Live cams passwords and backdoors
An anonymous reader writes: They might seems small and relatively insignificant, but cheap wireless web cams deployed in houses and offices (and connected to home and office networks) might just be the perfect way in for attackers.Researchers from the Vectra Threat Lab have demonstrated how easy it can be to embed a backdoor into such a web cam, with the goal of proving how Io T devices expand the attack surface of a network.LAN/intranet/Internet), enabling users to remotely view and/or manage the camera from a Web browser on any computer.For more information see After setting up the Axis Camera, the user is provided with Web-based Administration Tools for configuring and managing the camera by accessing which requires a username and password.We have discovered the following security vulnerability: by accessing (notice the double slash) the authentication for "admin" is bypassed and an attacker gains direct access to the configuration.Using this vulnerability, an attacker can reset the root password, then enable the telnet server by modifying configuration files, giving the attacker interactive access to a Unix like command line, allowing her to execute arbitrary commands as root.*Vulnerable Packages:* .The United States Computer Emergency Readiness Team (US-CERT) disclosed the vulnerabilities in an advisory on Friday, assigning the highest possible CVSS rating, 10.0 to the improper authentication vulnerability.
Both bugs could have allowed an attacker to escalate privileges and access sensitive information.
AXIS 2100 Network Camera versions 2.32 and previous .
AXIS 2110 Network Camera versions 2.32 and previous .
They are working with ICS-CERT and other organizations, and it is expected that more details will be communicated soon via those channels.
If nothing is communicated in the next few weeks, I will proceed with full disclosure.” According to IVPM, a video surveillance publication that’s been keeping track of the vulnerabilities, it’s believed the backdoor affects millions of cameras, “given Hikvision’s own regular declarations of shipping tens of millions of cameras.” According to the company, until customers apply the respective firmware patch, the following cameras are still vulnerable: Hikvision, via US-CERT, warned customers Friday that trying to update some “grey market” cameras – devices sold through unauthorized channels, thus with unauthorized firmware – could result in complications.
Search for Live cams passwords and backdoors:
They bought a consumer-grade D-Link Wi Fi web camera for roughly $30, and cracked it open.