Half the reason to own a security camera system is so you can monitor it while away. Can’t do that if the system isn’t online.
Comment on Thousands of private camera footages from bedrooms hacked, sold online - VnExpress International
bruhduh@lemmy.world 10 months agoYou can’t connect home system that is never connected to internet, basically make home server and hook up cameras and don’t ever connect that to internet
w2tpmf@lemmy.world 10 months ago
aniki@lemm.ee 10 months ago
Online or cloud-accessed? Those are two separate things.
DarkDarkHouse@lemmy.sdf.org 10 months ago
It’s going to be cloud accessed. People who install these to check on whether Mittens is sleeping attend setting up a domain or remembering an IP.
deweydecibel@lemmy.world 10 months ago
The problem is cameras like these, the kind that people are putting up inside their own homes, facing their living spaces, their own damn bedrooms, they’re sold to people that have this bizarre desire to be able to check in with those cameras remotely at any time.
Legitimately, the only reason my mother seems to have crap like this set up in her home is so she can see the dogs.
Internet connected living space directed cameras are this bizarre consumer electronics trend that has no legitimate use case for like 90% of the people that rush to use it. Certainly not one that merits the security risks and the privacy invasion that they are inviting on themselves.
520@kbin.social 10 months ago
Bro, if I find any ingress point onto your network, I can connect to your cams.
Little brother downloads a Trojanised pirate copy of a game? I can connect to your cams via your lil bro's computer.
Not patched your stuff and there was a drive-by-download and RCE exploit? I can do it through your computer.
Your firewalls are important but they aren't impenetrable.
asbestos@lemmy.world 10 months ago
Yeah, but you’d pretty much need to target the person so these blanket hacks where a bunch of cameras are exposed aren’t really possible
520@kbin.social 10 months ago
No I don't. Like the first example above I can simply trojanise an executable, and release it to the public.
Once I'm on your network, the first thing I'm going to do is see what I'm working with. That means a network and system info sweep. If I'm efficient, I already have a script to do this.
That sweep will reveal the presence of the camera. I might be interested in extortion material or I can sell this to a criminal gang, if I can get it open. I already have the camera's MAC address, so finding the make and model isn't too hard.
Then I might browse to it, see what system software it is running. Then I would try default usernames and passwords (people don't always change them) and see if there are any usable exploits on the software.
If I come across a certain camera type with certain vulnerabilities a lot, making a script to autofuck these cameras is child's play.
ihavenopeopleskills@kbin.social 10 months ago
What is the recommended on-ramp for someone with a CS degree and a networking background?
Hyperreality@kbin.social 10 months ago
Seperate network that's physically not connected to a network which connects to the internet or cameras with local storage.
You can't hack into the wildlife camera in my backgarden. It doesn't even have wifi, just an SD card.
Of course, that's less useful if you want to check up on your house when you're away.
bruhduh@lemmy.world 10 months ago
That’s what I’ve been trying to say, thank you for backing me up
jackoneill@lemmy.world 10 months ago
Vlans
520@kbin.social 10 months ago
not a common feature of home networks
If the compromised machine has access to both vlans, you're still fucked
jackoneill@lemmy.world 10 months ago
It’s a feature on mine
That’s why my security has multiple layers
lemann@lemmy.one 10 months ago
It kinda depends on the setup I think, especially when vlans and firewalls are involved, you’d likely need additional payloads to make further progress in that kind of environment IMO. Something granting persistent remote access to the compromised machine would be the most ideal option.
As always physical access is pretty much game over though lol.
My cams are only accessible via an authenticated endpoint hosted on a dedicated machine, which acts as a “bridge” between the VLAN that the cameras are on (no internet access), and another VLAN hosting internal services, like home assistant, plex etc.
Aside from physical access, the only way to access the cams (that I can think of) would be via some exploit in Home Assistant, or by brute forcing the password to (any of) my network switches to access the management VLAN, changing the VLAN the cameras are set on to something else (bypassing the routing, firewall setup, and auth “bridge” entirely). Or maybe just exploiting the bridge machine directly and dropping a payload to forward the cams out to the net via the services VLAN
With physical access, you could chop up the PoE for an external camera and using that as an ingress point - but you’d only have access to the cameras and the bridge machine unless you exploited that too. At this point the zabbix client on the bridge machine would have notified me that a camera’s dropped off the network, unless you dropped a payload to force it to return a good status lol
Does sound like a very fun exercise though tbh