PaulDotCom mailing list archives
Video Camera Security
From: irongeek at irongeek.com (Adrian Crenshaw)
Date: Mon, 29 Jun 2009 13:27:50 -0400
Hi all, Since in episode 157 you were talking some about IP video cameras, I figured I'd mention a few items. I've been playing with the idea of writing an article about IP video camera insecurity, and here are a few things I would want to mention: 1. IP was never meant to be secure, and if you can get on the same LAN DoS is trivial (ARP poison and drop traffic, conflict IP, etc). 2. Wireless is even worse, you can't stop deauth attacks. 3. How many of these cams have you seen using plain text protocols, like ftp, to archive photos? 4. Web front ends, huh, since there are hardware I wonder how often they update the firmware. 5. Use an ettercap filter to replace the video with something else. :) 6. The Dlink I have for testing can be set to require a password, but if you know the path to the java applet you can still watch the cam. 7. Laser pointers are a fun way to take them out, but this guy has done it one better: I found someone online who hooked up a rifle scope, a laser pointer and a cell phone to blin a camera on command. Granted, 7 is not IP only. Adrian -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090629/56e0486c/attachment.htm
Current thread:
- Video Camera Security Adrian Crenshaw (Jun 29)
- Video Camera Security Ty Auvil (Jun 29)
- Video Camera Security xgermx (Jun 30)