Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Video Camera Security
From: xgermx at gmail.com (xgermx)
Date: Tue, 30 Jun 2009 08:49:00 -0500

PDP wrote about something similar not to long ago on GNUcitizen.
http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-1/
A nice 5 part series about hacking Linksys IP Cameras.

On Mon, Jun 29, 2009 at 12:27 PM, Adrian Crenshaw<irongeek at irongeek.com> wrote:
Hi all, Since in episode 157 you were talking some about IP video cameras, I
figured I'd mention a few items. I've been playing with the idea of writing
an article about IP video camera insecurity, and here are a few things I
would want to mention:

1. IP was never meant to be secure, and if you can get on the same LAN DoS
is trivial (ARP poison and drop traffic, conflict IP, etc).
2. Wireless is even worse, you can't stop deauth attacks.
3. How many of these cams have you seen using plain text protocols, like
ftp, to archive photos?
4. Web front ends, huh, since there are hardware I wonder how often they
update the firmware.
5. Use an ettercap filter to replace the video with something else. :)
6. The Dlink I have for testing can be set to require a password, but if you
know the path to the java applet you can still watch the cam.
7. Laser pointers are a fun way to take them out, but this guy has done it
one better:
I found someone online who hooked up a rifle scope, a laser pointer and a
cell phone to blin a camera on command.

Granted, 7 is not IP only.
Adrian


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault