@t84a (I don't think tagging works, but I want you to know this is directed at you), give it a rest. If you're not concerned with it, move on and stop with the conjecture.
Amcrest's history is precisely why we are concerned with the lack of acknowledgement/response from them.
Do
you know their history? Amcrest
IS Foscam.
They ended their partnership with the previous manufacturer due to "their (own) experiences and customer feedback" surrounding the security risks that were not being addressed.
They re-branded and are now working with "the second largest security camera manufacturer in the world" with a "
deep commitment to end-user
privacy and security, highly reliable software and hardware...."
Directly from the
source:
The context of the security risk at hand, versus the risks that created turmoil previously, holds no relevancy. Obviously Amcrest is not solely responsible for the WPA2 vulnerability, whereas the manufacturers of their equipment under the Foscam name were absolutely responsible for their shortcomings.
The problem here is the fact that Amcrest has yet to even acknowledge this (publicly). Deduction tells us that a
security-centric company's lack of public disclosure regarding a flaw/risk of this magnitude likely suggests that they aren't addressing it appropriately.
Especially considering that this flaw has only recently be disclosed to the public by the engineer who discovered it. Which means manufacturers/vendors have had this information for a significant amount of time already.
On that note, it isn't unlikely that other, less moral
researchers or engineers (see: black hats), may have also discovered or have known about this without disclosing it and may have been using this for nefarious purposes.
If you don't see the hypocrisy or concern, that's fine... but those of us with our heads on straight, that understand the history and implications of not only the risk/flaw at hand, but also understand Amcrest's history and supposed mission statement... well, we do care.
I'm now unaffected since I've already decommissioned their products in my environments, but I wanted to chime in here.