Slashdot Mirror
Unsecured IP Cameras Accessible To Everyone
Orome1 writes "In the last couple of decades, we have become so accustomed to the idea that the public portion of our everyday life is watched and recorded — in stores, on the street, in institutions — that we often don't even notice the cameras anymore. Analog surveillance systems were difficult to hack into by people who lacked the adequate knowledge, but IP cameras — having their own IPs — can be quite easily physically located and their stream watched in real-time by anyone who has a modicum of computer knowledge and knows what to search for on Google."
Good find 2002.
Ars Technica did a nice piece on this too:
http://arstechnica.com/gadgets/guides/2011/01/one-mans-journey-through-the-world-of-unsecured-ip-surveillance-cams.ars
Worth a read.
.: Max Romantschuk
Any reason the link in the summary should trigger an OpenDNS block for conficker or some other vulnerability/issue????
And there's lots of other things you can find. Here are some lists: http://www.hackersforcharity.org/ghdb/
Emotions! In your brain!
so you like to hack into gay bar to watch penises, as they says : each to is own !
Jehovah be praised, Oracle was not selected
"Unsecured IP Cameras Accessible To Everyone"
Well, doh, enable a good password and run them over SSH .. !!!
NPR had a story on using an iPhone app to surf surveillance cameras around the world.
heres a long list copied from various parts of the web for searches you can try :
allintitle: "Network Camera NetworkCamera" Network cameras
intitle:Axis 2400 video server Mostly security cameras, car parks, colleges, clubs, bars, etc.
intitle:axis intitle:"video server" Mostly security cameras, car parks, colleges, bars, ski slopes etc.
intitle:"EvoCam" inurl:"webcam.html" Mostly European security cameras
intitle:"Live NetSnap Cam-Server feed" Network cameras, private and non private web cameras
intitle:"Live View / - AXIS" Mostly security cameras, car parks, colleges etc.
intitle:"LiveView / - AXIS" | inurl:view/view.shtml Mostly security cameras, car parks, colleges etc.
intitle:liveapplet Mostly security cameras, car parks, colleges, clubs, bars etc.
intitle:snc-cs3 inurl:home/ Mostly security cameras, swimming pools and more etc.
intitle:"snc-rz30 home" Mostly security cameras, shops, car parks
intitle:snc-z20 inurl:home/ Mostly security cameras, swimming pools and more etc.
intitle:"WJ-NT104 Main" Mostly security cameras, shops, car parks
inurl:LvAppl intitle:liveapplet Mostly security cameras, car parks, colleges etc.
inurl:indexFrame.shtml "Axis Video Server" Mostly security cameras, car parks, colleges etc.
inurl:lvappl A huge list of webcams around the world, mostly security cameras, car parks, colleges etc.
inurl:axis-cgi/jpg Mostly security cameras
inurl:indexFrame.shtml Axis Mostly security cameras, car parks, colleges etc.
inurl:"MultiCameraFrame?Mode=Motion" Mostly security cameras, pet shops, colleges etc.
inurl:/view.shtml Mostly security cameras, car parks, colleges etc.
inurl:/view/index.shtml Mostly security cameras, airports, car parks, back gardens, traffic cams etc.
inurl:viewerframe?mode= Network cameras, mostly private webcams etc.
inurl:"viewerframe?mode=motion" Network cameras
inurl:ViewerFrame?Mode=Refresh Mostly security cameras, parks, bird tables etc.
