Guardzilla denied accusations from 0DayAllDay that their cameras are easily hackable. 0DayAllDay, a security research group based in Dallas, had reported that every Guardzilla camera contains hardcoded keys that hackers can extract easily, as they’re protected by an outdated algorithm. Furthermore, they posited that each Guardzilla device uses the exact same keys to upload their footage to Amazon Web Services’ cloud storage. Once hackers have obtained the keys, they can gain access to all of users’ cloud storage as well as any customer data uploaded on the device, 0DayAllDay concluded.
In their report, the researchers explained how it only took them three hours to decrypt Guardzilla’s firmware. The Guardzilla devices are insecure due to their use of hardcoding keys, a common practice of lower-cost connected devices, 0DayAllDay concluded.
In an email to Security Baron, a representative from Guardzilla wrote that 0DayAllDay’s report was “erroneous and misleading.” The report mistook list access for full access, ignoring all AWS S3 internal security protocols, Guardzilla wrote. They confirmed that there was no “unauthorized access to our customer’s video files.” In addition, Guardzilla is currently changing their access keys, which the report published. To further ensure the cybersecurity of their cameras, Guardzilla had RSM McGladrey, a technology audit firm, retrace the steps taken in the report to hack the video files. RSM McGladrey confirmed that the videos cannot be accessed in the ways that 0DayAllDay claim. Although representatives for 0DayAllDay claim that they originally told Guardzilla about the report in September, Guardzilla denies receiving the report.
“We zealously protect our reputation and are in the process of responding to all involved parties,”
wrote Team Guardzilla in their email to Security Baron. Guardzilla products are currently available on their website as well as in major retailers such as Best Buy, Staples, and Amazon.
Related: the best home security cameras of 2019