers. In short, it’s a pretty big mess.
In a response to PetaPixel’s article, Insta360 is working on a fix.
“Currently the list_directory has already been terminated and it is no longer possible to access the camera content through the browser. We’re also updating the app and firmware to let users change their own password to improve security. This change will be announced to users in the app/firmware release notes once implemented. …We’ll make sure to follow up and implement the app/firmware update in a reasonable timeframe.”
Even so, many don’t think this goes far enough to fix the issues and this namely boils down to public access to a WiFi camera and the potentialities behind that. After all, who wants to “potentially” have their device hacked and all of their photos stolen? Not many people, and how subtly it can be accomplished is what worries them. With a simple file injection that any user would mistake for a video or photo file and a malicious user could take control of someone’s hardware and that’s a risk that few are willing to take. When Insta360 fixes this issue, we’ll be sure to let you know.
Do you own or plan to buy an Insta360? Let us know your thoughts on this exploit in the comments below.
Check out some other photography news on Light Stalking at this link right here.