Other searches: /view/index.shtml
control/userimage.html liveapplet inurl:indexframe.shtml inurl:"view/index.shtml" inurl:"view/indexFrame.shtml" inurl:view/view.shtml
inurl:/view/view.shtml?videos= inurl:ViewerFrame?Mode= inurl:ViewerFrame?Mode=Motion inurl:ViewerFrame?Mode=Refresh site:.viewnetcam.com -www.viewnetcam.com
In Title:
intitle:"live view" intitle:axis
intitle:"EvoCam" inurl:"webcam.html"
intitle:"i-Catcher Console - Web Monitor"
intitle:"Live NetSnap Cam-Server feed"
allintitle:liveapplet
intitle:liveapplet
intitle:"netcam live image"
intitle:"snc-rz30 home"
intitle:"WJ-NT104 Main"
In URL:
inurl:axis-cgi/jpg
inurl:indexFrame.shtml Axis
inurl:indexFrame.shtml "Axis Video Server"
inurl:lvappl live webcams
inurl:LvAppl intitle:liveapplet
inurl:"MultiCameraFrame?Mode=Motion"
inurl:/view:shtml
inurl:/view/index.shtml
inurl:view/indexframe.shtml
inurl:view/view.shtml
viewerframe?mode=
inurl:"viewerframe?mode=motion"
inurl:ViewerFrame?Mode=Refresh
Two searches in one order:
intitle:"live view" intitle:axis (two searches in one order)
intitle:axis intitle:"video server"
intitle:liveapplet inurl:LvAppl
intitle:"Live View / - AXIS" | inurl:view/view.shtml
intitle:start inurl:cgistart
Combination:
camera linksys inurl:main.cgi
Display Cameras intitle:"Express6 Live Image"
intitle:"active webcam page"
intitle:"EvoCam" inurl:"webcam.html"
inurl:LvAppl intitle:liveapplet
intitle:"Live View / - AXIS"
intitle:liveapplet inurl:LvAppl
intitle:"my webcamXP server!" inurl:":8080"
intitle:"Network Camera" inurl:ViewerFrame
intitle:snc-z20 inurl:home/
intitle:snc-rz30 inurl:home/
intitle:"toshiba network camera - User Login"
intitle:"Live View / - AXIS" | inurl:view/view.shtml
tilt intitle:"Live View / - AXIS" | inurl:view/view.shtml
intitle:"WJ-NT104 Main Page"
Sometimes your order gives hundreds of URLs. You can restrict your search by adding a country, a specialized URL or another mes
At the University where I work, there are cameras in all of the lobby areas and in many of the labs. They are publicly accessible, for the most part - non-port 22 but otherwise unsecured. However, because the University wants to be able to use the pictures in legal proceedings, all the camera areas are clearly marked with "Video Surveillance" stickers.
I can't speak for anyone else, but it's not that hard to just not do funky things in these areas.
Yes, it intrudes on my sphere, but I have no expectation of privacy at work, or on the street. If I want to do something private, I go somewhere private. It's not that much of a burden, at least to me.
Don't take life too seriously; it isn't permanent.
so you like to hack into gay bar to watch penises, as they says : each to is own !
What a dick. If they find out, he's screwed.
This is a substitute for a clever sig that fits within the maximum number of characters.
Old news is old.
Isn't this the first thing that Script Kiddies learn, the so-called "Google Hacking"?
There was an article a while back about the US Army drones transmitting over an unsecure protocol and needing 50 dollar equipment to find out what they were scouting out.
This was available on the MBone as an IP camera before Google even existed.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Someone has a whole list of open webcams: http://www.opentopia.com/hiddencam.php
Now all I need is to have the IP address of my local red light and speed cameras.
Of course, I would never have any fun and do something like, changing the time, moving the camera, replacing drivers' faces with pictures of say, maybe Osama Bin Laden, Benjamin Franklin, or the president.
Fight Spammers!
...welcome our new security camera overlords.
Unsecured X on the internet is accessible! This has been true since Arpnet and when you could dial an 800 number on your 300bps modem to access Telnet.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
If the streams were secured, there'd be a monopoly or oligopoly of the information thereof, paving way for police states. As long as it's publicly accessible (though it should be properly accounted and publicly listed) it's common knowledge to be leveraged by all. Want to check whether your friends are hanging at their usual place? Check it out from the live stream. Want to see how it's like to live on the other side of the world? Want to follow an uprising in Tunisia? Likewise.
I was the real korpiq until I woke up clowned.
>>He also managed to access three red-light cameras in a town in Texas, and while he didn't change any settings, he could have.
Oh, that kind of red-light, shame....
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated up.
so you like to hack into gay bar to watch penises, as they says : each to is own !
What a dick. If they find out, he's screwed.
Once you got the hang of it, you'll be a happy cork soaker!
This was one of the first things I saw on slashdot, probably more than ten years ago. The reason this hasn't changed is that very few security vendors actually care much about security.
Full disclosure: I work for one of these companies. I'm not saying which, so that this doesn't become an advertisement. That said, ours don't have this problem.
This is a brand-by-brand thing. Just pay attention to who's vulnerable, and cross them off your vendor list.
In 2011 I would expect to see a mashup showing a map with all the locations of the IP addresses that allows you to click and view
Next thing you know, NCIS and CSI:Whatever will be true!
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
Weird how even not reading names I can tell it's one of your sock puppets. You need to develop a better trolling technique. You're not as amusing as the GNAA or trying to hide goatse into everything and that's saying something.
you're completely pathetic.
you're an ignorant hypocrite.
you're an idiot.
MichaelKristopeit402 = stagnated.
So what you're saying is that their gay bathhouse has an ultra-high definition camera?
