some places that make cameras, expensive and inexpensive, use the same stuff it doesn't matter.

I have a router, I am powned. Simple as that. Mode, make etc makes no difference. But the only webcam I have is connected through USB when used and otherwise physically disconnected.

@@MrDoboz would work for blackmail purposes

@@nogo7277 unless the hacker can automate the blackmailing (which is not an easy thing to do), it's probably not worth their time. They could work on some ransomware instead which brings some shitton of money, or just get a real job at some security testing team. You see those are the big money, not individual person's wallet. Those are not big, and many would still refuse to pay.

the toaster laughs!

I regularly speak every year, and I always forget to do this! You're at the end, the tough part is over (only questions left), and it's so easy to miss it. (I've written this so I engrave it into my brain)

you can infer the question from the answer

xl Not if the answer is something like "yes" "no or "maybe"

Good speaking practice, but to be fair, I really liked this speaker's mannerisms, his talk presence and clarity so I let it pass because his talk was extremely interesting and very entertaining.

Or you could just ascertain the questions by listening to the answer. Lemme help you out. (and yes I know this was commented 3 years ago) First person asked if these were the only cameras he had looked at for his research, or if he had an opportunity to look at some other more secure vendors. And second question asked if it was possible to replace the .cgi with something other than a still image, such as a video file. Luckily, there were no questions that were simply answered with a "Yes' or "No", but that's just offering half ass answers anyways, which most presenters are going to try their best not to do. Alrighty then!

That's fine, Olf, it's OK to like tech stuff more than comedy.

true, but it's actually sad too, now what the fuck am I gonna do? I can't buy a fucking camera that can't be exploited by anybody who has a brain and some free time to work out the exploits

exactly my thoughts.....I swicthed stand-ups with blackhat videos :D

This is some form of comedy, to my eyes.

6 6 better than douchery and pretentiousness.

I agree. He's fantastically good at explaining things in understandable terms.

You're AWESOME! dont give up

omg same!

Can someone tell me what he uses to read the firmware code?

@@simplekindofman8867 binwalk. He said it at 31:22

I think the vast majority of these backdoors rely on complacency - "we know way more than the average user, and that makes this device secure" - or security through obscurity - "let's make it difficult to defeat this security by throwing a few things in there they can't possibly know already". Lamentably, as a manufacturer it's far easier to deliberately write a backdoor into every device you produce than to try and provide the customer service to all of those who actually manage to lock themselves out of their own devices. This talk serves to demonstrate that if you (accidentally or deliberately) make your design vulnerable to attack, somebody will attack it. Because if they can attack it with the right reasons in mind, anybody can attack it for any purpose they want to.

​@@omardude39 Ahh yes, the classic "We know more than you and our customers are bound to be ignorant. Let us accommodate easy troubleshooting solutions that don't ask too much of our privileged position!" No idea why anyone thinks this is good logic, as something that is only secure to the ignorant masses isn't actually secure from any threat that matters.

A bugdoor, as we like to call it

@imdahG What does this have to do with the talk? It doesn't take a government to take advantage of these types of vulnerabilities. Anyone with a decent undestanding of RE and exploitation can utilize them, and anyone that watches a talk like this and has a basic understanding of computers can follow along and utilize the bugs that security researchers publish. Furthemore, going back to your actual point, what makes you think the government even takes advantage of these? The employees have more important things to do than watch random video feeds. The speaker also made a note to say that he discovered these on his own - this wasn't work he was doing for the government.

Mr. Patato head! Mr. Patato head! A bug door is not a secret!!!!

+NikkiDiamond Or put your IP cameras on a locked down vlan with no internet access.

Darthane I'm too flinstone for that shit

NikkiDiamond Damn you, now I have that theme song in my head.

Darthane That was all part of my evil plan

+NikkiDiamond hahaha too flintstone for that shit hahaha

haha i just realised that and its now 2020 woah

lol

Dude you know it doesn't come from the beer right? also this talk was from 7 years ago...

