Thousands of home surveillance cameras are open to everyone and their owners do not know!
Germany’s
biggest discounter has sold thousands of home surveillance cameras you can control
over the internet. It is a nice gadget: When you are away, you can lock in to
your camera and see what is going on at home. It has even a microphone and
infrared sight.
The bad
news: When connected to the net, the camera opens automatically port 80 in your
network. This means everyone who knows your private IP can connect to the
camera. There you will find a user interface with a login.
Next bad
news: In the standard configuration you can login with username “admin” and
without (!!!) password. Once you are logged in, you can see what the camera
sees, turn the camera to different directions, take pictures and hear what the
camera hears. c’t says, the camera even reveals your WLAN-password.
How
dangerous is this? Well, let’s guess that most of the users who are buying
security cameras at a discounter will probably not change the standard
configuration and many probably don’t even know how to change it. But who knows
your private IP-address? Probably nobody and in most cases your provider will
force a change of IP-address every day. So everything will be fine, right?
Wrong!
Hacking tools like IP-scanner Shodan are crawling the net for open IP-addresses.
Every hacker (or even every wannebe hacker) who knows the specification of the
camera can find thousands (!) of open cameras, easily. You can even localize
the IP addresses.
This could
turn out to be the biggest leak of private video footage, ever!
Watch the c't uplink video:
By the way:
Shodan can be found here.
Kommentare
Kommentar veröffentlichen