Owning a Wireless Camera, Its User and Its Network

twistedmoney99 writes "InformIT has posted a two part article by Seth Fogie that describes how a wireless IP camera can be owned and abused. The first part describes how the camera's feed can be sniffed, replaced, or even DoSed off the air by a PDA. The second part then takes a look at the web application interface of the camera (an Axis207W) and exposes numerous vulnerabilities that lead to exposed passwords, a software based DoS, global XSS — and the kicker — a CRSF attack through which an attacker can remotely penetrate the network it is installed on."

Spying

[Manos_Of_Fate]

I wonder how many people are going to see this and immediately think about that hot girl that lives upstairs?

Re:

[phantomcircuit]

on slashdot..?

ever... ooh boobies

Re:

[Stanislav_J]

I wonder how many people are going to see this and immediately think about that hot girl that lives upstairs?

Actually, I'm on the second floor, so she's downstairs. But otherwise....um....yeah.

Ewww. You sick puppy.

[Colin Smith]

On Slashdot, that "hot girl that lives upstairs" is probably going to be their mother... Hell, the best interpretation is that it's their sister.

 

Lucky she's not a hacker

[Joce640k]

Mine's across the hallway but it's the same principle.

Lucky she's not a hacker...

I hope.

Re:

[zero_offset]

Probably not many, unless the hot girl also owns a wireless IP webcam that points somewhere interesting. In which case you can probably already find her somewhere online, in which case those people will be more interested in articles about stealing credit card numbers.

not too surprizing

[Anonymous Coward]

Some IP cameras don't even need to be DoS'd, leave 'em out in the sun for 2 hours and they overheat... in fact, try to pull a stream from them and half the time they overheat. And we're talking about several hundreds of dollars worth of equipment rendered worthless by a bit of sunlight.

Re:

[PlusFiveTroll]

Here in the sunbelt I mount all of our outside wireless equipment in containers with solar fans. One benefit of an outside camera being wireless is network isolation from lighting strikes. I've seen far too many installations where people don't install one these http://www.hyperlinktech.com/web/hgln_cat5-2.php [hyperlinktech.com] on their externally mounted wired equipment.

Re:

[Anonymous Coward]

>I've seen far too many installations where people don't install one these http://www.hyperlinktech.com/web/hgln_cat5-2.php [hyperlinktech.com] on their externally mounted wired equipment.

Physics says 3 inches of ANYTHING won't block a direct lightning strike that travelled through miles of air. However, as the mythbusters did show, that amount of metal (and larger) is about at the point where it might attract lightning that strikes nearby.

Now, an indirect lightning strike it might block, perhaps; Although I wouldn't care

skipping the spam

[Anonymous Coward]

And people wonder why adblock is gaining 400k users a month
this site with its multiple pages is one of the reasons

http://www.informit.com/articles/printerfriendly.aspx?p=1016102&rl=1 [informit.com]

"Owned"?

[Poromenos1]

Are we using "owned" to mean "taken control of" in official context now, or is it just me?

Re:"Owned"?

[Yath]

No, it's still slang that doesn't belong in a Slashdot headline. Zonk should show more professionalism.

Re:"Owned"?

[joe 155]

this is one time when "pwning" would actually have been more useful, I read this and thought that it was advice on how to own one - literally things like how to purchase it and why you might want to; maybe a short review.

Hacking a camera should have a title like "hacking a wireless camera..." (or, dare I say it, even the stupid "cracking"). Or, as I say, if they must use some form of "down with the kids" newspeak then for god's sake get it right and use pwn.

Re:

[Poromenos1]

I agree, I spent a few seconds parsing that sentence trying to decide. Pwn is far more appropriate, and saying "owning" doesn't make it any more formal.

Re:

[azenpunk]

yes, it should have said 'pwned'

Re:

[LuSiDe]

Zonk is just trying to explain us how to buy a digital camera for a tiny amount of money.

Re:

[eam]

Yeah. I would expect much more professional behavior from someone named Zonk.

Re:

[Bazman]

Next slashdot headline:

  Ownz0ring teh Wireless Cam, Its LUser and teh Netw0rk LOL! ROLFMAYO!