I found many online cameras 3-4 years ago, but things seem to have changed. For example, the Ars Technica article, referenced earlier, says "Change the search to “intitle: ‘Live View / - AXIS 206M,’” though, and Google returns 3 pages of links to 206Ms that are online and viewable." But when I try this, I only get spam websites and articles telling you "how to use Google to find online cameras".
Why would the camera owners care? Mostly they are just there for surveillance. They don't care who is watching or they would not have a camera.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
that says that if a government is installing security cameras in a public location that the feeds from those cameras have to be publicly accessible, via the web, and no getting around this by hiring a contractor to install a camera and then claiming that the feed is private. This wouldn't be a total solution to the problem of stupid bureaucrats indulging paranoid morons by installing cameras everywhere, but it would slow things down and it would reduce the asymmetry of information between the government and the people it is supposed to serve.
cheap labor conservatives - they want to keep you hungry enough to be thankful for minimum wage.
This is news?
ChumbySpy and SurveillanceSaver have been around for years.
http://www.chumby.com/guide/widget/ChumbySpy
Kriston
Why would anyone do this when it's so simple not to?
Besides the obvious issue of choosing good passwords, why would anyone use public IP addresses or for that matter even the "common" private IP address for security devices?
Ideally, you'd have them on an isolated network which MIGHT be joined to the corporate WAN by a dual-homed control/recording station but that might not be possible for a variety of reasons.
Less than ideal is running them on a separate IP address space so they weren't "visible" to other computers on the LAN unless the user or virus-infected computer were smart enough to change its network to match that of the camera or do some other non-standard tricks.
In any case, your internal LAN computers and your security hardware should all be behind a firewall anyways, inaccessible from outside except in ways you define.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Don't be such a cheapskate. Pay the bathhouse admission fee like everyone else if you want to make use of the... er.... facilities.
Tell him he can have what he wants if he antes up for a dedicated VPN or equivalent "front end login" that doesn't expose the cameras or the control computer directly to the Interweb.
You might also gain some traction if your state or country's employment laws would put the company or its officers at risk for violating employee privacy if they put the cameras on the web without adequate security. Heck, if the lawyer says doing this puts YOU at risk then that's the ultimate trump card.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
So what if they are on google, most are empty until action happens, and the timing needed to be on at the same time action happens, is too small to even bother...unless it was inside a shower, then you pay per view....however, a camera set up outside someones home to log each entry into a house is pretty wasteful to watch...who cares if you can see what they see....as long as you cant reconfigure it,...
A while back I ran across the SurveillanceSaver project - a simple screen saver which contained a small list of webcams it would cycle through. I had the OSX version installed on my mac, but when I upgraded to Snow Leopard it quit working. Found out it was written in Quartz, so I re-compiled it with the new version, and got it working again.
Then I found out that the guys who wrote it went on to found the Public Viewpoint Project, which searches for publicly available webcams and creates an RSS feed. I can't find their web site anymore, but the RSS feed is still up. I added to their screen saver the ability to connect to their RSS feed, d/l camera URLs and test them out before showing them.
I recently created a Google Code space for it, it's available here: http://code.google.com/p/surveillancesaverosx
It still has some bugs, if there are any "expert" Quartz developers out there, I'd love to get some pointers.
http://livecams-iphone.com/
There are others, but I have found this one to be the best
Since I first arrived in La Jolla, CA (92037) and noticed the little black domes darn near everywhere I theorized that, whether or not different subcontractors manage the security contract for any individual location, there is some overseer--either official or sitting on a network intersection--who has access to all of them. They probably have a FPS/MMORPG type interface which they are able to use to follow any particular person around should any particular person happen to catch their special interest. Given that there is such a large number of retired, semi-retired, lucratively employed-at-home, or otherwise fantastically wealthy with nothing else to do, people in this area it does not strike me as at all odd that I rarely have more than five seconds of peace in any location before people begin arriving to poke their noses or just hover around. What would it take? One fantastically wealthy person with a security clearance, fifty or one hundred people (as few as fifteen would probably do) employed underneath them, and rotating access to rental cars/used car lots to keep up a decent ruse? Combine that with the local residents and office dwellers who could be recruited to "call us any time you see one of these people" (mostly homeless).
On many occasions it just seemed to be all too coincidental that as I headed from point A to point B that there were people at point B just waiting for me. Coincidence, sometimes; coincidence, sometimes; coincidence, sometimes... but after five years it cannot possibly be random cosmological coincidence _ALL_ of the time.
Imagining a society of harassment is not at all difficult. Since the wealth distribution is so ridiculously skewed and since those who have the wealth have had a demonstrated interest in maintaining their artificial superiority since the book of Genesis ("There's going to be a famine in the land... You should do what we tell you to do") it is hardly unreasonable to expect that the wealthy will devote some portion of their time and effort to following and sabotaging any of the financially enslaved who happen to challenge their superiority. Now we have near complete camera coverage of entire cities to assist that.
