Excedeo Blog

Excedeo has been serving the San Diego area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Researchers Investigated Internet-Connected Surveillance Cameras, What They Found is Unbelievable

b2ap3_thumbnail_internet_of_things_presents_risk_400.jpgThere’s a reason why IT professionals think that the Internet of things is a major security discrepancy. Around 5.5 million new devices are being connected to the Internet every day, and are giving security experts a run for their money. The Internet of Things and its devices could potentially become a security hazard for businesses that aren’t prepared to protect their assets from hacks.

It’s not unheard of for users of Internet of Things devices to forget to secure them, especially in the case of security cameras. If this happens, an unsecured security camera that’s connected to the Internet can be used for some nefarious things. Lisa Vaas of Naked Security reported on a study saying that these IoT devices have plenty of security holes. Her report, “DVR snaps stills from CCTV surveillance and sends them to China,” goes into detail about findings from researchers at UK-based Pen Test Partners.

The study analyzed data from Shodan, the search engine dedicated to Internet-connected devices like buildings, smart appliances, webcams, and so much more. These researchers chose to focus on Internet-connected surveillance cameras.

Just a quick note: we want everyone who uses web-connected security cameras to know that even an average PC user can create a Shodan account and use it to search for, access, view, and control unsecured cameras. We weren’t sure how well this works, but it definitely does. Take a moment to view these stills from random surveillance cameras that we came across on Shodan:

ib spy1

ib spy2

ib spy3

ib spy4

These are just a couple of random shots that we came across. There might not be much going on here, but one thing we do know, monitoring strangers in their homes is certainly unethical. These cameras are just random ones that we stumbled upon. However, Shodan has been criticized for giving its users easy access to cameras that are sensitive in nature. Vocativ cites findings by Ars Technica:

These webcams show feeds from sensitive locations like schools, banks, marijuana plantations, labs and babies’ rooms. Shodan members who pay the $49 monthly fee can search the full feed at images.shodan.io. A Vocativ search of some of the most recently added images shows offices, school, porches and the interior of people’s homes. Accompanying each of these grabs is a pinned map that shows the location of the device capturing that footage.

If you’re still not sold on how creepy and intrusive this whole concept is, let’s go back and take a closer look at the first study we mentioned by Pen Test Partners. Vass reports:

The device also has no Cross-Site Request Forgery (CSRF) protection, so attackers can trick users into clicking on links to carry out malicious actions; it has no lock-out, so attackers can guess as many passwords as they like; it sends communications without HTTPS that can be intercepted and tampered with; and there’s no firmware updates, so “you’re stuck with these issues,” Pen Test Partners said. But weirdest of all, the thing is capturing still images from video feeds and emailing them to an address that appears to be hosted in China.

Why exactly are surveillance images being sent to China? This is a question that Pen Test Partners was never able to answer. Rather than speculate on what’s going on here, we’re going to take the objective road and attempt to address the real problem: the fact that surveillance cameras are unsecured in the first place.

If your organization needs assistance with securing your Internet-connected devices, Excedeo can help. We can help you understand how Internet of Things devices work, and what you can do to ensure that maximum security for your network. To learn more, give us a call at 619.398.4100.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, 20 November 2017
If you'd like to register, please fill in the username, password and name fields.

Contact Excedeo Today


Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Technology Privacy Cloud Best Practices Internet Microsoft Software Productivity Google Business Computing Hackers Business Management Backup Efficiency Hosted Solutions Managed Service Provider Innovation Business Workplace Tips windows User Tips Malware IT Support IT Services Computer Miscellaneous Hardware Upgrade Saving Money Mobile Devices Windows 10 Virtualization Gadgets Disaster Recovery Email Business Continuity Communication Mobile Computing Microsoft Office Information Technology Mobile Device Management Server Apps Data Small Business Quick Tips VoIP Smartphone Network Health Social Media Smartphones Mobile Office Going Green Android Chrome Network Security Save Money Productivity Operating System Office Passwords Marketing Holiday Browser App Application Alert Best Practice BYOD spam Remote Computing Tablet Search Wearable Technology The Internet of Things Apple WiFi Ransomware iPhone Managed IT Services Hacking Cybercrime communications History Cybersecurity Facebook Vendor Management Employer-Employee Relationship Unified Threat Management Collaboration Avoiding Downtime Law Enforcement Hard Drives Risk Management Office Tips Password Money IT Solutions Maintenance Big Data Data Management Saving Time Computers Wireless Technology BDR Social Telephone Systems Customer Relationship Management Government User Error Remote Monitoring Mobility Antivirus Wireless VPN Humor Website Unsupported Software Net Neutrality Cost Management Printer Social Networking Shortcut Outlook Data Recovery Outsourced IT Router Data Backup USB Encryption Analytics Google Drive Users Office 365 Proactive IT Firewall Bandwidth Lithium-ion battery Bring Your Own Device Current Events Phone System Automation IT COnsultant Cloud Computing Education Television Computer Repair Work/Life Balance Wi-Fi Tech Support Politics Gmail Phishing administration PowerPoint OneNote Streaming Media Disaster Data Security Trending Audit Managed IT Budget Intranet Recovery Laptop Content Filtering Printer Server Computer Care HaaS Identity Theft Programming Managing Stress Twitter Update Storage Windows 10 Retail Excel Paperless Office Vulnerability Hosted Solution Transportation End of Support Business Intelligence Fax Server Google Docs Meetings Flexibility Travel Telephony Customer Service Biometrics Data Storage Virus Uninterrupted Power Supply Private Cloud Virtual Reality Social Engineering HIPAA Internet Exlporer DDoS Emails Instant Messaging Artificial Intelligence Samsung Online Currency Entertainment Windows 8 Sports Benefits Battery Computer Accessories Cleaning Personal Information Augmented Reality Automobile Point of Sale Managed IT Services Save Time WIndows 7 Lifestyle Blogging Tutorial Word Solid State Drive Network Congestion Regulations Settings Keyboard IT Management Two-factor Authentication Reputation Windows Ink Bluetooth Hard Disk Drive Worker Commute Administrator junk Cameras Co-managed IT IT Support Hiring/Firing WIndows Server 2008 hacker Google Maps SharePoint Video Games User Display Access Amazon filter Presentation Nokia Commerce Smart Technology Patch Management Virtual Desktop Mobile Device Data Loss Teamwork Legal OneDrive Best Available Gift Giving Print Server Youtube Science Sync Ebay Microblogging Computing iOS Robot Buisness Advertising Scam Sales Upgrades Microsoft Excel Hard Drive Running Cable Scalability Computer Fan Experience Data storage Networking PDF Near Field Communication Screen Mirroring Employer Employee Relationship Adobe Webinar Consultant File Sharing Images How To 3D Printing WannaCry Music Human Resources Text Messaging IT consulting Cast Surge Protector Applications Touchscreen Cortana Monitors Internet of Things Books Touchpad Reliable Computing Licensing Debate Webinar Legislation Help Desk Distributed Denial of Service Black Market Compliance Nanotechnology Electronic Medical Records Bloatware Training Tablets IT solutions eWaste Inbound Marketing Community Root Cause Analysis Files HBO Operating Sysytem Branding ISP Company Culture NFL Windows 10s SaaS Intrantet Mouse Value Chromecast Data Protection