Discover what great technology looks like!

Researchers Investigated Internet-Connected Surveillance Cameras, What They Found is Unbelievable

b2ap3_thumbnail_internet_of_things_presents_risk_400.jpgThere’s a reason why IT professionals think that the Internet of things is a major security discrepancy. Around 5.5 million new devices are being connected to the Internet every day, and are giving security experts a run for their money. The Internet of Things and its devices could potentially become a security hazard for businesses that aren’t prepared to protect their assets from hacks.

It’s not unheard of for users of Internet of Things devices to forget to secure them, especially in the case of security cameras. If this happens, an unsecured security camera that’s connected to the Internet can be used for some nefarious things. Lisa Vaas of Naked Security reported on a study saying that these IoT devices have plenty of security holes. Her report, “DVR snaps stills from CCTV surveillance and sends them to China,” goes into detail about findings from researchers at UK-based Pen Test Partners.

The study analyzed data from Shodan, the search engine dedicated to Internet-connected devices like buildings, smart appliances, webcams, and so much more. These researchers chose to focus on Internet-connected surveillance cameras.

Just a quick note: we want everyone who uses web-connected security cameras to know that even an average PC user can create a Shodan account and use it to search for, access, view, and control unsecured cameras. We weren’t sure how well this works, but it definitely does. Take a moment to view these stills from random surveillance cameras that we came across on Shodan:

ib spy1

ib spy2

ib spy3

ib spy4

These are just a couple of random shots that we came across. There might not be much going on here, but one thing we do know, monitoring strangers in their homes is certainly unethical. These cameras are just random ones that we stumbled upon. However, Shodan has been criticized for giving its users easy access to cameras that are sensitive in nature. Vocativ cites findings by Ars Technica:

These webcams show feeds from sensitive locations like schools, banks, marijuana plantations, labs and babies’ rooms. Shodan members who pay the $49 monthly fee can search the full feed at images.shodan.io. A Vocativ search of some of the most recently added images shows offices, school, porches and the interior of people’s homes. Accompanying each of these grabs is a pinned map that shows the location of the device capturing that footage.

If you’re still not sold on how creepy and intrusive this whole concept is, let’s go back and take a closer look at the first study we mentioned by Pen Test Partners. Vass reports:

The device also has no Cross-Site Request Forgery (CSRF) protection, so attackers can trick users into clicking on links to carry out malicious actions; it has no lock-out, so attackers can guess as many passwords as they like; it sends communications without HTTPS that can be intercepted and tampered with; and there’s no firmware updates, so “you’re stuck with these issues,” Pen Test Partners said. But weirdest of all, the thing is capturing still images from video feeds and emailing them to an address that appears to be hosted in China.

Why exactly are surveillance images being sent to China? This is a question that Pen Test Partners was never able to answer. Rather than speculate on what’s going on here, we’re going to take the objective road and attempt to address the real problem: the fact that surveillance cameras are unsecured in the first place.

If your organization needs assistance with securing your Internet-connected devices, Techworks Consulting, Inc. can help. We can help you understand how Internet of Things devices work, and what you can do to ensure that maximum security for your network. To learn more, give us a call at (631) 285-1527.

Techworks Announced One of the 2016 Future 50 Awar...
Adopt These 3 IT Concepts to Ensure Future Success
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, 14 November 2024

Captcha Image

Contact Us

Learn more about what Techworks Consulting, Inc. can do for your business.

Call Us Today
Call us today
(631) 285-1527


Headquarters
760 Koehler Ave, Unit #3
Ronkonkoma, New York 11779

HIPAA Seal of Compliance” width=

HIPAA Seal of Compliance” width=

Latest Blog

A compressed file (also known as a zip file) is a handy way to accomplish various tasks, although many people may not know what they are or do. We want to fix that, so we’re going over what a compressed file is and how to make one.

TOP