Video Camera Security

[irongeek at irongeek.com (Adrian Crenshaw)]

Hi all, Since in episode 157 you were talking some about IP video cameras, I
figured I'd mention a few items. I've been playing with the idea of writing
an article about IP video camera insecurity, and here are a few things I
would want to mention:

1. IP was never meant to be secure, and if you can get on the same LAN DoS
is trivial (ARP poison and drop traffic, conflict IP, etc).
2. Wireless is even worse, you can't stop deauth attacks.
3. How many of these cams have you seen using plain text protocols, like
ftp, to archive photos?
4. Web front ends, huh, since there are hardware I wonder how often they
update the firmware.
5. Use an ettercap filter to replace the video with something else. :)
6. The Dlink I have for testing can be set to require a password, but if you
know the path to the java applet you can still watch the cam.
7. Laser pointers are a fun way to take them out, but this guy has done it
one better:
I found someone online who hooked up a rifle scope, a laser pointer and a
cell phone to blin a camera on command.

Granted, 7 is not IP only.
Adrian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090629/56e0486c/attachment.htm