Insecure internet security cameras and nannycams are actively exploited by voyeurs to spy on owners

Originally published at: https://boingboing.net/2018/06/23/password-123.html

3 Likes

1

5 Likes

My Chinese cams are on a separate subnet, and cannot get to the Internet.
It really isn’t that hard, because I don’t use anything with the word “cloud” in it.
If my cams see something, my central server emails me, attaching a 20-second clip.

Insert surprise, surprise, surprise GIF of choice.

So what do you do if you figure out someone is spying? Putting up a sign in front of the camera “I know where you live” may scare someone. Or you could create a mock murder in front of the camera to let the snooper worry if he should call the police, risking to expose himself. (Only do this if you live in an area where the police isn’t trigger happy!)

My neighbors apparently have an alarm system from the cable company. I haven’t checked for new wifi devices in the area. I’m sure it’s all professional and secure. (He said while looking at the new cable the installer strung mid-air from their house to their front tree, then down the road three more trees until it runs into a lawn junction box.)

2 Likes

This has been happening for at least 10 years–or at least since the very first internet-connected security cams were available. Nothing has changed.

1 Like

This is the First Law of the Cloud: “It’s not your computer.” Unfortunately, nobody but techies truly understands it, at least not until it impacts them. And most marketers are reluctant to emphasize that point.

Laws can help, but its only temporary until the unscrupulous vendors suss out the loopholes. And new laws are extremely slow to respond to tech. By the time a law is passed outlawing something technical, the technology no longer uses whatever was outlawed.

3 Likes

Crap. Going to have to buy new underwear

2 Likes

because of farcically bad default passwords (“123”)

It doesn’t matter what the default password is. Unless the default password is random per-device (and not generated from the serial number, MAC address, etc), the default password could be 100 characters and still be insecure.

Idiot users will fuck any security up you try to create - random/long (actually secure) passwords will be changed to Password1 within 10 minutes; the telnet administration port that you have to explicitly turn on, with 3 different warning messages about its insecurity (and not exposing it to the internet) will get switched on cos a “YouTube tutorial” told them to, then forwarded to the 'net at large (or the whole device DMZed).

I’ve seen personal finance passwords set to “Money£”, then written on a post-it with an URL and username. I’ve seen a small business PBX (private telephone exchange) appliance in use with the plaintext AMI (softswitch control port) open to the internet. I’ve personally had to enforce security on a PC in a “print room” which printed financial documents which the operators would leave switched on, logged in, unlocked and unattended for days at a time.

If you don’t understand technology, stop allowing anyone on the internet who does to access your equipment. Just stop connecting your cheap IOT crap to the internet - full stop. Just stop buying well built and designed appliances and then screwing the configuration up.

If you actually want this stuff in your house/business - get a professional to install it - the same as you would for gas or electricity. Sure, it can’t kill you the same as those, but it can still fuck your life up royally (blackmail, fraud, ransomware, using your internet connection to commit arrestable offences - for which you will be blamed).

1 Like

Why is Boing Boing selling this?

2 Likes

I was going to say the same thing, especially with both articles popping up so close together:

If you read the description of the one bb is selling, it’s “completely encrypted” so it’s a “safe” wireless security camera.

I’m actually surprised the gadget article didn’t link back to this one.


Shorter answer to your question: “Because boingboing.”

They also write about how you need to get rid of Facebook while still maintaining a Facebook account.

“Cover all those bases!”

ETA: HAH! THIS!

Facebook is good for more than just keeping tabs on your high school friends. In fact, the platform has become an invaluable tool for marketers and entrepreneurs building their brands online.

Seriously. How, bb? How?!

2 Likes

I know three people that have had their passwords compromised.

In three out of three cases it was internal leaking or theft of the password database.

In each case it would have made no difference if their password was
passw0rd
or if it was
bXuZk_/8Qazt37}#ryTIZh1.l)5U]9"oB-oZ+?Q(6>}n-[52MbS3bCVKh!!vj:0)c5)Gg\RNs^>8Ogyf?4L"
and changed to that the day before the event.

2 Likes

That’s my password! thanks a lot!

You know how long it took to memorize that! Now I gotta add a one to the end…

5 Likes

The hackers will check a “1”. Be sneaky and make it… a “2”.

4 Likes

Well now I gotta go with a 3 since you are giving away teh secretz…

Wait…crap…

3 Likes

Do you really want to INTERACT with someone that is spying on you? I would, um, just stop using crappy surveillance tech.

People busy with more concrete problems than relatively vague - and when not vague, too numerous and varied to comprehend - risks.

So people are lacking in a formal, trusted source of reliable and consumable information about internet security, and are falling back on what they know.

Like the cable company representative? Other than that, who exactly are you talking about? Busy Busy Town didn’t have an internet-device-installer, so it’s not really on anyone’s radar…

This topic was automatically closed after 5 days. New replies are no longer allowed.