Excedeo Blog

Excedeo has been serving the San Diego area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Researchers Investigated Internet-Connected Surveillance Cameras, What They Found is Unbelievable

b2ap3_thumbnail_internet_of_things_presents_risk_400.jpgThere’s a reason why IT professionals think that the Internet of things is a major security discrepancy. Around 5.5 million new devices are being connected to the Internet every day, and are giving security experts a run for their money. The Internet of Things and its devices could potentially become a security hazard for businesses that aren’t prepared to protect their assets from hacks.

It’s not unheard of for users of Internet of Things devices to forget to secure them, especially in the case of security cameras. If this happens, an unsecured security camera that’s connected to the Internet can be used for some nefarious things. Lisa Vaas of Naked Security reported on a study saying that these IoT devices have plenty of security holes. Her report, “DVR snaps stills from CCTV surveillance and sends them to China,” goes into detail about findings from researchers at UK-based Pen Test Partners.

The study analyzed data from Shodan, the search engine dedicated to Internet-connected devices like buildings, smart appliances, webcams, and so much more. These researchers chose to focus on Internet-connected surveillance cameras.

Just a quick note: we want everyone who uses web-connected security cameras to know that even an average PC user can create a Shodan account and use it to search for, access, view, and control unsecured cameras. We weren’t sure how well this works, but it definitely does. Take a moment to view these stills from random surveillance cameras that we came across on Shodan:

ib spy1

ib spy2

ib spy3

ib spy4

These are just a couple of random shots that we came across. There might not be much going on here, but one thing we do know, monitoring strangers in their homes is certainly unethical. These cameras are just random ones that we stumbled upon. However, Shodan has been criticized for giving its users easy access to cameras that are sensitive in nature. Vocativ cites findings by Ars Technica:

These webcams show feeds from sensitive locations like schools, banks, marijuana plantations, labs and babies’ rooms. Shodan members who pay the $49 monthly fee can search the full feed at images.shodan.io. A Vocativ search of some of the most recently added images shows offices, school, porches and the interior of people’s homes. Accompanying each of these grabs is a pinned map that shows the location of the device capturing that footage.

If you’re still not sold on how creepy and intrusive this whole concept is, let’s go back and take a closer look at the first study we mentioned by Pen Test Partners. Vass reports:

The device also has no Cross-Site Request Forgery (CSRF) protection, so attackers can trick users into clicking on links to carry out malicious actions; it has no lock-out, so attackers can guess as many passwords as they like; it sends communications without HTTPS that can be intercepted and tampered with; and there’s no firmware updates, so “you’re stuck with these issues,” Pen Test Partners said. But weirdest of all, the thing is capturing still images from video feeds and emailing them to an address that appears to be hosted in China.

Why exactly are surveillance images being sent to China? This is a question that Pen Test Partners was never able to answer. Rather than speculate on what’s going on here, we’re going to take the objective road and attempt to address the real problem: the fact that surveillance cameras are unsecured in the first place.

If your organization needs assistance with securing your Internet-connected devices, Excedeo can help. We can help you understand how Internet of Things devices work, and what you can do to ensure that maximum security for your network. To learn more, give us a call at 619.398.4100.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, 25 June 2017
If you'd like to register, please fill in the username, password and name fields.

Contact Excedeo Today


Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Technology Privacy Cloud Best Practices Internet Microsoft Software Productivity Business Computing Hackers Efficiency Hosted Solutions Google Business Management Managed Service Provider Backup Business Innovation Workplace Tips Malware windows IT Support Upgrade Miscellaneous IT Services Computer Windows 10 Saving Money Hardware Mobile Devices User Tips Virtualization Gadgets Communication Mobile Computing Information Technology Email Data Business Continuity Quick Tips Server Apps Health Smartphones Social Media VoIP Disaster Recovery Small Business Network Mobile Office Microsoft Office Going Green Smartphone Mobile Device Management Operating System Office Passwords Save Money Android App Application Chrome Alert Marketing Holiday Productivity Browser The Internet of Things WiFi Ransomware Best Practice BYOD Remote Computing Tablet Search Wearable Technology History Apple Vendor Management Facebook Employer-Employee Relationship Unified Threat Management Avoiding Downtime Network Security Managed IT Services spam Hacking Big Data Saving Time Wireless Technology BDR Social Customer Relationship Management communications Mobility Remote Monitoring Antivirus Law Enforcement Collaboration iPhone Hard Drives Office Tips Maintenance Data Management Computers Router USB Cybercrime Cybersecurity Telephone Systems Analytics Government Users Firewall User Error Bandwidth Lithium-ion battery Bring Your Own Device Current Events Phone System Wireless Automation Humor Website Net Neutrality Risk Management Money Cost Management Password IT Solutions Printer Social Networking Gmail Encryption administration PowerPoint Office 365 OneNote Streaming Media Disaster Trending Budget Intranet Recovery Laptop Content Filtering VPN Cloud Computing IT COnsultant Work/Life Balance Education Television Computer Repair Tech Support Outlook Meetings Telephony Customer Service Biometrics Virus Phishing Uninterrupted Power Supply Private Cloud Virtual Reality Social Engineering HIPAA Internet Exlporer Google Drive Samsung DDoS Proactive IT Emails Instant Messaging Battery Audit Online Currency Entertainment Windows 8 Cleaning Benefits Personal Information Automobile Computer Accessories Save Time Augmented Reality Computer Care Identity Theft Point of Sale Printer Server Unsupported Software HaaS Programming Managing Stress Twitter Update Wi-Fi Retail Paperless Office End of Support Flexibility Outsourced IT Transportation Business Intelligence Fax Server Shortcut Scalability Ebay Microblogging Upgrades Computer Fan Experience Robot Computing Travel Employer Employee Relationship Buisness PDF Consultant Hard Drive Running Cable How To Sales WannaCry Music Data storage Text Messaging Near Field Communication Networking Touchscreen Images Webinar Monitors Books 3D Printing Human Resources Artificial Intelligence IT consulting Surge Protector Webinar Black Market Nanotechnology Internet of Things Electronic Medical Records Touchpad Reliable Computing Training Debate IT solutions Help Desk Distributed Denial of Service Compliance Root Cause Analysis Sports Bloatware Operating Sysytem Company Culture Windows 10s eWaste Inbound Marketing Community Files Branding ISP Solid State Drive SaaS Intrantet Mouse Value Chromecast Keyboard Reputation WIndows 7 Lifestyle Blogging Tutorial Hard Disk Drive Worker Commute Network Congestion Regulations Hiring/Firing Two-factor Authentication hacker Bluetooth Video Games Windows 10 Storage Administrator junk Cameras Co-managed IT Smart Technology SharePoint Legal User Display Mobile Device Vulnerability Excel Access Amazon filter Presentation Nokia Virtual Desktop Teamwork OneDrive Best Available Gift Giving Print Server Youtube iOS Hosted Solution Politics Science Scam Advertising