Re:

[Dekortage]

Slashdot just OWNS those grammar nazis, word!

Wireless networking reminds me of JavaScript.

[Anonymous Coward]

Wireless communication reminds me a lot of JavaScript: it's just plain insecure.

With JavaScript, we have to worry about cross-site scripting, easily-thieved JavaScript code, and so many other issues.

It's much the same with wireless networking: we have to be concerned about intercepted transmissions.

So like with JavaScript, a lot of half-assed measures are put in place to try and deal with the inherently insecure nature of the medium. Most of these measures actually fail outright, or at least don't make the situation any better.

With computers still becoming faster at a rapid pace, the wireless encryption policies used today will be easily crackable by a typical PC within two or three years.

Re:

[Anonymous Coward]

Dude, one of the examples in the article even shows how the web config interface of this wireless cam can be used to cause JS XSS exploits! So this camera has both the problems of wireless comm and it also has all the problems of web dev (like JavaScript XSS)!

Unsecured wireless networks are insecure

[DrPepper]

Headline News! If you don't secure your wireless network, people can see the traffic on it and spoof responses! I'll concede the camera has a few bugs that should be fixed. But this article doesn't really raise any issues that the average Slashdot reader wouldn't know about.

The article is obviously aimed at a less experienced audience - in which case it really should provide some tips on securing your network, rather than trying to scare people about wireless network technologies.

Re:

[Wog]

The DOS concerns are absolutely valid, but the rest of the article is absolute garbage.

Congratulations to the author for revealing to us that equipment operating on an unencrypted network is vulnerable to interception or takeover.

Re:Unsecured wireless networks are insecure

[value_added]

The article is obviously aimed at a less experienced audience - in which case it really should provide some tips on securing your network, rather than trying to scare people about wireless network technologies.

Human nature being what it is, my vote would be to do both, irrespective of the audience.

Re:

[fosterNutrition]

The article is obviously aimed at a less experienced audience

That was exactly my thought when I read the summary. This junk sounds like something even Digg would find a bit childish... "HOW 2 HAX0R UR NEIGBORS WIRELES CAM FOR SWEET OWNZAGE." I think when /. ran that 4chan story, all the retarded 13 year olds heard about the site for the first time, and started signing up. I honestly believe this - the stories have always been a little hit or miss, but the number of completely childish comments has just gone through the roof.

Re:

[Chapter80]

But this article doesn't really raise any issues that the average Slashdot reader wouldn't know about.

Not sure that I agree with that statement.

Software Developers are writing the camera code. IT professionals are sometimes implementing the cameras. This article creates awareness for both. I think software developers and IT Professionals are "the average Slashdot reader", and can gain a lot from the article as written.

Don't you mean PWNED?

[kurthr]

I was hoping this was going to be about internet video sex slavery or something:^P

Hmm... and putting externally available insecure computers on your network makes you vulnerable. I guess that's news to someone. Oh, well I guess I should be doing something other than reading /. since I'm not atwork this weekend anyway.

I can't say

[piojo]

I can't say I've ever owned a wireless camera or its user.

I'll be the first

[eclectro]

A picture is worth a thousand spambots.

CRSF

[ceroklis]

Aah, the dreaded Canadian Rope Skipping Federation attack.

Good thing, too!

[Xenographic]

And here I was worried that they might use something like Cross-Site Request Forgery (CSRF) [wikipedia.org].

Good to know we only have Canadians to worry about, eh?

Doing what?

[glwtta]

You know, it's a little silly to use the word "own" to mean "exploit a vulnerability" when you are speaking in complete sentences, not substituting vaguely similar looking numbers for letters, and generally trying to sound like a grown-up.

How hard can it be...

[BlueParrot]

Seriously, why doesn't every wireless product out there just encrypt its damn signal. It's not as if it is particularly hard to implement and easy to set up an intuitive interface. Joe-shmoe won't understand how to do it? Nonsense, make an automated set-up interface that works over USB , standardise it, and let everyone else implement it as well. That way customers only need to learn how to do it once, and then it should be the same for every product they install. But nooooooooo we can't have any of that. W

Re:

[stuffeh]

Pitfall of this would be the fact that people now have a false sense of security. http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy [wikipedia.org] states that "a WEP connection can be cracked with readily available software within minutes." So whatever the cam's encryption will use might fall victim to some similar attack.

