Nearly 200,000 Wi-Fi Cameras Are Open To Hacking (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

Nearly 200,000 Wi-Fi Cameras Are Open To Hacking (bleepingcomputer.com)

Posted by BeauHD on Thursday March 9, 2017 @01:05PM from the have-a-field-day dept.

An anonymous reader quotes a report from BleepingComputer: What started as an analysis of a simple security flaw in a random wireless IP camera turned into seven vulnerabilities that affect over 1,250 camera models and expose nearly 200,000 cameras to hacking. The flaws affect a generically named product called Wireless IP Camera (P2P) WIFICAM, manufactured by a (currently unnamed) Chinese company, who sells it as a white-label product to several other camera vendors. Security researcher Pierre Kim says the firmware produced by this Chinese vendor comes with several flaws, which have all made their way down the line into the products of other companies that bought the white-label (unbranded) camera. In total, nearly 1,250 camera models based on the original camera are affected. At the heart of many of these issues is the GoAhead web server, which allows camera owners to manage their device via a web-based dashboard. According to Kim, the cameras are affected by a total of seven security flaws. Yesterday, Kim said that around 185,000 vulnerable cameras could be easily identified via Shodan. Today, the same query yields 198,500 vulnerable cameras. Proof-of-concept exploit code for each of the seven flaws is available on Kim's blog, along with a list of all the 1,250+ vulnerable camera models.

46 comments

Min score:

Reason:

Sort:

Yawn.. by Anonymous Coward · 2017-03-09 13:13 · Score: 0

Must be a slow news day
1. Re:Yawn.. by WarJolt · 2017-03-09 13:27 · Score: 1
  
  Nope. This is a call to some random /. reader willing to turn the cameras into a botnet. This a a pre-story and will be followed up by the results. I can't wait.
2. Re: Yawn.. by Anonymous Coward · 2017-03-09 13:33 · Score: 0
  
  LOL. Everyone at Slashdot is a moron. All the intelligent people left.
3. Re: Yawn.. by Anonymous Coward · 2017-03-09 14:17 · Score: 0
  
  ip?
4. Re:Yawn.. by dbIII · 2017-03-09 20:01 · Score: 1
  
  That is likely to look a lot like this anime from 2002 about teenagers making use of a badly secured Internet of Things.
  https://myanimelist.net/anime/611/Platonic_Chain
5. Re: Yawn.. by Anonymous Coward · 2017-03-10 06:25 · Score: 0
  
  and yet, you're still here...
is that the right word? by Anonymous Coward · 2017-03-09 13:16 · Score: 0

The flaws affect a generically named product called Wireless IP Camera (P2P)
"Flaws".
1. Re:is that the right word? by Anonymous Coward · 2017-03-09 13:57 · Score: 0
  
  "effect"
2. Re:is that the right word? by fisted · 2017-03-10 02:24 · Score: 1
  
  No.
  
  --
  CLI paste? paste.pr0.tips!
Then again by Ol+Olsoc · 2017-03-09 13:20 · Score: 1

What isn't?
It's just that these cameras, like the ovwewhelming majority of the Internet of Things, is 100 percent insecure. Real hackers probably are insulted by the insinuation that you actually have to hack anything.
And y'all better get used to it folks. THe manufacturers are pushing this, and the consumers are buying this, and it's not going away.

--
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
1. Re:Then again by rhazz · 2017-03-10 02:35 · Score: 1
  
  How exactly do these wifi cameras get exposed to public hacking? Are these cameras that you configure to use your own wifi network, and that automatically makes them visible outside your network?
  