Go ahead. Tell me that the fantastically wealthy, having such resources available to them (legally, illegally, with or without the owner's knowledge... hardly a consideration for the people who sign your paychecks, the paychecks of the politicians, the paychecks of the judges, etc.), would not use them.
the NPG electrode was replaced with carbon blac
My senior seminar project as a CS undergrad (2005) was the creation of a motion sensing surveillance system. Part of the demonstration I did during the presentation was to show how my software could monitor cameras from around the world for motion. In many cases I had no idea where the cameras were physically located. Later as part of my Masters thesis (2010), I extended the software to include face recognition... now it can identify "John Doe" and you can have it tell you when it see's specific people in a specific scene (white lists, black lists and reports on who has been seen).
I've always thought that combining the face recognition and motion sensing features with a library of pictures harvested from Facebook and LinkedIn would result in something very interesting from many points of view...
so you like to hack into gay bar to watch penises, as they says : each to is own !
Has grandparent looked into a job with TSA? I heard it's an all-you-can-eat smorgasbord for the eyes of penus, all day just PENUS PENUS PENUS PENUS PENUS PENUS and they actually pay you for it!
My city has several cameras around the city available for access at the city's taxpayer-funded website. I decided to use them once to create some time-lapse video of the wax and wane of winter weather. One day, suddenly I couldn't access the cams anymore. Or the entire website. They unilaterally decided that I was using too much of their bandwidth and dropped my IP into a configuration file to disable my access, expecting me to go to them to get my access reinstated. Of course, all information on how to contact them was on their now-restricted website.
The amount of data transferred was less than 1 DVD a month. It wasn't that the usage was excessive; it was that my usage was an identifiable spike. But instead of limiting how often you can pull frames from the cameras (I used 1 every 30 seconds, sub-SD resolution, in greyscale, but from every camera), they instead decided to lock me out. (They also say they don't retain the video they record.)
Unfortunately, since I was grabbing these still images using my machine at work, and others at work were just monitoring the cameras in preparation for travel home, they saw it as coming from multiple IPs in the same subnet and blocked the company's entire IP range, which became a problem when the head of HR was needing to do background checks on some potential new hires on the city website.
Now if I want to do time-lapse videos of traffic cams again, I'm going to have to do it from home and through Tor so they can't identify one IP block. Even though there's some nice snowfall patterns recently, it just isn't worth the effort/hassle to satisfy my creative curiosity now.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
http://en.wikipedia.org/wiki/Transparent_society
http://en.wikipedia.org/wiki/The_Light_of_Other_Days
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Funny this comes up, Domino's Australia (the pizza place) IP camera systems for every single individual store nationwide has been world accessible, and default user/password accessible for the last several years on port 8080.
All you need to do is figure out the IP address they use, and you're in - no password, no login, not nothing!!
I stumbled upon this a few years ago running a port scan on my frame routed IP range for our business connection and got the subnet wrong on nmap and stumbled literally hundred's of cameras, including my own local Domino's store!
But what do you do? I e-mailed them, no response. Called their head office, and no-one seemed to care.
Add the web anime from a few years back "Platonic Chain" to the list. Scary teenagers abusing a security database and network of cameras for their own ends.
County shooting range. Occasionally reserved for the local, state, federal law enforcement, including undercover agents for periodic target practice, requalification, etc. Nice security camera setup.
I'm not saying where. If you stupid cops need to keep your undercover people unknown, go get your own damned range and quit bogarting ours.
Hack my toilet cam, come on!
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
I'm afraid you're going to repeatedly attempt to make love to my mouth and asshole.
I tried an abus camera once and it supports rtsp on that standard port for this protocol. However, it also supports streaming on this port with MJPEG and http. The difference is however that if you connect with http to this port it will stream and ignore all of the settings that require a password, hence you don't need a password. I've tried contacting them about this but they wouldn't return the E-mails to a gave up.
Wasn't this in that Google Hacking book however many years ago? I know slashdot's usually a bit behind but I thought that was 5 or 6 years ago.
Can we start a list of Slashdot posters with obvious personality disorders? This guy belongs at the top!
(posting AC because I'd probably be on the list too ;))
Michael Kristopeit?
I main as Michael Kristopeit in Street Fighter II. His sockpuppet move is devastating! Here are some of his win quotes:
"Ur Mum's face did XXXX"
"Why do you cower?"
"You're completely pathetic"
"Go home and be a family man!"