Slashdot Mirror

← Back to Stories (view on slashdot.org)

Owning a Wireless Camera, Its User and Its Network

Posted by Zonk on from the is-that-owning-or-pwning dept.

twistedmoney99 writes "InformIT has posted a two part article by Seth Fogie that describes how a wireless IP camera can be owned and abused. The first part describes how the camera's feed can be sniffed, replaced, or even DoSed off the air by a PDA. The second part then takes a look at the web application interface of the camera (an Axis207W) and exposes numerous vulnerabilities that lead to exposed passwords, a software based DoS, global XSS — and the kicker — a CRSF attack through which an attacker can remotely penetrate the network it is installed on."

59 comments

  1. Spying by Manos_Of_Fate · · Score: 3, Funny

    I wonder how many people are going to see this and immediately think about that hot girl that lives upstairs?

    --
    Isn't enough that I ruined a pony, making a gift for you?
    1. Re:Spying by phantomcircuit · · Score: 1

      on slashdot..?

      ever... ooh boobies

    2. Re:Spying by Stanislav_J · · Score: 1

      I wonder how many people are going to see this and immediately think about that hot girl that lives upstairs?

      Actually, I'm on the second floor, so she's downstairs. But otherwise....um....yeah.
      --
      "Every great cause begins as a movement, becomes a business, and eventually degenerates into a racket." -- Eric Hoffer
    3. Re:Spying by Anonymous Coward · · Score: 0

      Actually, I'm on the second floor, so she's downstairs. But otherwise....um....yeah.

      Stop blasting your crappy music at midnight and I'll consider setting up a hidden camera in her room. I have early classes, you insensitive clod.

    4. Re:Spying by zero_offset · · Score: 1

      Probably not many, unless the hot girl also owns a wireless IP webcam that points somewhere interesting. In which case you can probably already find her somewhere online, in which case those people will be more interested in articles about stealing credit card numbers.

      --

      Slashdot quality declines as the number of hot grits posts decreases. - Provolt's Law, Apr-09-2005

  2. not too surprizing by Anonymous Coward · · Score: 3, Interesting

    Some IP cameras don't even need to be DoS'd, leave 'em out in the sun for 2 hours and they overheat... in fact, try to pull a stream from them and half the time they overheat. And we're talking about several hundreds of dollars worth of equipment rendered worthless by a bit of sunlight.

    1. Re:not too surprizing by PlusFiveTroll · · Score: 2, Interesting

      Here in the sunbelt I mount all of our outside wireless equipment in containers with solar fans. One benefit of an outside camera being wireless is network isolation from lighting strikes. I've seen far too many installations where people don't install one these http://www.hyperlinktech.com/web/hgln_cat5-2.php on their externally mounted wired equipment.

    2. Re:not too surprizing by Anonymous Coward · · Score: 1, Informative

      >I've seen far too many installations where people don't install one these http://www.hyperlinktech.com/web/hgln_cat5-2.php on their externally mounted wired equipment.

      Physics says 3 inches of ANYTHING won't block a direct lightning strike that travelled through miles of air. However, as the mythbusters did show, that amount of metal (and larger) is about at the point where it might attract lightning that strikes nearby.

      Now, an indirect lightning strike it might block, perhaps; Although I wouldn't care much about the reliability of the link if the equipment on the one side has melted.

      If you're going to run a cable outside, and you get to choose the type of cable, why aren't you running fiber? For the distances ethernet is good to, it's more expensive, sure, but it's not a bank account crusher in any way that matters.

  3. skipping the spam by Anonymous Coward · · Score: 1, Informative


    And people wonder why adblock is gaining 400k users a month
    this site with its multiple pages is one of the reasons

    http://www.informit.com/articles/printerfriendly.aspx?p=1016102&rl=1

  4. "Owned"? by Poromenos1 · · Score: 2

    Are we using "owned" to mean "taken control of" in official context now, or is it just me?