AXIS 207W

[kaszeta]

I've used these cameras for quite a few projects (including one for the Department of Homeland Security), and have found the same thing mentioned in this article: the security on them is pretty poor.

Before deploying these, we ended up disabling the wireless support, and coupling each camera with a Gumstix computer that was serving as both an image buffer and a nicely firewalled configuration that provided much more secure wireless communications.

Re:

[evilviper]

we ended up disabling the wireless support, and coupling each camera with a Gumstix computer

At that point, why even use a smart/networked camera? Plug a decent USB camera into the computer, and let it encode to (M)JPEG and run the HTTP server... A ~100MHz Pentium should be able to handle that.

Re:

[rindeee]

I'll take a stab at this (based on my experiences) and say that answer is probably that Axis makes a great (aside from the security flaws) camera. They're reliable, tough, etc. They really are quite nice and overall you'd be pressed to find as good a camera in USB flavor.

Re:

[evilviper]

For the several hundred dollars they charge for one of their cameras, I'm sure I could find a seriously heavy duty USB (or parallel, or firewire, or...) camera out there. Once you're using a computer to secure it, there's no longer any reason to spend that kind of money on even a heavy-duty CCD and lense.

Re:

[kaszeta]

The real reasons were (a) I already had a bunch of 207Ws, and (b) at the time you couldn't get full USB support on a Gumstix.

If I re-did it now, I'd probably use a different camera system, although the 207W does have some very good features.

perfect for a burglery

[r00t]

You can get the image. You can DoS the camera. You can impersonate the camera.

Oh boy. What would you like the security camera to show?

How about somebody else, who was previously captured on video?

Hardly surprising

[Z00L00K]

and just about any wireless traffic is sensitive to intrusion, as it happens the camera was in question, and that there are some security flaws there. There are always security risks with any connected device and wireless devices still requires that anybody has to be in the vicinity of the device to cause it to do undesireable things.

There are as always ways around this, and one lesson is that cameras (wireless or not) should never be on the same network zone as servers with sensitive data. (as with many

Big Deal

[Xenna]

So you can push a wireless device off its network. We knew that.
So you can do all kinds of nasty stuff over wireless if the network doesn't use WPA. We knew that.

I own a 207W, but I haven't learned anything new here. If I used it for anything security related I probably would've used Ethernet with Power Over Ethernet. Now I use WPA, and nobody has taken the trouble to sabotage my wireless network yet...

X.
 

What is a good wireless camera?

[tkrotchko]

This raises a question that I can't get answered.

I put weather from my backyard on my website. I use it for fun, when I'm at work, or away, I can tell the up-to-the minute weather, and I'd love to put a picture of the backyard up every few minutes. I want to get a wireless camera, but I don't want to pay a fortune, and I'd like it to support wireless.

Can anybody suggest a good camera for this purpose?

Re:

[mlush]

This raises a question that I can't get answered.

I put weather from my backyard on my website. I use it for fun, when I'm at work, or away, I can tell the up-to-the minute weather, and I'd love to put a picture of the backyard up every few minutes. I want to get a wireless camera, but I don't want to pay a fortune, and I'd like it to support wireless.

Can anybody suggest a good camera for this purpose?

Powering the device would be a problem but how about plugging a cheap webcam into a wireless USB adapter.

Reality check time...

[WheelDweller]

OK, the poster is *surprised* that embedded hardware (without the benefit of a decade's internet use, like DNS/DHCP) could be hacked and allow access to the LAN from the wireless?

You're kidding me.

Are there really *THIS* many people who think wireless is as secure as ethernet? This is one of the reasons I'm not building any wireless into my trailer. Do people have to be notified about the insecurity in wireless?

Oh, yeah...Microsoft is part of the sale; of course, they do. Carry on.