LMAO don’t put a fucking camera in your bedroom you dummies
Thousands of private camera footages from bedrooms hacked, sold online - VnExpress International
Submitted 1 year ago by fne8w2ah@lemmy.world to technology@lemmy.world
Comments
crystalmerchant@lemmy.world 1 year ago
Xtallll@lemmy.blahaj.zone 1 year ago
Don’t kink shame me! Gaping security violations get me all hot and bothered.
lolcatnip@reddthat.com 1 year ago
Checking your bank account on public wifi is perfectly safe thanks to TLS.
tym@lemmy.world 1 year ago
If you want to investigate gaping holes on the internet, you could skip the camera and go straight to pornhub
Slovene@feddit.nl 1 year ago
pipows@lemmy.today 1 year ago
Better: don’t connect your cameras to the internet
jwt@programming.dev 1 year ago
I’d assume fucking cameras are made specifically for the bedroom.
TORFdot0@lemmy.world 1 year ago
I’m assuming they are in young children’s bedrooms. There’s only one reason to put a camera in an adult’s bedroom ( ͡° ͜ʖ ͡°)
Treczoks@lemm.ee 1 year ago
Counter-Argument: Each camera in a bedroom can be free entertainment for millions!
anon_8675309@lemmy.world 1 year ago
And do t stay at hotels or airBnB or …. Well just don’t sleep.
scytale@lemm.ee 1 year ago
This is what you show people when they say they don’t care about privacy because they have nothing to hide.
wafflez@lemmy.world 1 year ago
We should compile a big list of reasons with sources on top of this one
ultra@feddit.ro 1 year ago
Thank you for this comment.
lemmyvore@feddit.nl 1 year ago
Meanwhile, two comments down: “why do people have cameras in their bedroom?”
cman6@lemmy.world 1 year ago
I know it’s not 100% the same, but there’s a website that gives you access to insecure webcams and has been for ages!
Obviously these aren’t hacked as per the article
Takumidesh@lemmy.world 1 year ago
Ironic that the website itself is http.
pineapplelover@infosec.pub 1 year ago
Doesn’t really matter too much, nothing on the website is password protected anyways
HerbalGamer@sh.itjust.works 1 year ago
just looking around randomly and it’s weird how many of them are private property.
netburnr@lemmy.world 1 year ago
Why is it weird? People get cameras to protect their private property?
Angry_Maple@sh.itjust.works 1 year ago
Damn, that website almost has some of everything.
I saw a building that looked like it was waiting to be boarded up. There were some streams with beautiful scenery. There was an official looking meeting room in Greece for, and I even found a stream of a train table!
JustUseMint@lemmy.world 1 year ago
Shodan.io
dangblingus@lemmy.dbzer0.com 1 year ago
Yet another reason why IoT crap sucks. You don’t need to put everything on the internet. This one should be obvious.
friend_of_satan@lemmy.world 1 year ago
The “s” in IOT is for “security”.
GigglyBobble@kbin.social 1 year ago
People don't think about that. You have to register somewhere in order to use your $12.99 cam, install some app and are good to go.
How would a someone not interested in tech know that the footage data is stored on some online server and you are at the mercy of their itsec.
archomrade@midwest.social 1 year ago
Which is why these companies that are marketing wifi and cloud-polling devices should be held responsible for the data breaches and regulated more rigorously.
It should be cost-prohibitive to design a smart device that sends data to a centralized server, but they do it because the upside value of having the data is so attractive. They shouldn’t be allowed to hide behind a ToS agreement with mandatory arbitration when their security is inevitably breached.
dangblingus@lemmy.dbzer0.com 1 year ago
The question isn’t “how would someone know…?” the question is “do you know what a hacker does?”.
books@lemmy.world 1 year ago
Home assistant tries to keep shit local.
baseless_discourse@mander.xyz 1 year ago
depends on the device. If the device dont provide local connection, there is nothing home assistant can do about it. Some device will also send data to the cloud even it can be locally controlled.
realharo@lemm.ee 1 year ago
With end to end encryption, requiring manual key transfer, this would not be an issue.
smackjack@lemmy.world 1 year ago
Why the fuck do people put security cameras in their bedrooms? It’s so weird to me that people do this. Even if you think (or at least thought) that you were the only one with access to the footage, won’t the presence of a camera make you feel like you’re being watched? Are we not on camera enough as it is that we have to be on camera in the supposed privacy of our bedrooms?
Imgonnatrythis@sh.itjust.works 1 year ago
Link didn’t work for me there was nowhere to actually buy the videos. Where is the correct link?
jivandabeast@lemmy.browntown.dev 1 year ago
Sus af bruh wtf
RobertoOberto@sh.itjust.works 1 year ago
I think you just missed a joke.
