Hacks to turn your wireless IP surveillance cameras against you

Hacks to turn your wireless IP surveillance cameras against you

Sergey Shekyan and Artem Harutyunyan, researchers from the security firm Qualys, said the search engine Shodan shows about 100,000 wireless IP cameras that have "little or no emphasis on security." At the recent Hack in the Box security conference in Amsterdam, the researchers presented, "To Watch or Be Watched: Turning Your Surveillance Camera Against You".

According to the abstract, "The web based administration interfaces can be considered as a textbook example of an insecure web application and easily leads to an exposure of not only sensitive personal information (such as wireless network, FTP, and even email access credentials), but also provides an eye to an inside of your house. Apart from the flaws in the web interface, the cameras also use questionable security practices when it comes to securing the firmware, which leads to even more interesting attack vectors."

Shekyan wrote, "We'll try to get some attention on security flaws of widely available IP surveillance cameras that you can get at Home Depot for as low as $70. It's quite a challenge for us, because we never dealt with embedded devices before, although security issues in the embedded web server of the camera themselves are enough to do whatever you/bad guy/Chinese government want."

Foscam wireless IP cameras are called by different brand names in Europe, but the actual insecure device is the same. According to security researchers, two out of 10 wireless IP cameras in the wild that can be found via Shodan will authenticate you with 'admin' without requiring password. For example, using Shodan to search for 'Netwave IP Camera,' 16,293 wireless IP cameras were found in the US, 15,898 in Germany, and 13,289 in France.

If the wireless IP camera is setup with a user-configured password, the researchers outlined other ways to exploit the device such as brute forcing the password that is limited to 12 characters. They added, "The vast majority of cameras have firmware vulnerable to path traversal vulnerability that allows authentication bypass." Although there has been a firmware update released to patch this hole, about 99% of the devices remain unpatched. This is nearly the same scenario as TRENDnet;  a year after firmware was released, thousands of TRENDnet IP cameras are unpatched, exploitable and still provide a real-time Peeping Tom paradise.

>> Read more: Smart wifi camera

Tin nổi bật

Cần lưu ý gì khi thiết kế và in thẻ nhựa trong suốt?
Cần lưu ý gì khi thiết kế và in thẻ nhựa trong suốt?
In name card nhựa số lượng lớn, giá rẻ và nhanh chóng cho Đại lý Honda Việt Nam
In name card nhựa số lượng lớn, giá rẻ và nhanh chóng cho Đại lý Honda Việt Nam
In name card nhựa trong suốt cao cấp, giá rẻ cho nhân viên gian hàng Gạch 3D Mạnh Trí tại hội chợ VietBuild
In name card nhựa trong suốt cao cấp, giá rẻ cho nhân viên gian hàng Gạch 3D Mạnh Trí tại hội chợ VietBuild
In thẻ nhựa Vip cao cấp để tỏ lòng tri ân khách hàng thân thiết cho Trung tâm xe hơi Ford
In thẻ nhựa Vip cao cấp để tỏ lòng tri ân khách hàng thân thiết cho Trung tâm xe hơi Ford
In thẻ nhựa cao cấp dùng làm thẻ ngân hàng
In thẻ nhựa cao cấp dùng làm thẻ ngân hàng
In thẻ nhựa cao cấp dùng làm thẻ khách hàng thân thiết
In thẻ nhựa cao cấp dùng làm thẻ khách hàng thân thiết
Gia công cho in thẻ nhựa cao cấp
Gia công cho in thẻ nhựa cao cấp
In thẻ nhựa cao cấp
In thẻ nhựa cao cấp
Ứng dụng của in thẻ nhựa vào đời sống hiện nay
Ứng dụng của in thẻ nhựa vào đời sống hiện nay
Hacks to turn your wireless IP surveillance cameras against you, 110, Minh Thiện, In thẻ nhựa, 29/08/2016 15:23:22