LMAO don’t put a fucking camera in your bedroom you dummies
Thousands of private camera footages from bedrooms hacked, sold online - VnExpress International
Submitted 11 months ago by fne8w2ah@lemmy.world to technology@lemmy.world
Comments
crystalmerchant@lemmy.world 11 months ago
Xtallll@lemmy.blahaj.zone 11 months ago
Don’t kink shame me! Gaping security violations get me all hot and bothered.
lolcatnip@reddthat.com 11 months ago
Checking your bank account on public wifi is perfectly safe thanks to TLS.
tym@lemmy.world 11 months ago
If you want to investigate gaping holes on the internet, you could skip the camera and go straight to pornhub
Slovene@feddit.nl 11 months ago
pipows@lemmy.today 11 months ago
Better: don’t connect your cameras to the internet
jwt@programming.dev 11 months ago
I’d assume fucking cameras are made specifically for the bedroom.
TORFdot0@lemmy.world 11 months ago
I’m assuming they are in young children’s bedrooms. There’s only one reason to put a camera in an adult’s bedroom ( ͡° ͜ʖ ͡°)
jasondj@ttrpg.network 11 months ago
Caring for a bed-ridden relative?
Treczoks@lemm.ee 11 months ago
Counter-Argument: Each camera in a bedroom can be free entertainment for millions!
anon_8675309@lemmy.world 11 months ago
And do t stay at hotels or airBnB or …. Well just don’t sleep.
scytale@lemm.ee 11 months ago
This is what you show people when they say they don’t care about privacy because they have nothing to hide.
wafflez@lemmy.world 11 months ago
We should compile a big list of reasons with sources on top of this one
ultra@feddit.ro 11 months ago
Thank you for this comment.
lemmyvore@feddit.nl 11 months ago
Meanwhile, two comments down: “why do people have cameras in their bedroom?”
cman6@lemmy.world 11 months ago
I know it’s not 100% the same, but there’s a website that gives you access to insecure webcams and has been for ages!
Obviously these aren’t hacked as per the article
Takumidesh@lemmy.world 11 months ago
Ironic that the website itself is http.
pineapplelover@infosec.pub 11 months ago
Doesn’t really matter too much, nothing on the website is password protected anyways
HerbalGamer@sh.itjust.works 11 months ago
just looking around randomly and it’s weird how many of them are private property.
netburnr@lemmy.world 11 months ago
Why is it weird? People get cameras to protect their private property?
Angry_Maple@sh.itjust.works 11 months ago
Damn, that website almost has some of everything.
I saw a building that looked like it was waiting to be boarded up. There were some streams with beautiful scenery. There was an official looking meeting room in Greece for, and I even found a stream of a train table!
JustUseMint@lemmy.world 11 months ago
Shodan.io
dangblingus@lemmy.dbzer0.com 11 months ago
Yet another reason why IoT crap sucks. You don’t need to put everything on the internet. This one should be obvious.
friend_of_satan@lemmy.world 11 months ago
The “s” in IOT is for “security”.
GigglyBobble@kbin.social 11 months ago
People don't think about that. You have to register somewhere in order to use your $12.99 cam, install some app and are good to go.
How would a someone not interested in tech know that the footage data is stored on some online server and you are at the mercy of their itsec.
archomrade@midwest.social 11 months ago
Which is why these companies that are marketing wifi and cloud-polling devices should be held responsible for the data breaches and regulated more rigorously.
It should be cost-prohibitive to design a smart device that sends data to a centralized server, but they do it because the upside value of having the data is so attractive. They shouldn’t be allowed to hide behind a ToS agreement with mandatory arbitration when their security is inevitably breached.
dangblingus@lemmy.dbzer0.com 11 months ago
The question isn’t “how would someone know…?” the question is “do you know what a hacker does?”.
books@lemmy.world 11 months ago
Home assistant tries to keep shit local.
baseless_discourse@mander.xyz 11 months ago
depends on the device. If the device dont provide local connection, there is nothing home assistant can do about it. Some device will also send data to the cloud even it can be locally controlled.
realharo@lemm.ee 11 months ago
With end to end encryption, requiring manual key transfer, this would not be an issue.
smackjack@lemmy.world 11 months ago
Why the fuck do people put security cameras in their bedrooms? It’s so weird to me that people do this. Even if you think (or at least thought) that you were the only one with access to the footage, won’t the presence of a camera make you feel like you’re being watched? Are we not on camera enough as it is that we have to be on camera in the supposed privacy of our bedrooms?
Imgonnatrythis@sh.itjust.works 11 months ago
Link didn’t work for me there was nowhere to actually buy the videos. Where is the correct link?
jivandabeast@lemmy.browntown.dev 11 months ago
Sus af bruh wtf
RobertoOberto@sh.itjust.works 11 months ago
I think you just missed a joke.
