1. Forum
  2. Fsxnet Message
  3. FSX GEN

  • IP Camera Privacy

    From Warpslide@21:3/110 to All on Tuesday, June 29, 2021 09:16:59
    Hi All,

    I saw this article this morning which really gets you thinking:

    "Private moments captured on home security cameras being live streamed again on website" - https://bit.ly/2ThW6bt

    In the article they go on to explain how people are installing cameras both indoors & outdoors, seeing that they work and leaving it at that. What they fail to realize is without a password (or using the default password) ANYONE on the open internet can also see your video feed. If you have cameras in your home, or know of someone who does, you may want to make sure these cameras are password protected.

    Browsing through the site, there are some big name cameras in the list: Linksys, D-Link, Panasonic, Canon, Bosch so it doesn't seem to be related to "off brands" but rather a problem at large. Some of these cameras seem benign and are pointed at bird nests, public streets, waterfronts, etc. while others are a little more invasive, such as "security" cameras pointed at cash registers, cameras watching people getting their hair cut, others watching an elderly person in their room (with a commode toilet in frame) as well as baby cribs.

    The website has a FAQ section:

    Q: How to remove my camera from this site
    A: If you want to leave your surveillance camera public accessible but want to remove it from this site send the URL of your camera to email from contacts section. But remember that your camera still will be available to all internet users that use surveillance camera search software and sites like Shodanhq.com. The only solution to make your camera private is to set up a password!

    It looks like there is a grass roots movement to locate the people listed on this website and make them aware that their cameras are unsecured and listed on a website for anyone to gawk at them. If you're interested in tracking down some of these people, just google that FAQ question to find the website and you can browse by country. There are currently 273 cameras listed in Canada, more than 4300 in the states, 64 in Oz & 25 in NZ.


    Jay

    ... I'm famous. That's my job.

    --- Mystic BBS v1.12 A47 2021/06/28 (Raspberry Pi/32)
    * Origin: Northern Realms (21:3/110)
  • From Ogg@21:4/106.21 to Warpslide on Tuesday, June 29, 2021 09:43:00
    Hello Warpslide!

    ** On Tuesday 29.06.21 - 09:16, Warpslide wrote to All:

    I saw this article this morning which really gets you
    thinking:

    "Private moments captured on home security cameras being
    live streamed again on website" - https://bit.ly/2ThW6bt


    WHY do manuafacturers allow this in their devices? It would
    seem to me to be a simple matter to "detect" the reset un and
    pw (as hashes?), and if those two match then do not broadcast.

    The device could also go so far as to force specific conditions
    on the pw.


    --- OpenXP 5.0.50
    * Origin: (} Pointy McPointFace (21:4/106.21)
  • From Warpslide@21:3/110 to Ogg on Tuesday, June 29, 2021 09:54:53
    On 29 Jun 2021, Ogg said the following...

    WHY do manuafacturers allow this in their devices? It would
    seem to me to be a simple matter to "detect" the reset un and
    pw (as hashes?), and if those two match then do not broadcast.

    The device could also go so far as to force specific conditions
    on the pw.

    I agree, it should be part of the setup process to force the user to set a password, while also not allowing weak ones like Password123.

    This wouldn't be so bad if it was available only on the local network, but they're also using UPNP to punch a hole in your firewall to make it accessible to the public internet.


    Jay

    ... Never try to out-stubborn a cat.

    --- Mystic BBS v1.12 A47 2021/06/28 (Raspberry Pi/32)
    * Origin: Northern Realms (21:3/110)
  • From DustCouncil@21:1/227 to Ogg on Tuesday, June 29, 2021 16:23:28
    WHY do manuafacturers allow this in their devices? It would
    seem to me to be a simple matter to "detect" the reset un and
    pw (as hashes?), and if those two match then do not broadcast.

    I've wondered this myself, but in particular, I've wondered this about SOHO WiFi Routers, the sort almost everyone has, which have file-sharing capabilities and an FTP server built in. People plug in flash drives or portable hard drives with the intent of sharing to others in their home.