    --
    Send email from the afterlife! Write your e-will at Dead Man's Switch.
    1. Re:"Owned"? by Yath · · Score: 3, Insightful

      No, it's still slang that doesn't belong in a Slashdot headline. Zonk should show more professionalism.

      --
      I always mod up spelling trolls.
    2. Re:"Owned"? by joe+155 · · Score: 3, Insightful

      this is one time when "pwning" would actually have been more useful, I read this and thought that it was advice on how to own one - literally things like how to purchase it and why you might want to; maybe a short review.

      Hacking a camera should have a title like "hacking a wireless camera..." (or, dare I say it, even the stupid "cracking"). Or, as I say, if they must use some form of "down with the kids" newspeak then for god's sake get it right and use pwn.

      --
      *''I can't believe it's not a hyperlink.''
    3. Re:"Owned"? by Poromenos1 · · Score: 1

      I agree, I spent a few seconds parsing that sentence trying to decide. Pwn is far more appropriate, and saying "owning" doesn't make it any more formal.

      --
      Send email from the afterlife! Write your e-will at Dead Man's Switch.
    4. Re:"Owned"? by Bazman · · Score: 1

      Next slashdot headline:

        Ownz0ring teh Wireless Cam, Its LUser and teh Netw0rk LOL! ROLFMAYO!

    5. Re:"Owned"? by Dekortage · · Score: 1

      Slashdot just OWNS those grammar nazis, word!

      --
      $nice = $webHosting + $domainNames + $sslCerts
    6. Re:"Owned"? by azenpunk · · Score: 1

      yes, it should have said 'pwned'

    7. Re:"Owned"? by LuSiDe · · Score: 1

      Zonk is just trying to explain us how to buy a digital camera for a tiny amount of money.

      --
      WE DON'T NEED NO BLOG CONTROL.
    8. Re:"Owned"? by eam · · Score: 1

      Yeah. I would expect much more professional behavior from someone named Zonk.

    9. Re:"Owned"? by Anonymous Coward · · Score: 0

      It was 'own' before it was 'pwn', so please shut the fuck up if you have no idea what you're talking about.

  5. Wireless networking reminds me of JavaScript. by Anonymous Coward · · Score: 3, Insightful

    Wireless communication reminds me a lot of JavaScript: it's just plain insecure.

    With JavaScript, we have to worry about cross-site scripting, easily-thieved JavaScript code, and so many other issues.

    It's much the same with wireless networking: we have to be concerned about intercepted transmissions.

    So like with JavaScript, a lot of half-assed measures are put in place to try and deal with the inherently insecure nature of the medium. Most of these measures actually fail outright, or at least don't make the situation any better.

    With computers still becoming faster at a rapid pace, the wireless encryption policies used today will be easily crackable by a typical PC within two or three years.

    1. Re:Wireless networking reminds me of JavaScript. by Anonymous Coward · · Score: 1, Interesting

      Dude, one of the examples in the article even shows how the web config interface of this wireless cam can be used to cause JS XSS exploits! So this camera has both the problems of wireless comm and it also has all the problems of web dev (like JavaScript XSS)!

    2. Re:Wireless networking reminds me of JavaScript. by Anonymous Coward · · Score: 0

      As a security researcher for a couple of decades now, I have seen first-hand how JavaScript has set back the world of secure computing. With a JavaScript implementation available on virtually ever PC, most servers, and even now many mobile devices, it has become the largest vector for malicious software ever. This is yet another example of how dangerous JavaScript is. When it comes to security devices like video cameras, there is absolutely no reason why JavaScript should be involved in any way.

    3. Re:Wireless networking reminds me of JavaScript. by Anonymous Coward · · Score: 0

      As a security researcher for a couple of decades now, I have seen first-hand how executable code has set back the world of secure computing. With an executable code implementation available on virtually ever PC, most servers, and even now many mobile devices, it has become the largest vector for malicious software ever. This is yet another example of how dangerous executable code is. When it comes to security devices like video cameras, there is absolutely no reason why executable code should be involved in any way.

