On 02/07/18 05:34, Tim wrote:
Allegedly, on or about 6 February 2018, Bob Goodwin sent:
Thoughts and advice appreciated,
Oh, and check the security of the cameras, themselves. There's a huge
number of IP cams with insecure software that, not only exposes the
camera to exploits, but your LAN to exploits through the camera.
I bought a cheap $30 one, on a whim, just to see how the robot
mechanism worked. It's one that should never be allowed anywhere near
internet access. It logs into a central server so you can connect to
your camera. That exposes you to rogues who poll the server. And the
camera is easily exploitable with a broken HTTP access request, which
returns the passwords set into the camera. From there, they can write
into the camera, and may be able to exploit your LAN (especially if
you're silly enough to use the same passwords).
http://seclists.org/fulldisclosure/2017/Mar/23
https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html
The problem is created by a stupid implementation of a simplistic
webserver in the cameras.
+
Interesting. I don't know how I would test for those vulnerabilities
beyond searching for what others have determined.
Well at least I didn't see any of the Armcrest cameras in that list, but
some of the others I have are there! Thanks for the suggestions.
--
Bob Goodwin - Zuni, Virginia, USA
http://www.qrz.com/db/W2BOD
box10 FEDORA-27/64bit LINUX XFCE Fastmail POP3
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