  I have two wifi baby monitors in my home, but they both generate their own wifi signal are not on my home network. I am comfortable with the risk that someone could theoretically walk up to my house, hack the (random) factory password, and watch the baby in its crib. Is there some magic I don't know about that connects them to the internet?
2. Re:Then again by Ol+Olsoc · 2017-03-10 12:43 · Score: 1
  
  How exactly do these wifi cameras get exposed to public hacking? Are these cameras that you configure to use your own wifi network, and that automatically makes them visible outside your network? I have two wifi baby monitors in my home, but they both generate their own wifi signal are not on my home network. I am comfortable with the risk that someone could theoretically walk up to my house, hack the (random) factory password, and watch the baby in its crib. Is there some magic I don't know about that connects them to the internet?
  https://krebsonsecurity.com/20... If your cams never attach to the internet, it's cool, but most cameras these days are IP, and they are the STD's of the web.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
What a vision. by Anonymous Coward · 2017-03-09 13:29 · Score: 0

Only one Hikvision, and none of mine are that particular model. Not to mention all cloud based functionality is turned off, and it's blocked at the router. VPN accessible only.
Hacking? by BeemanIT · 2017-03-09 13:31 · Score: 1

I doubt it's really hacking but rather people not understanding how/why they need to change the default admin username and password. Many of the recent major hacks have been due to default admin password not being changed.
1. Re:Hacking? by Anonymous Coward · 2017-03-09 13:37 · Score: 0
  
  IN this case it's even worse. The login and password are stored in plaintext and can be read without authentication.
2. Re:Hacking? by Anonymous Coward · 2017-03-09 13:50 · Score: 0, Funny
  
  Thank Dog you cleared that up. I was foolish to take the word of a group of security researchers and not listen to the expertise expressed in the parent comment. I mean TFA said there was 5 distinct vulnerabilities but I have the reassurance that isn't the case from a pseudo-anonymous individual with the handle of BeemanIT. I will strive be less gullible in the future. Thank you, you have changed my life forever.
3. Re:Hacking? by Anonymous Coward · 2017-03-09 15:19 · Score: 0
  
  total ownage
4. Re:Hacking? by Anonymous Coward · 2017-03-09 15:37 · Score: 0
  
  This has nothing do to with needing to change the default admin username and password. Read the article.
What to do by AHuxley · 2017-03-09 13:32 · Score: 1

Download some AV like Avast.
Run the Home network security
https://www.avast.com/f-home-n...
If you need your CCTV network sending out images use cell networks to send the alert images.

--
Domestic spying is now "Benign Information Gathering"
1. Re:What to do by Highdude702 · 2017-03-10 00:47 · Score: 1
  
  Lol you think AV can't be bypassed? There are tools made specifically to beat even the best AV.
2. Re:What to do by AHuxley · 2017-03-10 01:19 · Score: 1
  
  The idea is to get the user onto a cell network for their CCTV.
  The first step is to understand that the internet is not secure.
  The user has to work out that more secure options exist.
  
  --
  Domestic spying is now "Benign Information Gathering"
3. Re:What to do by Highdude702 · 2017-03-10 02:10 · Score: 1
  
  The cell networks are still essentially linked to the Internet, without a firewall(I used to install GSM units in security panels, they are then accessed by ip) so that's actually a worse situation if the device itself has a vulnerability like these do.
Consumer router options by gerf · 2017-03-09 13:34 · Score: 1

So when will we be able to have consumer grade routers that keep selected crwp devices on a separate network and generally restricted access? Is this possible with Tomato or an OSS firmware, either manually or automagically? To me I see this as the next step to informing and training consumers on networking, the first being adding passwords to their wireless networks.
1. Re:Consumer router options by AHuxley · 2017-03-09 13:52 · Score: 1
  
  Malware has a list of all the common default usernames passwords like admin and password.
  Beyond that is the unprotected IoT waiting to be networked.
  A router company would have to print a random code per product sold if it wanted out of the box security.
  Users would never find the unique code on the paperwork deep in the box and return the product a faulty.
  