      Much like executable code in computers, there is a right way to do it (all user input is evil!) and a wrong way to do it (I can't imagine anyone doing this). Javascript is "insecure" in the same way that PHP is: it is ubiquitous. Anyone and their dog can code it. It is not inherently insecure, but not everyone one uses it properly.

  6. Unsecured wireless networks are insecure by DrPepper · · Score: 2, Insightful

    Headline News! If you don't secure your wireless network, people can see the traffic on it and spoof responses! I'll concede the camera has a few bugs that should be fixed. But this article doesn't really raise any issues that the average Slashdot reader wouldn't know about.

    The article is obviously aimed at a less experienced audience - in which case it really should provide some tips on securing your network, rather than trying to scare people about wireless network technologies.

    1. Re:Unsecured wireless networks are insecure by Wog · · Score: 2, Insightful

      The DOS concerns are absolutely valid, but the rest of the article is absolute garbage.

      Congratulations to the author for revealing to us that equipment operating on an unencrypted network is vulnerable to interception or takeover.

    2. Re:Unsecured wireless networks are insecure by value_added · · Score: 3, Insightful

      The article is obviously aimed at a less experienced audience - in which case it really should provide some tips on securing your network, rather than trying to scare people about wireless network technologies.

      Human nature being what it is, my vote would be to do both, irrespective of the audience.

    3. Re:Unsecured wireless networks are insecure by fosterNutrition · · Score: 1

      The article is obviously aimed at a less experienced audience That was exactly my thought when I read the summary. This junk sounds like something even Digg would find a bit childish... "HOW 2 HAX0R UR NEIGBORS WIRELES CAM FOR SWEET OWNZAGE." I think when /. ran that 4chan story, all the retarded 13 year olds heard about the site for the first time, and started signing up. I honestly believe this - the stories have always been a little hit or miss, but the number of completely childish comments has just gone through the roof.
    4. Re:Unsecured wireless networks are insecure by Chapter80 · · Score: 1

      But this article doesn't really raise any issues that the average Slashdot reader wouldn't know about.
      Not sure that I agree with that statement.

      Software Developers are writing the camera code. IT professionals are sometimes implementing the cameras. This article creates awareness for both. I think software developers and IT Professionals are "the average Slashdot reader", and can gain a lot from the article as written.

    5. Re:Unsecured wireless networks are insecure by Anonymous Coward · · Score: 0

      it wasn't 4chan, it's ebaumsworld!

  7. That's 0wned you ignorant clod by Anonymous Coward · · Score: 0

    pwned if you prefer.

  8. Old tech by Anonymous Coward · · Score: 0

    It used to be quite a popular activity at school to go into the janitor's closet in the dorms and switch cables around to send cartoons to the security guys in the main building.

    While they donut eating lard arses were trying to nominate which fatso would waddle over to change it back, we would nip out of a window to the pub.

  9. Don't you mean PWNED? by kurthr · · Score: 1

    I was hoping this was going to be about internet video sex slavery or something:^P

    Hmm... and putting externally available insecure computers on your network makes you vulnerable. I guess that's news to someone. Oh, well I guess I should be doing something other than reading /. since I'm not atwork this weekend anyway.

  10. I can't say by piojo · · Score: 3, Funny

    I can't say I've ever owned a wireless camera or its user.

    --
    A cat can't teach a dog to bark.
  11. Ewww. You sick puppy. by Colin+Smith · · Score: 5, Funny

    On Slashdot, that "hot girl that lives upstairs" is probably going to be their mother... Hell, the best interpretation is that it's their sister.

    --
    Deleted
  12. From the Crowbar screenshot by Anonymous Coward · · Score: 0

    The test camera had a password on "chiapet".

  13. I'll be the first by eclectro · · Score: 1

    A picture is worth a thousand spambots.

    --
    Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
  14. MILFs? by Anonymous Coward · · Score: 0

    for a number here, that may be their only chance. Though it may be weird to find out that your mom is a cougar.

  15. CRSF by ceroklis · · Score: 2, Funny

    Aah, the dreaded Canadian Rope Skipping Federation attack.

  16. Doing what? by glwtta · · Score: 3, Insightful

    You know, it's a little silly to use the word "own" to mean "exploit a vulnerability" when you are speaking in complete sentences, not substituting vaguely similar looking numbers for letters, and generally trying to sound like a grown-up.

    --
    sic transit gloria mundi
  17. How hard can it be... by BlueParrot · · Score: 1

    Seriously, why doesn't every wireless product out there just encrypt its damn signal. It's not as if it is particularly hard to implement and easy to set up an intuitive interface. Joe-shmoe won't understand how to do it? Nonsense, make an automated set-up interface that works over USB , standardise it, and let everyone else implement it as well. That way customers only need to learn how to do it once, and then it should be the same for every product they install. But nooooooooo we can't have any of that. We have to make our own proprietary interfaces, prohibit anyone else from using them, thus resulting in 3 million different products, with customers not being bothered to learn many different interfaces just to use their hardware, and thus you end up having everyone run unsecured networks.

    The way it ought to work is when you get a new device you bind it to your home router through a one-click wired interface. Now, just like magic your router can transparently assign keys to every other device you own and afterwards they can all communicate with one another using the router's certificate for authentication. User don't have to know about WEP, WPA, SSL or whatnot, they just plug their webcam into the router's wired interface hit the "bind new device" button and after that it will "just work" with every other device which has been given the router's certificate ( yes, even if the router is shut down afterwards ).

    Now, how many people want to bet there will be a bunch of vendors who will oppose this being implemented as an open standard, thus defeating the entire scheme? Me? Cynical? Naaaaaaa...

    1. Re:How hard can it be... by stuffeh · · Score: 1

      Pitfall of this would be the fact that people now have a false sense of security. http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy states that "a WEP connection can be cracked with readily available software within minutes." So whatever the cam's encryption will use might fall victim to some similar attack.

  18. False positive by Anonymous Coward · · Score: 0

    My German isn't that good either, but as far as I understand it the German page linked to in the summary sounds like it's all a storm in a glass of water around a false positive.

  19. AXIS 207W by kaszeta · · Score: 2, Interesting
    I've used these cameras for quite a few projects (including one for the Department of Homeland Security), and have found the same thing mentioned in this article: the security on them is pretty poor.

    Before deploying these, we ended up disabling the wireless support, and coupling each camera with a Gumstix computer that was serving as both an image buffer and a nicely firewalled configuration that provided much more secure wireless communications.

    1. Re:AXIS 207W by evilviper · · Score: 1

      we ended up disabling the wireless support, and coupling each camera with a Gumstix computer

      At that point, why even use a smart/networked camera? Plug a decent USB camera into the computer, and let it encode to (M)JPEG and run the HTTP server... A ~100MHz Pentium should be able to handle that.
      --
      Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
    2. Re:AXIS 207W by rindeee · · Score: 1

      I'll take a stab at this (based on my experiences) and say that answer is probably that Axis makes a great (aside from the security flaws) camera. They're reliable, tough, etc. They really are quite nice and overall you'd be pressed to find as good a camera in USB flavor.

    3. Re:AXIS 207W by evilviper · · Score: 1

      For the several hundred dollars they charge for one of their cameras, I'm sure I could find a seriously heavy duty USB (or parallel, or firewire, or...) camera out there. Once you're using a computer to secure it, there's no longer any reason to spend that kind of money on even a heavy-duty CCD and lense.

      --
      Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
    4. Re:AXIS 207W by kaszeta · · Score: 1
      The real reasons were (a) I already had a bunch of 207Ws, and (b) at the time you couldn't get full USB support on a Gumstix.

      If I re-did it now, I'd probably use a different camera system, although the 207W does have some very good features.

