Owning a Wireless Camera, Its User and Its Network

twistedmoney99 writes "InformIT has posted a two part article by Seth Fogie that describes how a wireless IP camera can be owned and abused. The first part describes how the camera's feed can be sniffed, replaced, or even DoSed off the air by a PDA. The second part then takes a look at the web application interface of the camera (an Axis207W) and exposes numerous vulnerabilities that lead to exposed passwords, a software based DoS, global XSS — and the kicker — a CRSF attack through which an attacker can remotely penetrate the network it is installed on."

Wireless networking reminds me of JavaScript.

Wireless communication reminds me a lot of JavaScript: it's just plain insecure.

With JavaScript, we have to worry about cross-site scripting, easily-thieved JavaScript code, and so many other issues.

It's much the same with wireless networking: we have to be concerned about intercepted transmissions.

So like with JavaScript, a lot of half-assed measures are put in place to try and deal with the inherently insecure nature of the medium. Most of these measures actually fail outright, or at least don't make the situation any better.

With computers still becoming faster at a rapid pace, the wireless encryption policies used today will be easily crackable by a typical PC within two or three years.

Unsecured wireless networks are insecure

[DrPepper]

Headline News! If you don't secure your wireless network, people can see the traffic on it and spoof responses! I'll concede the camera has a few bugs that should be fixed. But this article doesn't really raise any issues that the average Slashdot reader wouldn't know about.

The article is obviously aimed at a less experienced audience - in which case it really should provide some tips on securing your network, rather than trying to scare people about wireless network technologies.

Re:Unsecured wireless networks are insecure

[Wog]

The DOS concerns are absolutely valid, but the rest of the article is absolute garbage.

Congratulations to the author for revealing to us that equipment operating on an unencrypted network is vulnerable to interception or takeover.

Re:Unsecured wireless networks are insecure

[value_added]

The article is obviously aimed at a less experienced audience - in which case it really should provide some tips on securing your network, rather than trying to scare people about wireless network technologies.

Human nature being what it is, my vote would be to do both, irrespective of the audience.

Re:"Owned"?

[Yath]

No, it's still slang that doesn't belong in a Slashdot headline. Zonk should show more professionalism.

Doing what?

[glwtta]

You know, it's a little silly to use the word "own" to mean "exploit a vulnerability" when you are speaking in complete sentences, not substituting vaguely similar looking numbers for letters, and generally trying to sound like a grown-up.

Re:"Owned"?

[joe+155]

this is one time when "pwning" would actually have been more useful, I read this and thought that it was advice on how to own one - literally things like how to purchase it and why you might want to; maybe a short review.

Hacking a camera should have a title like "hacking a wireless camera..." (or, dare I say it, even the stupid "cracking"). Or, as I say, if they must use some form of "down with the kids" newspeak then for god's sake get it right and use pwn.