White hat hackers – aka, the good guys – are individuals whose full-time job is hacking to find and exploit vulnerabilities in programs and equipment. There are a few reasons someone may want to hack into a security camera system, and not all of them are bad. Why Would Someone Hack a Security Camera? What Is At Stake? In this post, you will learn specifically about why and how someone would hack a security camera system and what measures you can take to protect yourself. Ironically, in some cases, it can be the very items that you purchase to protect you, such as security cameras, that can also be used to gain illegal and ill-intended access. Many do not realize how the internet of things (IoT) – essentially any item that is connected to the internet, especially those that "talk" to each other, such as Echo Dots, Fitbits, smart refrigerators, smart thermostats, baby monitors, etc. The 32 bit value in blue, taken as a little endian integer is 0x0009bc8e, is 638094.With the increasing benefits of using wi-fi and smart technologies, there are also increasing security risks. The rest of the following structure adheres to this pattern (e.g. The value highlighted in green (0x50, 0x46, 0x03, 0x04 i.e. The format is kind of familiar to me, but I’ve colour coded some of it for clarity: So, let’s throw one of these into a hex editor. These have probably been separated out to allow easy customisation and branding of the interface web_supra – the files for the web front end.sys_supra – the system firmware itself, which contains the operating system.In the end I found the firmware in a most unusual place: In the app that came on a CD with the camera. While abusing “similar” firmware can give you hints about what utilities are installed it’s best to get the specific firmware. Searching the various sites referenced in the camera’s documentation gave up nothing about the firmware for this specific device, although I did find firmware for similar models. Well, that was easier than expected! So I’m going to back track and work this out from first principles, by going for the firmware. ~]$ telnet 192.168.0.23Įscape character is ‘^]’.(none) login: rootīusyBox v1.12.1 ( 22:17:05 CST) built-in shell (ash)Įnter ‘help’ for a list of built-in commands. ![]() Note: This is now running on my wireless network to make it more convenient for me, hence the IP address change: There’s one way to check this they all found out the root password for the device as “123456”. These are substantially different cameras from other manufacturers, but all show a similar profile to the one I bought. A quick web search on “8600/tcp camera” brings up a couple of interesting results for similar cameras: Right, so we’re in a situation where we have the camera, some dodgy ports and a default administrator password on a web interface. The telnet port gives a prompt for credentials, but the default credentials (admin and no password) don’t work so it’s likely that the user isn’t meant to use telnet. There is also no SSL option to encrypt the management traffic. This isn’t very secure, but it does make it easy to handle. the base 64 encoded username and password are passed with each request) to authenticate the user. Interestingly enough it uses basic HTTP authentication (i.e. The http port leads us to the management front end. ![]() Interesting titbits telnet, http and what is that on port 8600/tcp? As it’s a camera it’s likely that the errant port is some flavour of video stream. Nmap done: 1 IP address (1 host up) scanned in 41.36 seconds Starting Nmap 6.40 ( ) at 10:10 GMT Daylight Time Strangely enough if you disable the wireless interface it will copy that IP address to the Ethernet one. Later testing showed that only one of these interfaces can be used at a time, and that the wireless interface takes priority. The unit uses Power over Ethernet (PoE) to provide power and access to the Ethernet front end. What could I do, other than buy it, and rip it apart? The camera unit All of this functionality comes at a semi-decent price too. It boasts outdoor design, wireless connectivity, infra-red mode, cloud access, and mobile app control. In this case I was in the local Aldi, and while trying to prevent my kids eating each other due to boredom I came across a Maginon Vision “security” camera. Most of this tat is indeed utter rubbish and ends up getting binned, but occasionally there’s something worth hacking about with. My better half assumes that this is to economise on the basics but in reality it’s because I’m addicted to browsing through the piles of tat that they sell. In recent months my family’s shopping habits have changed, no longer do we mostly go to the big supermarkets, instead we go to the discount dealers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |