Slashdot Mirror

← Back to Stories (view on slashdot.org)

Owning a Wireless Camera, Its User and Its Network

Posted by Zonk on from the is-that-owning-or-pwning dept.

twistedmoney99 writes "InformIT has posted a two part article by Seth Fogie that describes how a wireless IP camera can be owned and abused. The first part describes how the camera's feed can be sniffed, replaced, or even DoSed off the air by a PDA. The second part then takes a look at the web application interface of the camera (an Axis207W) and exposes numerous vulnerabilities that lead to exposed passwords, a software based DoS, global XSS — and the kicker — a CRSF attack through which an attacker can remotely penetrate the network it is installed on."

4 of 59 comments (clear)

  1. not too surprizing by Anonymous Coward · · Score: 3, Interesting

    Some IP cameras don't even need to be DoS'd, leave 'em out in the sun for 2 hours and they overheat... in fact, try to pull a stream from them and half the time they overheat. And we're talking about several hundreds of dollars worth of equipment rendered worthless by a bit of sunlight.

    1. Re:not too surprizing by PlusFiveTroll · · Score: 2, Interesting

      Here in the sunbelt I mount all of our outside wireless equipment in containers with solar fans. One benefit of an outside camera being wireless is network isolation from lighting strikes. I've seen far too many installations where people don't install one these http://www.hyperlinktech.com/web/hgln_cat5-2.php on their externally mounted wired equipment.

  2. Re:Wireless networking reminds me of JavaScript. by Anonymous Coward · · Score: 1, Interesting

    Dude, one of the examples in the article even shows how the web config interface of this wireless cam can be used to cause JS XSS exploits! So this camera has both the problems of wireless comm and it also has all the problems of web dev (like JavaScript XSS)!

  3. AXIS 207W by kaszeta · · Score: 2, Interesting
    I've used these cameras for quite a few projects (including one for the Department of Homeland Security), and have found the same thing mentioned in this article: the security on them is pretty poor.

    Before deploying these, we ended up disabling the wireless support, and coupling each camera with a Gumstix computer that was serving as both an image buffer and a nicely firewalled configuration that provided much more secure wireless communications.