Push To Hack: Reverse Engineering an IP Camera

New submitter tetraverse writes: For our most recent IoT adventure, we've examined an outdoor cloud security camera [the Motorola Focus 73] which like many devices of its generation a) has an associated mobile app b) is quick to setup and c) presents new security threats to your network. From the article: This blog describes in detail how we were able to exploit the camera without access to the local network, steal secrets including the home networkâ(TM)s Wi-Fi password, obtain full control of the PTZ (Pan-Tilt-Zoom) controls and redirect the video feed and movement alerts to our own server; effectively watching the watchers.

Need at least basic M&M security

[silas_moeckel]

M&M security is not great (hard candy shell soft middle) but it's at least something. I've got plenty of CCTV IoT etc etc but they can not access the internet with a singular exception and thats pretty much an application specific firewall. The rest is all easily accessible via a VPN.

We keep getting gear that wants to up upnp to open up ports to the world. Only is useful while talking to cloud control gear. Meaning it's not very useful at all.