Here is an example of a well-known camera streaming service Virtavo that leaked over 1000 users’ personal footage. It is crucial that you become aware of this incident and alert others to it, as the use of streaming security cameras is growing rapidly in the modern era, when keeping an eye on our home with security cameras connected to streaming services has made it simple.
A massive exposed data server with 3GB of personal data and data from iPhones using a specific app was found by the cybernews team. They discovered an unprotected Elasticsearch server that exposed logs with user phone numbers, device identifiers, IP addresses, firmware versions, and other specific device, network, and user data when they analysed the log samples, which indicated that the data was connected to the Home V App, which controls Virtavo security cameras.
Prospects Of Virtavo
A group of passionate tech enthusiasts formed VIRTAVO in 2020 with the goal of revolutionising home security with state-of-the-art technologies.
VIRTAVO expanded internationally, selling more than 200,000 devices a year. To reach clients around the world, they grew there distribution network and forged alliances with significant merchants.
In addition to producing security cameras, Virtavo also sells the “Home V” app for iOS smartphones, which allows users to watch or play videos. It serves as an interactive home monitoring solution by playing recorded videos, enabling two-way conversation, streaming live videos, sending out notifications when motion is detected, and more.
The company’s vision is to make home security easier for everyone by offering creative, approachable solutions that offer excellent protection without being complicated.
“The detailed device identifiers, IP addresses, user phone numbers, and other personal information can be exploited by malicious actors for various purposes, including targeted attacks, unauthorized access, identity theft, and surveillance,”
Cybernews Researchers
The investigator stated Over 8.7 million records were on the server. Some unique identifiers appeared up to 50 times, and many of the photos were duplicates. More than 100,000 distinct users could be impacted, according to researchers.
The Type Of Data Collected
Devise information and software details from iPhones, notably the iPhone 12, were the type of data gathered in this breach. They obtained network information, the IP address of the cameras in use, and the nation in which they were located.
Along with device IDs, they also discovered user account information, server codes, timings, wifi strength, and time zones.
“This information could potentially help to exploit Virtavo cameras and identify their owners. The exposure of this data highlights significant lapses in data security practices.”
Users should be aware that accessible comprehensive logs can be exploited to exploit vulnerabilities, which could result in attacks on user devices or unauthorised access, according to the researchers. Unauthorised monitoring and identity theft may be made easier by compromised user phone numbers and device information.