@@Rico-iz8mb joke went miles over your head huh?

OMFG LOOOOL

Of course. No one cares about these things. NSA want these backdoors. Russian equivalent want them. Customers (even when running nuclear plants) does not know enough about these thing. I as an professional programmer with more than a few decades worth of experience and enough interest to see a few of these videos do not know _enough_ about these things. And most people, programmers and customers alike, can't be bothered.

I'd even argue there are two reasons. Innovation and profit. Flaws=room to improve=Selling "Better" equipment with different flaws. After all, the media basically suffers from the same security through "obscurity" bias.

Wtf still?

both

Schrodinger's poduim

Could be neither, camera might just be really low and close

Comical camera angle !

He's just comically far away from it

yeah i don't run anything other than openwrt, the main router can be whatever the fuck but i won't connect without a good router.

He was saving room for Corona

11:58

hell no, take his water... his loud ass gulping

I don't think a firewall will protect you, unless you are blocking all traffic to the camera. If there is a firewall rule allowing incoming http traffic to the camera, to the camera it will be the same to have video feed streaming out from strings coming in or out, and those strings can be malformed urls or command injections.

Yeah. So again, don't put your system on the internet. What little having an internet-connected system buys you (a bit of convenience), is not worth the risk of easy exploits.

the easiest way to block from the firewall is to use port knocking. that means trying for example to connect on port 30506, then 18365, then 28435, then the firewall allow http packets to the webcam from your IP only, if you don't connect in this exact sequence, it blocks you for 5 seconds. if you wanted to brute force a 3 port port knocking pattern with a 5 sec timeout, you'd have to wait about 21 990 232 555 520 seconds or about 696 828 years. Still doable, but if you change the pattern every 2 months, that might be almost impossible (you'd need a 4 million ip botnet working on it, and it should probably rise a huge flag on the firewall.) also if you lock definitely an ip after 50 or 100 fails, it would be impossible to brute force unless you are lucky.

Better still, set up a personal VPN to your home network and only make it accessible from that and the LAN, or alternatively, use SSH port forwarding to get to it. Don't make it accessible directly from the Internet - even with port knocking

Or you just put a second password between the camera and the internet. The backdoor doesn't work anymore then.

they're almost all gone by now, you have to remember that ipv4 is rather small and that people fuck up the hosts or a white hat comes and plant a flag, fixing the cve.

Have you got Kali Linux? If not, get it.

Peter Maddison I’ve got it. Using it on Virtual Box. This security stuff is so complicated. I had no idea how traffic could be manipulated.

Simplekind Ofman any update for a fellow absolute beginner?

@@haveaniceday7950 Well, I use Virtual Box for loading the virtual machines. However, lately, Hack the Box is a great site for practicing pen testing. You learn a lot and see some real material. If you really want to learn, go to Udemy, they have classes really cheap and some of those folks are very detailed.

Somebody needs to make a shirt of that.

I am Groot

Winner of KZbin 2019!

Share the list

I have just finished the campaign and then discovered this video :)

Me too!

watch dogs is literally the worst game of this year.

Josh Kelly I agree

Josh Kelly You're opinion, but it is basically the modern AC

I've seen them behind WAFs.

Why not have the firmware available and pay bounties?

@@MazeFrame You answered it with the question. "pay"

chuck norrisonefivesix now it is ^^

There are still cameras accessible tho

Don't forget that absolute nobody on this planet updates surveillance camera firmware

Both are right.

Not for D-Link, good luck!

I think your confusing his nerdy colloquialisms (which he let show multiple times in his presentation) with ignorance of the letter "O" not being the same thing as the number "0". But to be fair, your not wrong still lol.