  20. Lucky she's not a hacker by Joce640k · · Score: 1

    Mine's across the hallway but it's the same principle.

    Lucky she's not a hacker...

    I hope.

    --
    No sig today...
  21. 0wned by Anonymous Coward · · Score: 0

    "pwn" is a "Web 2.0" garbage bastardization.

    the proper word is 0wned with a capital zero, at least for those of us with memories of USENET.

    ("get off my lawn you damn kids!")

  22. Good thing, too! by Xenographic · · Score: 1

    And here I was worried that they might use something like Cross-Site Request Forgery (CSRF).

    Good to know we only have Canadians to worry about, eh?

  23. perfect for a burglery by r00t · · Score: 1

    You can get the image. You can DoS the camera. You can impersonate the camera.

    Oh boy. What would you like the security camera to show?

    How about somebody else, who was previously captured on video?

  24. Hardly surprising by Z00L00K · · Score: 1
    and just about any wireless traffic is sensitive to intrusion, as it happens the camera was in question, and that there are some security flaws there. There are always security risks with any connected device and wireless devices still requires that anybody has to be in the vicinity of the device to cause it to do undesireable things.

    There are as always ways around this, and one lesson is that cameras (wireless or not) should never be on the same network zone as servers with sensitive data. (as with many other devices, say printers) A simple firewall can take care of most things here by both restricting access to and access from the devices.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  25. Big Deal by Xenna · · Score: 1

    So you can push a wireless device off its network. We knew that.
    So you can do all kinds of nasty stuff over wireless if the network doesn't use WPA. We knew that.

    I own a 207W, but I haven't learned anything new here. If I used it for anything security related I probably would've used Ethernet with Power Over Ethernet. Now I use WPA, and nobody has taken the trouble to sabotage my wireless network yet...

    X.

  26. What is a good wireless camera? by tkrotchko · · Score: 1

    This raises a question that I can't get answered.

    I put weather from my backyard on my website. I use it for fun, when I'm at work, or away, I can tell the up-to-the minute weather, and I'd love to put a picture of the backyard up every few minutes. I want to get a wireless camera, but I don't want to pay a fortune, and I'd like it to support wireless.

    Can anybody suggest a good camera for this purpose?

    --
    You were mistaken. Which is odd, since memory shouldn't be a problem for you
    1. Re:What is a good wireless camera? by Anonymous Coward · · Score: 0

      If you want a good one, choose the Axis 207W, if you want a cheap one use some other brand.
      Compare low light image quality if that is important for you - huge differences there.

      Strange the tester didn't hint about enabling https and use that on the camera - that way an attacker can't sniff the passwords or video if they where able to crack the WEP/WPA keys.
      On the 207W you can either install your own certificate or generate a self signed one.

    2. Re:What is a good wireless camera? by mlush · · Score: 1

      This raises a question that I can't get answered.

      I put weather from my backyard on my website. I use it for fun, when I'm at work, or away, I can tell the up-to-the minute weather, and I'd love to put a picture of the backyard up every few minutes. I want to get a wireless camera, but I don't want to pay a fortune, and I'd like it to support wireless.

      Can anybody suggest a good camera for this purpose? Powering the device would be a problem but how about plugging a cheap webcam into a wireless USB adapter.
  27. ...a CRSF attack... by Anonymous Coward · · Score: 0

    Yeah, I heard the Canadian Rope Skipping Federation is a mean bunch of bastards.

  28. Reality check time... by WheelDweller · · Score: 1

    OK, the poster is *surprised* that embedded hardware (without the benefit of a decade's internet use, like DNS/DHCP) could be hacked and allow access to the LAN from the wireless?

    You're kidding me.

    Are there really *THIS* many people who think wireless is as secure as ethernet? This is one of the reasons I'm not building any wireless into my trailer. Do people have to be notified about the insecurity in wireless?

    Oh, yeah...Microsoft is part of the sale; of course, they do. Carry on.

    --
    --- For a good time mail uce@ftc.gov