Thousands of Users Exposed by Flawed Camera Streaming App

 

A Cybernews research team discovered a huge exposed data server on June 25th. The server contained 3GB of personal information and telemetry from iPhones equipped with an app known as “Home V.” According to the log samples, the data is related to the Home V app, which is used to manage Virtavo security cameras.

Elasticsearch, a data analytics and search engine, was exposed by an unsecured server that provided logs containing phone numbers, device identifiers, IP addresses, and firmware versions, among other details about the devices, the network, and the users. 

It has been suspected that these logs were diagnostic reports, which were updated in real-time and appear to have been used for performance monitoring or troubleshooting. As a result of the server’s malfunction, more than 8.7 million records were left on the server. Several snapshots were duplicates and for some unique identifiers, there was an appearance of up to 50 snapshots at the same time.

In a study, researchers estimated that over 100,000 unique users could be affected, while cybersecurity researchers were able to find an exposed data server that contained 3GB of personal information and was capable of receiving telemetry from iOS devices. 

During the summer of 2023, all the information in the world had one thing in common: it was generated by an app called Home V, which managed Virtavo security cameras. These cameras were capable of streaming videos, playing back videos, communica

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: