I've been watching Defcon videos recently (in no way am I a hacker myself) and saw a video of someone demonstrating a security camera hack. For this hack you needed to know the IP address of the camera but there is no obvious way on how to do it. With devices like Phones and Computers it's easy to get the IP but it seems to be a little harder with other devices.
-
8Wait... Are security cameras connected to the Internet? – Rob Dawson Oct 08 '16 at 20:06
-
Network Mapping? – Rob Dawson Oct 08 '16 at 20:06
-
11[Shodan search engine?](https://www.shodan.io/explore/tag/camera) – Steffen Ullrich Oct 08 '16 at 20:25
-
34I think there was a recent story about a security researcher's website being the target of a DDoS attack originating from a botnet of security cameras. Apparently there are security camera vendors who don't consider security to be a priority. – kasperd Oct 08 '16 at 23:12
-
2Internet of things..? – m4n0 Oct 10 '16 at 07:41
-
1@kasperd that was Brian Kreps https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/ – hd. Oct 10 '16 at 09:06
4 Answers
Connecting 'things' to the Internet is becoming common because of the benefits of remote communication. You can have your camera upload its footage to a cloud storage server, or be able to view the camera remotely, for instance.
Any device on the Internet is exposed and subject to network mapping. The entire Internet is constantly being scanned, and once an IP is identified, there are processes that attempt to determine what the IP is connected to (web server, camera, fridge, your dog, etc.) From there, attackers (or researchers) can probe those devices for weaknesses and vulnerabilities (or default passwords).
To help out the attackers and researchers, databases of these IP-to-thing mappings are maintained (Shodan, for instance). Then it is trivial to simply search for "security camera Acme Security model xyz123" and apply a specific hack (as you witnessed).
- 123,438
- 55
- 284
- 319
-
20@WayToDoor http://www.dogtrackernano.com/ Now you have to worry about your dog's IP lease as well as your dog peeing while on leash. – schroeder Oct 09 '16 at 18:34
It's now possible to scan the entire IPv4 Internet in a matter of minutes using a tool like ZMAP or masscan
Likewise they can use online databases like Shodan and scans.io to find huge lists of a given device quickly.
So the method has changed from searching for a few devices in a limited time to searching across all known IP addresses for the device or vulnerability of interest.
- 14,099
- 6
- 43
- 49
-
Just tried ZMap for port 80 and it says 2 days left not a few minutes (I have 16Mbps ADSL) – Suici Doga Oct 09 '16 at 07:03
-
6
-
12
-
3@SuiciDoga It does say minutes for well provisioned internet. So if you were at a university for instance you would be on a very fast network. From a home assuming really fast internet isn't available an alternative is renting a virtual machine on the internet and working from its very fast connection. – PeteT Oct 10 '16 at 09:38
For IPv6 it's currently infeasible to scan the entire address space but there are tricks to make the devices reveal their IPs.
One of those tricks would be to add your malicious server to a "pool" such as the NTP pool, where resolving the domain of the pool would randomly give out a server from the pool, possibly yours. Any device configured to use the pool would have a chance to hit your server and you can get their IPv6 that way. Shodan used (maybe they still do) to do this with some success.
- 12,706
- 3
- 39
- 76
Ipcamera manuals not only include the default login information, but also a list of hard coded ddns servers the camera can use if you want to remote into it. You could access quite a few ipcameras by querying ipcamera ddns servers until a login prompt is given, then input the default login information.
Another way would be to query an ipcam manufacturer's NAT servers, these let you access the camera directly by pin number (some used to not even require a login). Guessing the pin numbers isn't a hard task either considering the last 4 digits are the only real thing that changes in a given year.
- 141
- 2