HerbalGamer@sh.itjust.works 11 months ago
They actually left watermarks with the telegram account on it in the pictures
nutsack@lemmy.world 11 months ago
it’s funny the vnexpress would publish this. vietnamese people are obsessed with security cameras. they see them as a deterrent, or as a way to get the guy later. they put them everywhere.
fhek@lemmy.dbzer0.com 11 months ago
Hypothetically I want to secure my home with Cameras…
What’s the best way to do this? OSS preferably.
Vorticity@lemmy.world 11 months ago
So, just an FYI, I bought Eufy cameras because I believed their marketing bullshit about being secure and end-to-end encrypted. About two months later they changed how they describe their security and quietly modified their privacy policy. Turns out they’re not really end-to-end encrypted and it is possible to gain access to the streams sometimes.
My recommendation, after doing my research is not to buy anything that is able to be viewed remotely. Buy something that stores the video locally, in your home. If possible, buy and install wired cameras.
aodhsishaj@lemmy.world 11 months ago
Zoneminder and any IP camera you can afford.
If you setup wireless you would be best served using a VLAN
vpklotar@lemmy.world 11 months ago
I’m just about to setup TP-link cameras connected to Frigate (NVR software) with a Coral TPU for offline object detection. This means I can block access to internet for the cameras and use a VPN home if I want to watch them.
Adanisi@lemmy.zip 11 months ago
No-internet cameras hooked up to local storage.
For remote access, you could use whatever you want to use for remotely accessing local files.
Blue_Morpho@lemmy.world 11 months ago
Onvif camera (It’s the standard. Any camera that supports onvif will be plug and play). Block the cameras’ Mac addresses at your router so they can’t get out directly. Install zoneminder on Linux. If you need remote access follow all the guides to securing a Linux server that has ports open to the Internet. (Ssl, tailscale etc.)
Evotech@lemmy.world 11 months ago
Not open but unify.com/en/
pete_the_cat@lemmy.world 11 months ago
The first step is to set a strong password.
baseless_discourse@mander.xyz 11 months ago
I use a old phone with IP cam on it, and only allowed local network access connected to my home assistant.
I can view it remotely via home assistant cloud, which is E2EE from instance to phone.
I presume Raspberry Pi Camera is also a great solution. And also I dont put any camera in bedroom or bathroom.
corsicanguppy@lemmy.ca 11 months ago
footages
You’re going to be upset when you fail the 4thbgrade.
EvergreenGuru@lemmy.world 11 months ago
This is why you shouldn’t use cloud services for personal security, because the cloud is just someone else’s computer.
TheBat@lemmy.world 11 months ago
Image
deweydecibel@lemmy.world 11 months ago
Also, quit putting unnecessary, Internet connected cameras indoors.
I seriously cannot fathom the amount of people that seem to want to put cameras up in their own bedrooms.
w2tpmf@lemmy.world 11 months ago
In general, cloud services have far better security than DIY systems. All of the hacked systems in this article are home based systems.
guitarsarereal@sh.itjust.works 11 months ago
[citation needed] because that’s not in the article. According to the article, attackers used automated scanning software, which strongly implies they brute-forced cameras connected to the Internet with default or weak credentials. That has nothing to do with whether or not the service is based in the cloud.
As a matter of fact, it’s known that the leading cloud-based surveillance system, Ring, has been subject to employee abuse and user accounts have been widely compromised via credential stuffing. In fact, Amazon is currently facing a proposed order from the FTC over the fact that they allowed abuse by employees and more or less knew for years that their lax security practices were placing their customers in danger.
Cloud based security only gets better when regulators force cloud providers to improve security, after cloud providers allow hackers to harm thousands to millions of customers.
I’m just gonna say it again: the cloud is just someone else’s computer.
WhatAmLemmy@lemmy.world 11 months ago
Where are you pulling this from? These aren’t “DIY”. DIY is when you roll your own remote network access (e.g. VPN, DDNS, port forwarding, etc) or FOSS software/hardware. The QR code authentication mentioned in the article sounds like these are generic IP security cameras of stock firmware that utilize a cloud server to enable remote viewing over the internet. Even reputable cloud services use the same method to connect or setup individual cams.
That doesn’t mean the exploits used are of no fault of the user — from the vendors authentication implementation, software, or hardware.
bruhduh@lemmy.world 11 months ago
You can’t connect home system that is never connected to internet, basically make home server and hook up cameras and don’t ever connect that to internet
deweydecibel@lemmy.world 11 months ago
Maybe, but the difference is a lot more people are going to be looking to target the cloud provider than your home network. To say nothing of the fact that your videos on the cloud are subject to the terms and services that you agree to and those terms can be changed at any time. And also the fact that you can’t guarantee that the stuff you delete off of that server is actually being deleted.
fmstrat@lemmy.nowsci.com 11 months ago
Blatantly false. Nowhere in the article does it say this.
aniki@lemm.ee 11 months ago
You have a source for that?