![]() ![]() The direct MJPEG live-stream seems to be available at Next steps will be to try to login to the camera, get a terminal, see what OS it’s running and check what data is getting send to where. You can configure a custom dynamic DNS, but even if you do, or if you disable it, it seems that the camera always connects to the built in ddns-server (). I also don’t own a purple couch, the white balance on this thing is horribly off. ![]() The web interface has your standard buttons and shows the device firmware- and web interface version (it’s not the original web interface, I had reflashed it by this point with the Apexis one). The manual mentions two different logins in two different sections (admin:000000 and admin:1234), trying them at random at all the different login prompts seems to yield the best results. The camera comes with a web-interface accessible through a browser on its build in web-server and a seems to be compatible with a plethora of mobile apps that all come in a different flavor of buggy. All-in-all a fairly standard (low resolution) IP camera. ![]() The Logilink Logilink WC0030A has a 0.3 MP sensor, a wired ethernet interface, a WiFi radio (wired and WiFi can’t be used at the same time), some IR LEDs up front, 2 way audio, it can pan and tilt and has a trigger input and output (for alarm type things). (I was going to use this camera to remotely witness my puppy destroying my living room) Manufacturers don’t really care about the personal data belonging to the users of their products, and the users themselves don’t have the technical knowledge to asses the security of the device or to secure it (which sometimes means to just not use it).Īs a quick example you can have a look at this simple Shodan search query (Shodan is a search engine for the Internet of things, or basically it indexes everything Google doesn’t), and be amazed at how many shops, living rooms, playgrounds, parking lots, kitchens, stairwells, gardens, factories, bedrooms (?), classrooms, pools, hotels and even the mourning-hall of a funeral home, have an unsecured live video feed for you to stare at.īefore I was going to use the above mentioned IPcam I wanted to have a look at how much data it leaked and to whom, and how hard it would be for someone to hijack the video feed and get a live view of my dog. Security in cheap IoT devices is becoming a big issue. Accompanying apps are buggy, features are lacking, the firmware is buggy and tends to crash and the security was an afterthought. The cheap price is great if you want a cheap alarm system or an easy way to spy on your neighbors/pets, but it also means that the included firmware and software isn’t very well developed (you get what you pay for). Our victim in question is currently still available for about €43, but clones/copies/similar models are available from China for even cheaper. Mass production made the prices of decent quality image sensors, and very capable SoCs, drop significantly. IP Cameras have become extremely cheap in the last couple of years. I present to you the Logilink WC0030A also known as the Apexis APM-JP8015-WS My goal was to have a look at the security of these very cheap IoT devices, and see how they could be improved. Then continued to open the camera up, connect to the serial console of the SoC extracted the root password and logged in via telnet over the wireless interface. This post will describe how I inspected the IP traffic of a cheap pan/tilt IP camera. IoT IP camera teardown and getting root password (Updated) ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |