Checking your customers via open IP cameras
This is rather scary or stupid, pick one. Inside the world of unsecured IP security cameras.
If you’re in public, you’re on camera. If you walk into a coffee shop, the owner gets you at the register. Visit a larger store, and chances are they have your face as soon as you cross the threshold. At least one or two of your neighbors catch you on camera when you walk around your neighborhood, and many cities monitor traffic using red light cameras at major intersections. The question is no longer if you’re on camera, but rather how many different angles you were caught on while going about your day.
With so much monitoring taking place, and with surveillance systems gaining more online functionality every year, it’s natural that securing these systems would become… complicated. And that many many are secured incorrectly or not at all. Because so many cameras and surveillance systems are completely open, it’s possible for anyone with Internet access to watch literally thousands of cameras online using only Google and a kindergartener’s understanding of the ‘Net. With a little time and patience, almost any given system, from a set of residential cameras to those used by your local police, can be accessed, viewed, and even reset if not properly secured. Of course, if you can do this, it means that anyone can do it. Feel safer yet?
A lot of these open IP cameras can be reprogrammed by any person with a laptop or cellphone and a bit of knowledge. Finding them with Google is very, very simple. The article states:
The secret is in the search itself. Though a standard Google search typically won’t find anything out of the ordinary, pairing advanced search tags (“intitle,” “inurl,” “intext,” and so on) with names of commonly-used cameras or fragments of URLs will provide direct links to watch live video from thousands of IP cameras.
This is what I found for example: http://www.onlinewebcameras.com/live-view-axis-205-network-cameras/
Or, this one is interesting: http://66.163.131.195/view/index.shtml
You can follow cars!
Now imagine what you can learn about your client when you are performing a pentest or a red team exercise. You can find several unsecured cameras, follow cars, learn how the security guards change, when trucks for the cafeteria arrive and how it looks like... It's a lot of information that needs to be secured.
Here is a list of google query strings you can try:
- inurl:/view.shtml
- intitle:”Live View / - AXIS” | inurl:view/view.shtml^
- inurl:ViewerFrame?Mode=
- inurl:ViewerFrame?Mode=Refresh
- inurl:axis-cgi/jpg
- inurl:axis-cgi/mjpg
- inurl:view/indexFrame.shtml
- inurl:view/index.shtml
- inurl:view/view.shtml
- liveapplet
- intitle:”live view” intitle:axis
- intitle:liveapplet
- allintitle:”Network Camera NetworkCamera”
- intitle:axis intitle:”video server”
- intitle:liveapplet inurl:LvAppl
- intitle:”EvoCam” inurl:”webcam.html”
- intitle:”Live NetSnap Cam-Server feed”
- intitle:”Live View / - AXIS”
- intitle:”Live View / - AXIS 206M”
- intitle:”Live View / - AXIS 206W”
- intitle:”Live View / - AXIS 210?
- inurl:indexFrame.shtml Axis
- inurl:”MultiCameraFrame?Mode=Motion”
- intitle:start inurl:cgistart
- intitle:”WJ-NT104 Main Page”
- intext:”MOBOTIX M1? intext:”Open Menu”
- intext:”MOBOTIX M10? intext:”Open Menu”
- intext:”MOBOTIX D10? intext:”Open Menu”
- intitle:snc-z20 inurl:home/
- intitle:snc-cs3 inurl:home/
- intitle:snc-rz30 inurl:home/
- intitle:”sony network camera snc-p1?
- intitle:”sony network camera snc-m1?
- site:.viewnetcam.com -www.viewnetcam.com
- intitle:”Toshiba Network Camera” user login
- intitle:”netcam live image”
- intitle:”i-Catcher Console - Web Monitor”
Are you scared yet?
Regardless of the camera, you can lock unauthorized access to the camera simply by enabling the built-in security that cameras come with. Also make you that you change the default usernames and passwords (especially important since the default combinations are easily available on manufacturers’ websites).
Read the manual and close those cameras, please!