@Joe Blow Yeah this is true. And while i do think he was doing it on purpose to some degree, I was thinking about another example where it's considered the norm. I live here in Denver, Colorado and if you ask almost ANYONE what our area code is, they will tell you its "3-Oh-3" or 303. Almost nobody will ever say "3-Zero-3", and i've never really given it much thought as to why until now...... Conclusion: People are weird.

@@GoogleUsedToLetThisNameBeLong that's pretty common around me also. Somewhere along the line someone subbed Oh for Zero and it's been like that ever since. In fact the only time i ever say zero as opposed to oh is when I'm on the phone confirming some type of number or code.

yeah I fucking hate when people say four oh four error too /s

"OH" is one syllable and is arguably the second easiest, after "AH." compare that to zero, which has two difficult consonants as well as vowels that vibrate at very different tones and in different parts of the oral cavity. in other words, it's just easier

every vendor has programs that will scan for cameras on the network. it will even allow you to change the ip... without autentication... there are some models that lock this out though after a period of time after start up

Landan Hughes Now that is surprisingly (in a scary way) easy.

*ahem* github.com/robertdavidgraham/masscan

shodan

So?

Mikrotik, I'd guess? That's pretty popular in Eastern Europe

@@adrianalexandrov7730 my secret has been compromised, roll the delete everything scene from wolf of wall street

that's hella suspicious

and legal

Their code may not be GPLd. The base os is normally a standard distro like uclinux, running other open apps like apache. They don't have to release their own code.

@@DeannaEarley yes they do, according to the linux license they have to open all of their modifications to the kernel, it doesn't say anything about The rest of the software

@@fss1704 that's what I said. Thank you for explaining it back to me.

they almost fucking leave that in blank text...

no, it has MasterLock stamped on it

"Geoff"

Ehtcee

yeah you can just rightclick -> inspect to see the code, if they use js. you cant see any php code since its executed by the webserver but in this case the js evaluates if you authenticated successfully and redirects to the firmware dl page.. so you can just go there manually since you can see the needed GET param :)

they have a new site now, with a new security scheme for the firmware. instead of a password, they want the name of your sales person. brute force attack worked pretty well here, 2 guesses and i found out that 'Mike' gets you in. it's amazing how they can even come up with such password authentication and login systems.

your jealousy is impressive lol you see, most of the viewers here don't even know what IP stands for. I do, but I'm also impressed but about how awful these firmwares are lol

@Marvin blue i would like to know how to find IP address. I just want to know how it is done. I dont need to hack something. i am interested in IT security. i never saw this concept on intermet somewhere of how to find IP of one specific hardware.

+chris kaprys oh nevermind. i missed that very quick slide that shows it's the camera's code itself that creates that line

Made in China, china has access.

Having checked it, their page still has the following bit in their source code: else if(par == 2) location.href = "prod_info.php?pid=" + pid + "&tab=4";That's a bad sign.

ye i saw that too. But the question was what i have to enter to access?

prod_info.php?pid=productid&tab=4

to make it a little easier for you: you can get the pid by brwosing to the product (in this case in the url it says :"prod_info.php?pid=11") so you already know half of the code ^^ just copy that and add "&tab=4" and there ya go

nop, as long as you have a public address you can hack the camera and use the camera as a relay to hack the router or mess up with the network.

nvm it's IDA

Google.

That's what the Shodan stuff was for. You can find internet connected devices using it.

he's just asking machines to execute code he sent.. Nothing particularly new here

is all an do that ???

Cause the shit is so old it shouldn't work anymore, but it does and it's hilarious

Decoded the configuration file...then pass command new user=root......basically escalated privelges initially as default admin

Reminds me when i gave myself root over win 10

Simulation Nomad It's terrifying how bad web sites are. The clueless contract with the unaware and put something in front of the public that's just plain awful. I've come across two monumentally bad UK government web sites this week, that have obviously been only superficially tested.

+Simulation Nomad Can you describe that to me how he could got access to the page with the &tab=4 code section. I couldnt follow him

They changed the JS, cuz it doesn't work anymore... :/