A search-engine for insecure cameras, from baby-monitors to grow-ops


#1

[Read the post]


A WiFi camera that makes home and office security a bargain
#2

from baby-monitors to grow-ops


#3

I wonder if I could control a pacemaker or two?


#4

Exactly what I was thinking!


#5

Based on some of the medical equipment on there, you could control a heck of a lot more than just pacemakers.


#6

Deep brain stimulators come to mind.


#7

The wording in this post seems little over the top. It’s like saying Google is a search engine for porn. Sure, you can find porn with Google, but that’s not its express purpose. Similarly, Shodan appears to be about the “internet of things” which includes a lot more than webcams and baby monitors. Basically, this is clickbait of the worst kind.


#8

Since when?


#9

Is there a list of guidelines to follow to ensure my baby cam is secure, or better yet, some automated testing tool?

I’ve got a non-default username and password on the camera.

My wifi network is secured with WPA2 with a 35 ascii character key.

Is there more I should be doing?


#10

paging @japhroaig wanna help a guy actually wanting to know more.
I got nothing beyond changing the username/password and maybe don’t have it talk outside your home network.


#11

And @WalterStabosz its a tough one. It really is. The steps you listed are absolute essentials. And like brushing your teeth, take care of a majority of issues. A few thoughts.

If you can access your cam from your phone, and you don’t know precisely how you can, there are risks. (Csrf, token hijacking, etc) If it is a camera watching your garden, I probably wouldn’t care one way or another. If it is in your house… Well, the web of complexity goes up exponentially.

Is the device receiving the video okay. Can it be accessed remotely? Does it store data on remote servers? Remember, The Fappening was able to happen because apple took remote incremental backups without saying they only tombstoned data, but didn’t delete it.

What happens if someone “borrows” the device that can see the cam feed? Is the cam feed delivered in an un authed webpage?

Securing your WiFi is 80% of the solution. And it sounds like you’ve done that. But when auditing footage make sure you aren’t doing it on a shared pc at Starbucks :smiley:


#12

The point here isn’t to accuse the site of being a search engine for insecure IoT things, but to accuse the vendors who trusted to supply the Things that said Internet of Things is to be built upon of doing a shitty, shitty, shitty, shitty job personal-security-wise, which is pretty much entirely fair and true.
Also, I know it’s just an expression, but I’m getting really tired of the phrase “of the worst kind” being invoked when there are clearly so many much, much worse examples out there. But I guess “of a mild-ish middling kind” wouldn’t have the same impact…


#13

I understand, but there’s an hint of “if you use this search engine, you’re a pedo” in the way they worded this, and that’s pretty bad.


#14

Um, yes? I don’t know if it’s the best search engine for porn, but it is, most definitely, a search engine for porn.


#15

No there isn’t.


#16

Yeah, no.


#17

This topic was automatically closed after 5 days. New replies are no longer allowed.