PDP wrote about something similar not to long ago on GNUcitizen. http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-1/ A nice 5 part series about hacking Linksys IP Cameras.
On Mon, Jun 29, 2009 at 12:27 PM, Adrian Crenshaw<[email protected]> wrote: > Hi all, Since in episode 157 you were talking some about IP video cameras, I > figured I'd mention a few items. I've been playing with the idea of writing > an article about IP video camera insecurity, and here are a few things I > would want to mention: > > 1. IP was never meant to be secure, and if you can get on the same LAN DoS > is trivial (ARP poison and drop traffic, conflict IP, etc). > 2. Wireless is even worse, you can't stop deauth attacks. > 3. How many of these cams have you seen using plain text protocols, like > ftp, to archive photos? > 4. Web front ends, huh, since there are hardware I wonder how often they > update the firmware. > 5. Use an ettercap filter to replace the video with something else. :) > 6. The Dlink I have for testing can be set to require a password, but if you > know the path to the java applet you can still watch the cam. > 7. Laser pointers are a fun way to take them out, but this guy has done it > one better: > I found someone online who hooked up a rifle scope, a laser pointer and a > cell phone to blin a camera on command. > > Granted, 7 is not IP only. > Adrian > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
