Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


74 posts

Master Geek
+1 received by user: 16


Topic # 154822 9-Nov-2014 10:32
One person supports this post
Send private message

Well after just installing new IP based security cameras at work, I was sure to make 100% sure none were still loaded with default passwords.

Then I see this story http://www.techspot.com/news/58747-website-streams-private-ip-cameras.html


And lo and behold at the time, 122 non-secure IP based systems live in NZ.

http://insecam.com/cam/bycountry/NZ/


Interested in seeing if anyone sees the inside of their office online.....

Create new topic
4589 posts

Uber Geek
+1 received by user: 2083

Trusted
Subscriber

  Reply # 1171594 9-Nov-2014 11:15
Send private message

Printers too. Brother printers by default have Internet Print Protocol turned on. If one were to look, then one could gain the IP addresses of a lot of Brother printers that one might then add as one's own printer to print whatever one so desired, you know, for science. I'm sure the same is true for just about every other brand of printer too, but since I have Brother printer myself I did some research. On a more serious note, this also means a lot of printers are wide open to exploitation with a view to installing malicious firmware over the internet. The printers themselves are pretty sophisticated computers: more than powerful enough to serve as a nice beachhead inside your network. I'm a little surprised it isn't already widely exploited.




iPad Air + iPhone SE + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.


27050 posts

Uber Geek
+1 received by user: 6503

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1171605 9-Nov-2014 12:00
Send private message

A lot are Hikvision systems, and I'd pick installed by the same person. They clearly know so little they're enabling web access with the default password enabled.





253 posts

Ultimate Geek
+1 received by user: 16


  Reply # 1171767 9-Nov-2014 19:40
Send private message

Are these users opening ports on their router to the cameras? Struggling to understand if your intelligent to know how to open ports on your router, you would know the implications of not changing the default passwords.

I can only access my NVR at work over VPN so nothing is open to the internet.







18273 posts

Uber Geek
+1 received by user: 5242

Trusted
Lifetime subscriber

  Reply # 1171805 9-Nov-2014 20:51
Send private message

SaltyNZ: Printers too. Brother printers by default have Internet Print Protocol turned on. If one were to look, then one could gain the IP addresses of a lot of Brother printers that one might then add as one's own printer to print whatever one so desired, you know, for science. I'm sure the same is true for just about every other brand of printer too, but since I have Brother printer myself I did some research. On a more serious note, this also means a lot of printers are wide open to exploitation with a view to installing malicious firmware over the internet. The printers themselves are pretty sophisticated computers: more than powerful enough to serve as a nice beachhead inside your network. I'm a little surprised it isn't already widely exploited.


What exactly do you imagine the point of this is ? Malicious printing? Printers are obviously not physically accessible so sending print jobs to them would serve no useful purpose, unlike cameras would could be used to determine the status of an office for a potential robbery.

3127 posts

Uber Geek
+1 received by user: 947

Trusted
Lifetime subscriber

  Reply # 1171848 9-Nov-2014 22:03
One person supports this post
Send private message

networkn:
SaltyNZ: Printers too. Brother printers by default have Internet Print Protocol turned on. If one were to look, then one could gain the IP addresses of a lot of Brother printers that one might then add as one's own printer to print whatever one so desired, you know, for science. I'm sure the same is true for just about every other brand of printer too, but since I have Brother printer myself I did some research. On a more serious note, this also means a lot of printers are wide open to exploitation with a view to installing malicious firmware over the internet. The printers themselves are pretty sophisticated computers: more than powerful enough to serve as a nice beachhead inside your network. I'm a little surprised it isn't already widely exploited.


What exactly do you imagine the point of this is ? Malicious printing? Printers are obviously not physically accessible so sending print jobs to them would serve no useful purpose, unlike cameras would could be used to determine the status of an office for a potential robbery.

Read beyond Salty's first 4 sentences...

918 posts

Ultimate Geek
+1 received by user: 224

Subscriber

  Reply # 1171919 10-Nov-2014 08:26
Send private message

astrae: Are these users opening ports on their router to the cameras? Struggling to understand if your intelligent to know how to open ports on your router, you would know the implications of not changing the default passwords.

I can only access my NVR at work over VPN so nothing is open to the internet.


All of my Hikvision cameras had uPNP enabled by default to open a port on the firewall for remote access.

21459 posts

Uber Geek
+1 received by user: 4362

Trusted
Subscriber

  Reply # 1172236 10-Nov-2014 14:42
Send private message

I got a couple of cheap IP cameras from aliexpress. One of them by default has a cloud service enabled, even without ports opened it still gets thru to it, and I only noticed because there is a cloud URL in the admin pages. I had not changed my camera from the default of admin and 123456 at that time and hitting the URL was straight into it, I assume because I had just been logged into it locally the browser plugin cached the username and password.

I dont think I will be giving these cameras internet access when I get around to installing them.

Here is one that I found by just changing the URL a bit - http://434906.seetong.com/

I have no idea where it is, but the only difference is that number at the start, plenty in the 312xxxx range.

Add to this that video from blackhat last year about how a guy found exploits in alot of cameras just from looking at the firmware updates with things like unprotected scripts passing paramters to system without cleaning them up, and you have a small gutless linux machine on a remote network you can get to and then use to start exploiting other things on that network.

This is why the whole "internet of things" craze is so worrying. The people making these dont give a crap about security, they will probably never see a firmware update applied in their life even if they are available because they are working fine, and you have no idea what will happen to those "p2p" servers that relay the data in the future as I dont see how that is a viable business model when a company making the cameras is not charging an ongoing subscription to use them.




Richard rich.ms

688 posts

Ultimate Geek
+1 received by user: 154


  Reply # 1172243 10-Nov-2014 14:51
Send private message

iirc there's a bunch of youtube videos of people remotely taking over cameras and even playing sound from some of them

21459 posts

Uber Geek
+1 received by user: 4362

Trusted
Subscriber

  Reply # 1172244 10-Nov-2014 14:57
Send private message

The one of someone playing rockwell's sometimes I feel like somebodys watching me out the guys PTZ one and he calls the helpdesk is quite funny.





Richard rich.ms

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.