Slashdot Mirror

← Back to Stories (view on slashdot.org)

Push To Hack: Reverse Engineering an IP Camera (contextis.com)

Posted by timothy on from the well-lookie-here dept.

New submitter tetraverse writes: For our most recent IoT adventure, we've examined an outdoor cloud security camera [the Motorola Focus 73] which like many devices of its generation a) has an associated mobile app b) is quick to setup and c) presents new security threats to your network. From the article: This blog describes in detail how we were able to exploit the camera without access to the local network, steal secrets including the home networkâ(TM)s Wi-Fi password, obtain full control of the PTZ (Pan-Tilt-Zoom) controls and redirect the video feed and movement alerts to our own server; effectively watching the watchers.

7 of 35 comments (clear)

  1. So, if one actually wanted to RTFA... by bbsguru · · Score: 4, Informative

    Where would one look?

    1. Re:So, if one actually wanted to RTFA... by Sinister+Stairs · · Score: 2

      Probably this:
      http://www.contextis.com/resou...

    2. Re:So, if one actually wanted to RTFA... by Frederic54 · · Score: 4, Informative

      It's at the right of the title
      http://www.contextis.com/resou...

      --
      "Science will win because it works." - Stephen Hawking
  2. Why people do not fight back... by martiniturbide · · Score: 3, Insightful

    ..cloud exclusive hardware? It is not only about security but also as control of the hardware you paid for. http://martin.iturbide.com/201...

  3. Behind the shield by Okian+Warrior · · Score: 2

    On the right hand side of the title text, behind the thing that looks like a shield and the thing that looks like a dashpot connected to a screen door, is a link. It's there.

    http://www.contextis.com/resou...

    (On my terminal the link is actually behind those two icons. I'm sure the icons are useful for something, but I'm not exactly sure what. The icons also partially obscure the "from the whatchamacallit dept" text, and I'm not exactly sure what that's good for, either.)

    Slashdot is a classy site!

  4. Need at least basic M&M security by silas_moeckel · · Score: 3, Interesting

    M&M security is not great (hard candy shell soft middle) but it's at least something. I've got plenty of CCTV IoT etc etc but they can not access the internet with a singular exception and thats pretty much an application specific firewall. The rest is all easily accessible via a VPN.

    We keep getting gear that wants to up upnp to open up ports to the world. Only is useful while talking to cloud control gear. Meaning it's not very useful at all.

    --
    No sir I dont like it.
  5. Re:dimothy continues to fail by rlh100 · · Score: 2, Insightful

    Mr asshole, please keep your spell checking fascism comments to yourself. As someone who has struggled all my 50+ years of my life with spelling and writing, I know how shaming your "helpful" comments are. Rather than helping they are more likely to shut the writer down. Silencing their voice. To include profanity in your "helpful" comment you double down on silencing their voice. So next time keep your unhelpful comments to yourself. If you really can't control your impulses, then please leave the profanity out. Your "Not fucking hard, is it?" turned a questionable "helpful" comment into a shaming insult.

    RLH