The importance of default passwords

Forums › Gadgets, robotics, home automation, electronics (including wearables) › The importance of default passwords - Surveillance Cameras

eftpos

74 posts

Master Geek
+1 received by user: 16

#154822 9-Nov-2014 10:32

Well after just installing new IP based security cameras at work, I was sure to make 100% sure none were still loaded with default passwords.

Then I see this story http://www.techspot.com/news/58747-website-streams-private-ip-cameras.html

And lo and behold at the time, 122 non-secure IP based systems live in NZ.

http://insecam.com/cam/bycountry/NZ/

Interested in seeing if anyone sees the inside of their office online.....

SaltyNZ

8862 posts

Uber Geek
+1 received by user: 9539

Trusted

2degrees

Lifetime subscriber

#1171594 9-Nov-2014 11:15

Printers too. Brother printers by default have Internet Print Protocol turned on. If one were to look, then one could gain the IP addresses of a lot of Brother printers that one might then add as one's own printer to print whatever one so desired, you know, for science. I'm sure the same is true for just about every other brand of printer too, but since I have Brother printer myself I did some research. On a more serious note, this also means a lot of printers are wide open to exploitation with a view to installing malicious firmware over the internet. The printers themselves are pretty sophisticated computers: more than powerful enough to serve as a nice beachhead inside your network. I'm a little surprised it isn't already widely exploited.

iPad Pro 11" + iPhone 15 Pro Max + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1171605 9-Nov-2014 12:00

A lot are Hikvision systems, and I'd pick installed by the same person. They clearly know so little they're enabling web access with the default password enabled.

astrae

268 posts

Ultimate Geek
+1 received by user: 24

#1171767 9-Nov-2014 19:40

Are these users opening ports on their router to the cameras? Struggling to understand if your intelligent to know how to open ports on your router, you would know the implications of not changing the default passwords.

I can only access my NVR at work over VPN so nothing is open to the internet.

networkn

Networkn
32862 posts

Uber Geek
+1 received by user: 15453

ID Verified

Trusted

Lifetime subscriber

#1171805 9-Nov-2014 20:51

SaltyNZ: Printers too. Brother printers by default have Internet Print Protocol turned on. If one were to look, then one could gain the IP addresses of a lot of Brother printers that one might then add as one's own printer to print whatever one so desired, you know, for science. I'm sure the same is true for just about every other brand of printer too, but since I have Brother printer myself I did some research. On a more serious note, this also means a lot of printers are wide open to exploitation with a view to installing malicious firmware over the internet. The printers themselves are pretty sophisticated computers: more than powerful enough to serve as a nice beachhead inside your network. I'm a little surprised it isn't already widely exploited.

What exactly do you imagine the point of this is ? Malicious printing? Printers are obviously not physically accessible so sending print jobs to them would serve no useful purpose, unlike cameras would could be used to determine the status of an office for a potential robbery.

Dratsab

3964 posts

Uber Geek
+1 received by user: 1728

Trusted

Lifetime subscriber

#1171848 9-Nov-2014 22:03

networkn:
SaltyNZ: Printers too. Brother printers by default have Internet Print Protocol turned on. If one were to look, then one could gain the IP addresses of a lot of Brother printers that one might then add as one's own printer to print whatever one so desired, you know, for science. I'm sure the same is true for just about every other brand of printer too, but since I have Brother printer myself I did some research. On a more serious note, this also means a lot of printers are wide open to exploitation with a view to installing malicious firmware over the internet. The printers themselves are pretty sophisticated computers: more than powerful enough to serve as a nice beachhead inside your network. I'm a little surprised it isn't already widely exploited.

What exactly do you imagine the point of this is ? Malicious printing? Printers are obviously not physically accessible so sending print jobs to them would serve no useful purpose, unlike cameras would could be used to determine the status of an office for a potential robbery.

Read beyond Salty's first 4 sentences...

meesham

973 posts

Ultimate Geek
+1 received by user: 267

#1171919 10-Nov-2014 08:26

astrae: Are these users opening ports on their router to the cameras? Struggling to understand if your intelligent to know how to open ports on your router, you would know the implications of not changing the default passwords.

I can only access my NVR at work over VPN so nothing is open to the internet.

All of my Hikvision cameras had uPNP enabled by default to open a port on the firewall for remote access.

Lenovo

Shop now for Lenovo laptops and other devices (affiliate link).

richms

29098 posts

Uber Geek
+1 received by user: 10208

Trusted

Lifetime subscriber

#1172236 10-Nov-2014 14:42

I got a couple of cheap IP cameras from aliexpress. One of them by default has a cloud service enabled, even without ports opened it still gets thru to it, and I only noticed because there is a cloud URL in the admin pages. I had not changed my camera from the default of admin and 123456 at that time and hitting the URL was straight into it, I assume because I had just been logged into it locally the browser plugin cached the username and password.

I dont think I will be giving these cameras internet access when I get around to installing them.

Here is one that I found by just changing the URL a bit - http://434906.seetong.com/

I have no idea where it is, but the only difference is that number at the start, plenty in the 312xxxx range.

Add to this that video from blackhat last year about how a guy found exploits in alot of cameras just from looking at the firmware updates with things like unprotected scripts passing paramters to system without cleaning them up, and you have a small gutless linux machine on a remote network you can get to and then use to start exploiting other things on that network.

This is why the whole "internet of things" craze is so worrying. The people making these dont give a crap about security, they will probably never see a firmware update applied in their life even if they are available because they are working fine, and you have no idea what will happen to those "p2p" servers that relay the data in the future as I dont see how that is a viable business model when a company making the cameras is not charging an ongoing subscription to use them.

Richard rich.ms

loceff13

1089 posts

Uber Geek
+1 received by user: 340

#1172243 10-Nov-2014 14:51

iirc there's a bunch of youtube videos of people remotely taking over cameras and even playing sound from some of them

richms

29098 posts

Uber Geek
+1 received by user: 10208

Trusted

Lifetime subscriber

#1172244 10-Nov-2014 14:57

The one of someone playing rockwell's sometimes I feel like somebodys watching me out the guys PTZ one and he calls the helpdesk is quite funny.

Richard rich.ms