FIGURE 3-4. Foscam releases a firmware update that requires manual processes
Exploiting Dynamic DNS
In addition to the issues around weak credentials, the “Exploiting Foscam IP Cameras” white-
paper also calls out a vulnerability in the Foscam devices relating to the included Dynamic
DNS feature. Every Foscam device includes a unique six-character hostname (in the form of
xx####, where x is a letter and # is a digit) that is printed on a label and fixed to the camera.
This static value is also flashed into the device’s memory and is used as both the username
and the password for the Dynamic DNS feature.
THE FOSCAM INCIDENT 65