Nearly 200,000 Wi-Fi Cameras Are Open To Hacking

An anonymous reader quotes a report from BleepingComputer: What started as an analysis of a simple security flaw in a random wireless IP camera turned into seven vulnerabilities that affect over 1,250 camera models and expose nearly 200,000 cameras to hacking. The flaws affect a generically named product called Wireless IP Camera (P2P) WIFICAM, manufactured by a (currently unnamed) Chinese company, who sells it as a white-label product to several other camera vendors. Security researcher Pierre Kim says the firmware produced by this Chinese vendor comes with several flaws, which have all made their way down the line into the products of other companies that bought the white-label (unbranded) camera. In total, nearly 1,250 camera models based on the original camera are affected. At the heart of many of these issues is the GoAhead web server, which allows camera owners to manage their device via a web-based dashboard. According to Kim, the cameras are affected by a total of seven security flaws. Yesterday, Kim said that around 185,000 vulnerable cameras could be easily identified via Shodan. Today, the same query yields 198,500 vulnerable cameras. Proof-of-concept exploit code for each of the seven flaws is available on Kim's blog, along with a list of all the 1,250+ vulnerable camera models.

First link is clickbait. Read the last one

The first link, as it is the norm with the so-called Slashdot nowadays, is clickbait blogspam. The real story is linked last.

Read it. It's super lulz-worthy. Basically this is as bad as you can get.

This is not just default-password mindless hack. The funny thing is this

But it appears access to .ini [system config blob] files are not correctly checked. The attacker can bypass the authentication by providing an empty loginuse and an empty loginpas in the URI... This vulnerability allows an attacker to steal credentials, ftp accounts and smtp accounts (email).

So no matter whatever password there is, you can simply read it off the server without auth. After reading the credentials in plaintext, you can exploit another hole in the FTP config (why the fuck they put FTP there) program and execute arbitrary code as root.

Those people are doofus.

Re:Consumer router options

[Gaygirlie]

So when will we be able to have consumer grade routers that keep selected crwp devices on a separate network and generally restricted access? Is this possible with Tomato or an OSS firmware, either manually or automagically?

You can create separate networks for them, or just add a firewall-rule for not allowing this or that MAC-address access to the Internet, and if you use UPnP you can either whitelist the devices you want to be able to use UPnP or you can blacklist the devices you don't want to be able to do that, and myriads of other ways of restricting things with either OpenWRT or LEDE.

Re:Consumer router options

[Zocalo]

This, other than UPnP which is seriously broken for many devices. Except for the real entry level ones, most modern consumer routers will let you setup multiple networks and firewall them from each other right out of the box; you don't even need some third party option like Tomato or OpenWRT. The problem is that the UIs to do so are generally extremely clunky and poorly documented - and that's before you even start getting around to figuring out how to secure access to those IoT devices that you might actually want to be able to access from the Internet (hint: VPN) - or need to be able to access the Internet to even work (hint: barring where it's obviously necessary, avoid like the plague).

If you know what you are doing, it's usually not *that* painful to figure it all out and get it working, but the real problem comes from the fact that most people *don't* know what they are doing (including many who think they do) and have absolutely zero inclination to figure it out. If we accept that the IoT - insecure crap and all - probably isn't going away, then what's needed is a defence in depth approach with all of the vendors doing their part. That means the consumer and SoHo router vendors need to make network segregation, device isolation, firewalling and VPN setup *much* easier - and ideally automatically - right out of the box. Enforcing an admin password change and adding a simple way to setup an IoT VLAN and using some device ID techniques to create an initally and sane firewall ruleset would be a good start, having a VPN client app for mobile devices and allow would be even better, but what they really need is some form of IDS rather than just the IPS they currently have.

I've got most of that (just the next-gen setup wizard and automatic device identifcation is missing) on my router already, albeit it's on a considerably more expensive SoHo level product than your typical D-Link/NetGear/whatever home router, and far from as trivial as it needs to be to configure, but it's certainly possible. The problem is it's going to cost, it's going to take time to develop, and it's going to take even longer to deploy (how often *does* Joe Public replace a router? Probably only if/when he switches ISP or upgrades to a different connection type), so I wouldn't hold your breath on a quick fix coming any time soon.

Intelligently designed Interet of Things

[Opportunist]

(in short IDIOT)

Describes the user better than the product.