Unsecured IP security cameras, a whole new field of trolling potential?

TasmanianDevilTasmanianDevil Semo-Regulars
edited December 2012 in Tech & Games

Comments

  • Darth BeaverDarth Beaver Meine Ehre heißt Treue
    edited November 2012
    Just out of curiosity, do you happen to speak Dutch?
  • bornkillerbornkiller Administrator In your girlfriends snatch
    edited November 2012
    I use to like the cam hacks and shit. (still do) Nothing better than invading ones personal space.
  • Darth BeaverDarth Beaver Meine Ehre heißt Treue
    edited November 2012
    I have 2 personal spaces and neither one has ever been invaded.
  • TasmanianDevilTasmanianDevil Semo-Regulars
    edited November 2012
    Just out of curiosity, do you happen to speak Dutch?

    I am fairly sure i do not, but what do i know?
    bornkiller wrote: »
    I use to like the cam hacks and shit. (still do) Nothing better than invading ones personal space.

    Well, some of these people are going to have their personal spaces even more invaded.
    Working on infiltrating some camera owners facebook friends, will see for how long i can keep dropping hints before they catch on.
  • bornkillerbornkiller Administrator In your girlfriends snatch
    edited November 2012
    My favorite was accessing a uni in melbourne, oz. It was the engineering dept with their project car .... enough said. :rolleyes:
  • TasmanianDevilTasmanianDevil Semo-Regulars
    edited November 2012
    bornkiller wrote: »
    My favorite was accessing a uni in melbourne, oz. It was the engineering dept with their project car .... enough said. :rolleyes:

    I find there are a surprising number of these cameras at universities that are unprotected, guess people deploy them in their departments without consulting IT security about it.

    I found one named *Deleted*

    Another one i found was named *Deleted* and was from *Deleted*


    On another note i am suprised on the number of cameras i have found with no security at all in places where confidentiality were seriously compromised.

    A few*Deleted*, a *Deleted* *Deleted*, a few *Deleted* and such.
  • RemadERemadE Global Moderator
    edited November 2012
    I've been doing this - but with secured cameras as of late.

    For example the site www.reallifecam.com is a pay-for-the-bathroom-and-bedroom cam site. Basically for voyeurs and the Russian/Spanish people on it are getting paid.
    And yes, there is sex. As well as everything else in a house.

    Anyway, there is a greasemonkey script for the exploit which /b/ is all over at the moment. If anyone is really interested I can point you to it, but all the info you need is there and can be googled ;)

    As for the social worker one...holy fuck! Client confidentiality lawsuit methinks :eek:

    Plus nice touch on the Dutch. if you know much about Holland I feel we will get on very well ;) family history and all with me.
  • RemadERemadE Global Moderator
    edited November 2012
    I've been doing this - but with secured cameras as of late.

    For example the site http://anonym.to/?http://www.reallifecam.com is a pay-for-the-bathroom-and-bedroom cam site. Basically for voyeurs and the Russian/Spanish people on it are getting paid.
    And yes, there is sex. As well as everything else in a house.

    Anyway, there is a greasemonkey script for the exploit which /b/ is all over at the moment. If anyone is really interested I can point you to it, but all the info you need is there and can be googled ;)

    As for the social worker one...holy fuck! Client confidentiality lawsuit methinks :eek:

    Plus nice touch on the Dutch. if you know much about Holland I feel we will get on very well ;) family history and all with me.
  • TasmanianDevilTasmanianDevil Semo-Regulars
    edited November 2012
    RemadE wrote: »
    As for the social worker one...holy fuck! Client confidentiality lawsuit methinks :eek:

    Even better, due to a nice feature of the cameras firmware that you can make a backup of the cameras settings (it stores all credentials in clear text btw), i could now have had her email (with password), WPA password, SSID, and ofc the passwords to all accounts on the camera (Many seem to password protect their own personal accounts but completely forget the factory admin account) and since it was probably the same as on her email, the password to her router.


    And all of this because she had to have a security camera watching her driveway, and did not get someone qualified enough to have it setup right, not to mention she should have bought a more expensive camera with better security.

    In general most users will not create any sort of security with these cameras, most of them are not properly setup to begin with meaning unless the owner just happened to be online and watching the camera the moment someone breaks into their home it not going to do them any good.
    Most of them however create a giant security hole that a intelligent thief could use to gather info about the people living there, and they have a camera for a reason so there has to be something worth stealing there right? (Some of the places i found i doubt there was anything worth stealing exept maybe the camera)

    I have another nice example where someone wanted a "security camera" and it just ends up being a huge security fail but i will need some time to type it up and "sanitize" all the screenshots.

    Another fun one was the telecom and alarm company that had a demo camera (Panasonic PTZ camera) in their shop that i could zoom in on their lists of alarm codes and the post-it note with the system admins username and password on his screen. :facepalm:
  • TasmanianDevilTasmanianDevil Semo-Regulars
    edited November 2012
    I have another nice example where someone wanted a "security camera" and it just ends up being a huge security fail but i will need some time to type it up and "sanitize" all the screenshots.



