Hacks to turn your wireless IP surveillance cameras against you
L33tdawg: Presentation slides from Sergey and Artem's #HITB2013AMS presentation is here.
Sergey Shekyan and Artem Harutyunyan, researchers from the security firm Qualys, said the search engine Shodan shows about 100,000 wireless IP cameras that have "little or no emphasis on security." At the recent Hack in the Box security conference in Amsterdam, the researchers presented,
According to the abstract, "The web based administration interfaces can be considered as a textbook example of an insecure web application and easily leads to an exposure of not only sensitive personal information (such as wireless network, FTP, and even email access credentials), but also provides an eye to an inside of your house. Apart from the flaws in the web interface, the cameras also use questionable security practices when it comes to securing the firmware, which leads to even more interesting attack vectors."
Shekyan wrote, "We'll try to get some attention on security flaws of widely available IP surveillance cameras that you can get at Home Depot for as low as $70. It's quite a challenge for us, because we never dealt with embedded devices before, although security issues in the embedded web server of the camera themselves are enough to do whatever you/bad guy/Chinese government want."