HerbalGamer@sh.itjust.works 1 year ago
They actually left watermarks with the telegram account on it in the pictures
nutsack@lemmy.world 1 year ago
it’s funny the vnexpress would publish this. vietnamese people are obsessed with security cameras. they see them as a deterrent, or as a way to get the guy later. they put them everywhere.
fhek@lemmy.dbzer0.com 1 year ago
Hypothetically I want to secure my home with Cameras…
What’s the best way to do this? OSS preferably.
Vorticity@lemmy.world 1 year ago
So, just an FYI, I bought Eufy cameras because I believed their marketing bullshit about being secure and end-to-end encrypted. About two months later they changed how they describe their security and quietly modified their privacy policy. Turns out they’re not really end-to-end encrypted and it is possible to gain access to the streams sometimes.
My recommendation, after doing my research is not to buy anything that is able to be viewed remotely. Buy something that stores the video locally, in your home. If possible, buy and install wired cameras.
aodhsishaj@lemmy.world 1 year ago
Zoneminder and any IP camera you can afford.
If you setup wireless you would be best served using a VLAN
vpklotar@lemmy.world 1 year ago
I’m just about to setup TP-link cameras connected to Frigate (NVR software) with a Coral TPU for offline object detection. This means I can block access to internet for the cameras and use a VPN home if I want to watch them.
Adanisi@lemmy.zip 1 year ago
No-internet cameras hooked up to local storage.
For remote access, you could use whatever you want to use for remotely accessing local files.
Blue_Morpho@lemmy.world 1 year ago
Onvif camera (It’s the standard. Any camera that supports onvif will be plug and play). Block the cameras’ Mac addresses at your router so they can’t get out directly. Install zoneminder on Linux. If you need remote access follow all the guides to securing a Linux server that has ports open to the Internet. (Ssl, tailscale etc.)
Evotech@lemmy.world 1 year ago
Not open but unify.com/en/
pete_the_cat@lemmy.world 1 year ago
The first step is to set a strong password.
baseless_discourse@mander.xyz 1 year ago
I use a old phone with IP cam on it, and only allowed local network access connected to my home assistant.
I can view it remotely via home assistant cloud, which is E2EE from instance to phone.
I presume Raspberry Pi Camera is also a great solution. And also I dont put any camera in bedroom or bathroom.
corsicanguppy@lemmy.ca 1 year ago
footages
You’re going to be upset when you fail the 4thbgrade.
EvergreenGuru@lemmy.world 1 year ago
This is why you shouldn’t use cloud services for personal security, because the cloud is just someone else’s computer.
TheBat@lemmy.world 1 year ago
Image
deweydecibel@lemmy.world 1 year ago
Also, quit putting unnecessary, Internet connected cameras indoors.
I seriously cannot fathom the amount of people that seem to want to put cameras up in their own bedrooms.
w2tpmf@lemmy.world 1 year ago
In general, cloud services have far better security than DIY systems. All of the hacked systems in this article are home based systems.
guitarsarereal@sh.itjust.works 1 year ago
[citation needed] because that’s not in the article. According to the article, attackers used automated scanning software, which strongly implies they brute-forced cameras connected to the Internet with default or weak credentials. That has nothing to do with whether or not the service is based in the cloud.
As a matter of fact, it’s known that the leading cloud-based surveillance system, Ring, has been subject to employee abuse and user accounts have been widely compromised via credential stuffing. In fact, Amazon is currently facing a proposed order from the FTC over the fact that they allowed abuse by employees and more or less knew for years that their lax security practices were placing their customers in danger.
Cloud based security only gets better when regulators force cloud providers to improve security, after cloud providers allow hackers to harm thousands to millions of customers.
I’m just gonna say it again: the cloud is just someone else’s computer.
WhatAmLemmy@lemmy.world 1 year ago
Where are you pulling this from? These aren’t “DIY”. DIY is when you roll your own remote network access (e.g. VPN, DDNS, port forwarding, etc) or FOSS software/hardware. The QR code authentication mentioned in the article sounds like these are generic IP security cameras of stock firmware that utilize a cloud server to enable remote viewing over the internet. Even reputable cloud services use the same method to connect or setup individual cams.
That doesn’t mean the exploits used are of no fault of the user — from the vendors authentication implementation, software, or hardware.
bruhduh@lemmy.world 1 year ago
You can’t connect home system that is never connected to internet, basically make home server and hook up cameras and don’t ever connect that to internet
deweydecibel@lemmy.world 1 year ago
Maybe, but the difference is a lot more people are going to be looking to target the cloud provider than your home network. To say nothing of the fact that your videos on the cloud are subject to the terms and services that you agree to and those terms can be changed at any time. And also the fact that you can’t guarantee that the stuff you delete off of that server is actually being deleted.
fmstrat@lemmy.nowsci.com 1 year ago
Blatantly false. Nowhere in the article does it say this.
aniki@lemm.ee 1 year ago
You have a source for that?