This is not something new, but I just came across this and found it quite interesting and fun, so just thought of mentioning it here.
You can find a CCTV camera anywhere you go these days. Most of the companies install a CCTV camera to monitor their physical security and think that only the assigned personnel within the company can monitor it. If that's the case, you may want to think again, as it's not just the personnel within the company, but anyone on the Internet can see and monitor the activities of the camera.
If you don't believe that now, you will very shortly ;-) as once again Google is our best friend to make our job easier in doing so. If you know the search criteria to find an Internet connected CCTV camera, Google will list all these cameras in the search result. So just thinking that no one will be able to find your CCTV camera as you have not published this information anywhere is bit naive.
I have listed some of the search strings below to find these cameras. Different search criteria applies to different brands of the cameras and lists the online cameras of that brand.
inurl:"/view/view.shtml"
inurl:"ViewerFrame?Mode="
inurl:"view/index.shtml"
inurl:"MultiCameraFrame?Mode="
inurl:"/home/homeJ.html"
If you click on one of the search results, it will show you the live view for that camera and all the menu options where you can change the view, zoom in and out, hear sound or do whatever you want within those menu options. Now isn't it bit worrying if anyone on the Internet can do that. What about criminals trying to breach your physical security. They just fix the camera at one location while carrying their attack at another. How fascinating is that?
If that's not enough, the top right corner of the image provide a link for the setup. Clicking on the setup will prompt for user credentials where you can gain admin access to the camera. But who knows if you can brute force the credentials successfully or someone has just not changed the default credentials. If you can gain access to the camera setup this way, its game over!!! You can control the camera fully now and do whatever you want to do with it.
*** Disclaimer ***
I have published this information for educational purpose only and have not tried to gain an unauthorised access to any of the systems on the Internet while conducting my research. You are free to use this information in any way you want and I can't be held responsible for the consequences because of any of your actions. Good luck and have fun ;-P
You can find a CCTV camera anywhere you go these days. Most of the companies install a CCTV camera to monitor their physical security and think that only the assigned personnel within the company can monitor it. If that's the case, you may want to think again, as it's not just the personnel within the company, but anyone on the Internet can see and monitor the activities of the camera.
If you don't believe that now, you will very shortly ;-) as once again Google is our best friend to make our job easier in doing so. If you know the search criteria to find an Internet connected CCTV camera, Google will list all these cameras in the search result. So just thinking that no one will be able to find your CCTV camera as you have not published this information anywhere is bit naive.
I have listed some of the search strings below to find these cameras. Different search criteria applies to different brands of the cameras and lists the online cameras of that brand.
inurl:"/view/view.shtml"
inurl:"ViewerFrame?Mode="
inurl:"view/index.shtml"
inurl:"MultiCameraFrame?Mode="
inurl:"/home/homeJ.html"
If you click on one of the search results, it will show you the live view for that camera and all the menu options where you can change the view, zoom in and out, hear sound or do whatever you want within those menu options. Now isn't it bit worrying if anyone on the Internet can do that. What about criminals trying to breach your physical security. They just fix the camera at one location while carrying their attack at another. How fascinating is that?If that's not enough, the top right corner of the image provide a link for the setup. Clicking on the setup will prompt for user credentials where you can gain admin access to the camera. But who knows if you can brute force the credentials successfully or someone has just not changed the default credentials. If you can gain access to the camera setup this way, its game over!!! You can control the camera fully now and do whatever you want to do with it.
*** Disclaimer ***
I have published this information for educational purpose only and have not tried to gain an unauthorised access to any of the systems on the Internet while conducting my research. You are free to use this information in any way you want and I can't be held responsible for the consequences because of any of your actions. Good luck and have fun ;-P
Posts
0 comments:
Post a Comment