  --
  Domestic spying is now "Benign Information Gathering"
2. Re:Consumer router options by Anonymous Coward · 2017-03-09 15:18 · Score: 1
  
  configure static ip
  set default route to the same ip
  set dns server to the same ip
  problem solved. no off-net access.
3. Re:Consumer router options by Anonymous Coward · 2017-03-09 15:36 · Score: 1
  
  Most modern Asus routers come w/OpenVPN Server built in and wrapped up in a very slick and easy to use GUI; its actually easier to setup than port forwarding if you watch a youtube video.
4. Re:Consumer router options by Gaygirlie · 2017-03-09 16:48 · Score: 2
  
  So when will we be able to have consumer grade routers that keep selected crwp devices on a separate network and generally restricted access? Is this possible with Tomato or an OSS firmware, either manually or automagically?
  You can create separate networks for them, or just add a firewall-rule for not allowing this or that MAC-address access to the Internet, and if you use UPnP you can either whitelist the devices you want to be able to use UPnP or you can blacklist the devices you don't want to be able to do that, and myriads of other ways of restricting things with either OpenWRT or LEDE.
5. Re:Consumer router options by Zocalo · 2017-03-09 20:54 · Score: 2
  
  This, other than UPnP which is seriously broken for many devices. Except for the real entry level ones, most modern consumer routers will let you setup multiple networks and firewall them from each other right out of the box; you don't even need some third party option like Tomato or OpenWRT. The problem is that the UIs to do so are generally extremely clunky and poorly documented - and that's before you even start getting around to figuring out how to secure access to those IoT devices that you might actually want to be able to access from the Internet (hint: VPN) - or need to be able to access the Internet to even work (hint: barring where it's obviously necessary, avoid like the plague).
  
  If you know what you are doing, it's usually not *that* painful to figure it all out and get it working, but the real problem comes from the fact that most people *don't* know what they are doing (including many who think they do) and have absolutely zero inclination to figure it out. If we accept that the IoT - insecure crap and all - probably isn't going away, then what's needed is a defence in depth approach with all of the vendors doing their part. That means the consumer and SoHo router vendors need to make network segregation, device isolation, firewalling and VPN setup *much* easier - and ideally automatically - right out of the box. Enforcing an admin password change and adding a simple way to setup an IoT VLAN and using some device ID techniques to create an initally and sane firewall ruleset would be a good start, having a VPN client app for mobile devices and allow would be even better, but what they really need is some form of IDS rather than just the IPS they currently have.
  
  I've got most of that (just the next-gen setup wizard and automatic device identifcation is missing) on my router already, albeit it's on a considerably more expensive SoHo level product than your typical D-Link/NetGear/whatever home router, and far from as trivial as it needs to be to configure, but it's certainly possible. The problem is it's going to cost, it's going to take time to develop, and it's going to take even longer to deploy (how often *does* Joe Public replace a router? Probably only if/when he switches ISP or upgrades to a different connection type), so I wouldn't hold your breath on a quick fix coming any time soon.
  
  --
  UNIX? They're not even circumcised! Savages!
6. Re:Consumer router options by queBurro · 2017-03-10 01:57 · Score: 1
  
  most routers have an option of a guest access point. your pc and your IoT are then on different vlans. This would be a start.
  
  --
  sag
7. Re:Consumer router options by iamgnat · 2017-03-10 02:05 · Score: 1
  
  A router company would have to print a random code per product sold if it wanted out of the box security.
  Why on earth would they need to do that? The simple answer is that at initial set up the only thing that should be enabled is the setup service and it should not proceed until they set up their own user and password info. Bonus points if they apply real password requirements and block common user names (user, admin, etc..).
  There is nothing complicated here, it's just laziness on the part of the manufacturer.
8. Re:Consumer router options by mrchaotica · 2017-03-10 10:17 · Score: 1
  
  A router company would have to print a random code per product sold if it wanted out of the box security. Users would never find the unique code on the paperwork deep in the box and return the product a faulty.
  The unique code should be printed on a sticker affixed to the base of the device. This shouldn't be hard, since it's already done for the MAC address and serial number.
  
  --
  "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
9. Re:Consumer router options by mrchaotica · 2017-03-10 10:20 · Score: 1
  
  how to secure access to those IoT devices that you might actually want to be able to access from the Internet (hint: VPN)
  
  Better hint: have them talk only to a local server / controller / DVR with decent security, and access that from the Internet.
  
