UPDATE At DEFCON 22 in 2014 , researchers demonstrated hacks against the Samsung Smartcam that allowed an attacker to remotely take over the device . Samsung ’ s reaction at the time was to remove the web interface enabling the attack rather than patch the code in question . The Exploitee.rs , formerly the GTVHacker group , said users weren ’ t pleased with the response and in turn , decided to take another crack at analyzing Vulnerability-related.DiscoverVulnerability the device for vulnerabilities . On Saturday , the group publicly disclosed Vulnerability-related.DiscoverVulnerability a remote code execution bug it found Vulnerability-related.DiscoverVulnerability in the SNH-1011 Smartcam , and cautioned that it likely exists Vulnerability-related.DiscoverVulnerability in all Samsung Smartcam devices . “ The vulnerability occurs Vulnerability-related.DiscoverVulnerability because of improper sanitization of the iWatch firmware update filename , ” the group wrote Vulnerability-related.DiscoverVulnerability in a technical description of the vulnerability that also included a proof-of-concept exploit and instructions on how to patch Vulnerability-related.PatchVulnerability the flaw . “ A specially crafted request allows an attacker the ability to inject his own command providing the attacker remote root command execution ” . A request for comment from Samsung was not returned in time for publication . A Samsung contact told Threatpost that the vulnerability affects Vulnerability-related.DiscoverVulnerability only the SNH-1011 model and it will be removed Vulnerability-related.PatchVulnerability in an upcoming firmware update . The Exploitee.rs said they were motivated to look further at the cameras because of Samsung ’ s response to their first disclosure Vulnerability-related.DiscoverVulnerability . “ This angered a number of users and crippled the device from being used in any DIY monitoring solutions . So , we decided to audit the device once more to see if there is a way we can give users back access to their cameras while at the same time verifying the security of the devices new firmware ” . The original response looks especially weak in a climate where connected devices are being especially scrutinized for their security . “ While this flaw by default would not directly allow attacks from the Internet suitable for something like Mirai , it would be pretty trivial to use CSRF to infect devices on home networks , ” Tripwire principal security researcher Craig Young said . “ It is always disappointing when a vendor eliminates features rather than fixing Vulnerability-related.PatchVulnerability vulnerabilities as was the case in this camera ” . While the original issue from 2014 has been addressed , the Exploitee.rs wrote that what remains of the web interface includes a set of PHP scripts that allow the camera ’ s firmware to be updated through the iWatch webcam monitoring service . “ These scripts contain a command injection bug that can be leveraged for root remote command execution to an unprivileged user , ” they said . The researchers said Vulnerability-related.DiscoverVulnerability the flaw in iWatch can be exploited Vulnerability-related.DiscoverVulnerability through a special filename stored in a tar command that is passed to a php system call . “ Because the web-server runs as root , the filename is user supplied , and the input is used without sanitization , we are able to inject our own commands within to achieve root remote command execution , ” they said . ASUS patched Vulnerability-related.PatchVulnerability a bug that allowed attackers to pair two vulnerabilities to gain direct router access and execute commands as root