    This post will not be so much about trolling as to the fact that these cameras when inproperly secured can and often is a serious security issue.
    Trolling random cameras for the lulz and picking up personal information here and there is one thing, but can this be used for a targeted attack?
    Also i just like some internet detective work. :D

    Yes, i do have too much free time on my hands.


    The target in this case was chosen due to the fact that there was nothing easily identified with it, just a simple view of someones kitchen.
    There was also very little information on the camera itself, email accounts and SSID were vaguely named and provided no clues as to the owners name so no way of finding
    a location that way.
    All there was to go on was a IP whois placing the camera in the area of *Deleted*


    Well, lets say there was a hypothetical thief in that area looking for easy targets, what could he do to locate the camera and what information could he gain from the camera itself?

    First of all, how would he locate the camera to begin with?

    Well, the view inside the house is not of much use but lets pan around to look out the window what can he see?

    6815-1272476069.jpg

    Ok, so he know its close to the coastline, slightly elevated and at a T intersection. Thats still alot of ground to cover in streetview just for the hope
    of finding the right intersection, specialy as a whois lookup rarely is very accurate, lets say he assume the target is in this area.

    *Deleted*

    What more can he see to narrow it down a bit?

    *Deleted*

    Due to the fact that it is slowly moving against the background the thief is just able to see that that is a ship moving from left to right along the coastline.

    How can that help our thief then?

    Marinetraffic.com

    Marinetraffic lets the thief track ship movements online by tracking the ships AIS transponders.
    The theif may also have tried to use Flightradar24.com due to the fact he could hear a lowflying propeller aircraft flying low overhead, but high airspeeds together with the latency of the websites movement reports could have made that hard to get accurate results from.

    Now lets see what ships are in that region.

    *Deleted*

    Ok, so only one ship in the area moving in the right direction that narrows it down, this also shows the thief that the location is actually almost 10km from the center of *Deleted* itself.
    As i said, whois lookups are not very accurate when it comes to geography.

    *Deleted*

    Now there is just the question of firing up google maps and looking for T intersection roughly matching the angle to the coastline showed on the camera.

    And after a few minutes searching our thief finds this in streetview:

    *Deleted*

    Now lets check back with the camera, what more can be seen if the thief pan around a bit?

    *Deleted*

    Now the thief knows the house colour.

    *Deleted*

    And thats the window the camera is placed in. (Edit: actually its the window below it :facepalm:)

    Our hypothetical thief would now have the targets location and could easily check if the owner was home.

    Of course there is an access log on the camera but the thief have done his research and know its only stored in memory, so a quick press of the reboot button of the camera (conveniently located in the cameras admin panel) takes care of that, leaving no traces for the owner that anyone have been using his camera.

    Dont ask me about the screenshots, they fell of a truck while i was out for a SWIM.
  • DfgDfg Admin
    edited November 2012
    Jesus fucking christ dude, that's off the hook amazing. I love the detailed documentation. I do have IP CAMs in UNI, never decided to fuck with them but now I am thinking of doing it.
  • TasmanianDevilTasmanianDevil Semo-Regulars
    edited November 2012
    Dfg wrote: »
    Jesus fucking christ dude, that's off the hook amazing. I love the detailed documentation. I do have IP CAMs in UNI, never decided to fuck with them but now I am thinking of doing it.

    Actually i had to cut large portions out of it due to legality, did not want to make it too easy for random folks of the internet to locate the camera and fuck around with the owner.

    The owner of that camera have been notified btw and the camera is now password protected.

    I may put together a step by step on how to locate these cameras later but i will have to find a good camera to use as a example.
    Basically you can find them easily if you know some basics about html headers and status codes.
    Also helps to know where to look for them, there are easy ways to search for them on the internet.
  • RemadERemadE Global Moderator
    edited November 2012
    Wow.
    Dude, I am in awe at your ability. Time to get learning! Thanks for sharing this information, really helps this community :)

    Read, know, do!
  • TasmanianDevilTasmanianDevil Semo-Regulars
    edited December 2012
    RemadE wrote: »
    Wow.
    Dude, I am in awe at your ability. Time to get learning! Thanks for sharing this information, really helps this community :)

    Read, know, do!

    Well, it´s not much of an ability, all the info is out there you just have to find it and make some kind of sense of it.

    My only real advantage is i have the time to go through all the information i gather from a system and put it together into something useful, in my case trolling potential. (Some questionably usefulness there, but hey, lulz is always welcome)
  • DfgDfg Admin
    edited December 2012
    Well, it´s not much of an ability, all the info is out there you just have to find it and make some kind of sense of it.

    I get most of the info i need to find these cameras from Shodan, its a search engine that searches for devices on the internet instead of web content.
    A simple search on Shodan for "Netcam" for example brings up a list of 15,287 of those Trendnet cameras that got so famous for having that built in security flaw where you could get the live mjpg stream without authentication.

    My only real advantage is i have the time to go through all the information i gather from a system and put it together into something useful, in my case trolling potential. (Some questionably usefulness there, but hey, lulz is always welcome)

    You're a hero. Signs up!
Sign In or Register to comment.