  --
  "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Any tranny webcams? by Anonymous Coward · 2017-03-09 13:36 · Score: 0

Like, some sort of voluptuous Brazilian tranny like Jessica Versace or Andrezza Lyra or Yasmin Pires?
1. Re:Any tranny webcams? by Anonymous Coward · 2017-03-09 17:18 · Score: 0
  
  No, your wife retired.
isn't that the idea? by turkeydance · 2017-03-09 13:38 · Score: 1

backdoors for everything and everyone. the better to see you with, my dear.
what if it is done on purpose? by kiviQr · 2017-03-09 13:45 · Score: 1

Russians sold cheap USB sticks next to US military base in Kabul in hope that they will use them within internal network - they succeed (http://www.businessinsider.com/russia-planted-bugged-thumb-drives-to-break-into-us-govt-computers-2017-3). What if these wi-fi cameras are on purpose subsidized by government and indeed have back doors?
First link is clickbait. Read the last one by Anonymous Coward · 2017-03-09 13:48 · Score: 2, Informative

The first link, as it is the norm with the so-called Slashdot nowadays, is clickbait blogspam. The real story is linked last.
Read it. It's super lulz-worthy. Basically this is as bad as you can get.
This is not just default-password mindless hack. The funny thing is this

But it appears access to .ini [system config blob] files are not correctly checked. The attacker can bypass the authentication by providing an empty loginuse and an empty loginpas in the URI... This vulnerability allows an attacker to steal credentials, ftp accounts and smtp accounts (email).
So no matter whatever password there is, you can simply read it off the server without auth. After reading the credentials in plaintext, you can exploit another hole in the FTP config (why the fuck they put FTP there) program and execute arbitrary code as root.
Those people are doofus.
Foscam camera by Anonymous Coward · 2017-03-09 14:53 · Score: 0

I ran openVAS on my camera last night. It found only one low priority vulnerability with TCP time stamps.
My cameras need no security by mea2214 · 2017-03-09 16:05 · Score: 1

They are on a separate network and none can be accessed from outside that network. They ftp alarms to an ftp server which then does whatever is needed with those files. I would prefer a camera that only needs a username and password to get to the config panels. Nobody can get to my cameras unless they have physical access to the network. Security for IoT does not have to/nor can it be done at the device level.
1. Re:My cameras need no security by Anonymous Coward · 2017-03-10 02:11 · Score: 1
  
  All my cameras are on the list, and were orphaned by their vendors before I bought them ($20 each on clearance at Australian K-Mart stores, specifically because they were orphaned and some features didn't work as described). I don't have them on a separate network, but I set an invalid gateway address on them so they can't communicate with the outside world. All they need to communicate with is my ZoneMinder instance - if I want to view them remotely, I'll VPN into my home network.
Have them DDoS their makers! by Gravis+Zero · 2017-03-09 19:02 · Score: 1

Behavior is defined by feedback loops and currently there is no feedback from selling insecure crap to idiots. The obvious solution is to create a feedback loop by having each insecure device pound away at the websites of the people that made them.

--
Anons need not reply. Questions end with a question mark.
Intelligently designed Interet of Things by Opportunist · 2017-03-09 21:38 · Score: 2

(in short IDIOT)
Describes the user better than the product.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Huh? by SCVonSteroids · 2017-03-09 23:33 · Score: 1

These are probably all compromised already. Why is this being posted?

--
I tend to rant.
Only 200.000? by houghi · 2017-03-10 00:51 · Score: 1

Is that all? I would consider that good news. That means that several millions are already secure.

--
Don't fight for your country, if your country does not fight for you.
1. Re:Only 200.000? by Zocalo · 2017-03-10 01:57 · Score: 1
  
  Is that all? I would consider that terrible news. That means that several millions are yet to be exploited.
  
  FTFY.
  
  --
  UNIX? They're not even circumcised! Savages!
This is not the "real" problem... by squash_me_quickly · 2017-03-10 04:09 · Score: 1

the real problem is the millions of Wi-Fi cameras, routers, etc. in which the users have turned the security features off.

Many people have about 2 minutes the patience to get their gadgets to work with the security features on. Then they will happily use hours finding out how to turn the security features off.