    The net is full of people who think they're sharing locally but are sharing
    out to the whole world. People have scans of passports, bills, bank statements, tax data, birth certificates, photographs, and all manner of personal material they think they're sharing to their household, but which is shared out to the Internet.

    Some years ago I got curious about these old FTP sites at universities and
    the like with old data stretching back to the 1980s (University of Toronto's
    is quite a masterpiece). That one had the original analysis of Morris Worm with the original timestamp on it.

    In searching for more of these I found countless FTP sites running out of people's homes - people obviously unaware they were sharing this stuff with
    the Net generally. Most of these are set up with anonymous logins, or simply never send a login or password prompt; you're just dumped right at the main directory.

    Likewise with security cameras. I keep getting the sense that security and privacy are just *no concern at all* for these companies, and while I can forgive a mistake or bug, it increasingly seems like they spend no effort at all on making these systems secure out-of-the-box, or, at least, displaying warnings when people turn on features which share out to the Internet at
    large.

    --- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
    * Origin: Shipwrecks & Shibboleths [San Francisco, CA - USA] (21:1/227)
  • From Arelor@21:2/138 to Warpslide on Tuesday, June 29, 2021 14:35:51
    Re: IP Camera Privacy
    By: Warpslide to All on Tue Jun 29 2021 09:16 am

    Hi All,

    I saw this article this morning which really gets you thinking:

    "Private moments captured on home security cameras being live streamed again on
    website" - https://bit.ly/2ThW6bt

    In the article they go on to explain how people are installing cameras both indoors
    outdoors, seeing that they work and leaving it at that. What they fail to realize
    without a password (or using the default password) ANYONE on the open internet can
    also see your video feed. If you have cameras in your home, or know of someone who
    does, you may want to make sure these cameras are password protected.

    Browsing through the site, there are some big name cameras in the list: Linksys,
    D-Link, Panasonic, Canon, Bosch so it doesn't seem to be related to "off brands" bu
    rather a problem at large. Some of these cameras seem benign and are pointed at bi
    nests, public streets, waterfronts, etc. while others are a little more invasive, s
    as "security" cameras pointed at cash registers, cameras watching people getting th
    hair cut, others watching an elderly person in their room (with a commode toilet in
    frame) as well as baby cribs.

    The website has a FAQ section:

    Q: How to remove my camera from this site
    A: If you want to leave your surveillance camera public accessible but want to remo
    it from this site send the URL of your camera to email from contacts section. But
    remember that your camera still will be available to all internet users that use
    surveillance camera search software and sites like Shodanhq.com. The only solution
    make your camera private is to set up a password!

    It looks like there is a grass roots movement to locate the people listed on this
    website and make them aware that their cameras are unsecured and listed on a websit
    for anyone to gawk at them. If you're interested in tracking down some of these
    people, just google that FAQ question to find the website and you can browse by
    country. There are currently 273 cameras listed in Canada, more than 4300 in the
    states, 64 in Oz & 25 in NZ.


    Jay

    ... I'm famous. That's my job.

    Aaaaaaaand that is one of the reasons why I don't install consumer-grade cameras on my
    premises.

    Actually I trust myself to secure them with a password, but it it still seems easy to
    make some mistake and leak your videofeed.

    I often think of placing a camera in the barnyard to check what my horses are doing
    while I am away, but I'd hate it to let their privacy violated by a badly secured
    camera which leaked the videofeed to some chinesse cracker.

    --
    gopher://gopher.richardfalken.com/1/richardfalken
    --- SBBSecho 3.14-Linux
    * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)
  • From paulie420@21:2/150 to Warpslide on Tuesday, June 29, 2021 20:32:31
    Hi All,
    I saw this article this morning which really gets you thinking:

    "Private moments captured on home security cameras being live streamed again on website" - https://bit.ly/2ThW6bt

    In the article they go on to explain how people are installing cameras both indoors & outdoors, seeing that they work and leaving it at that. What they fail to realize is without a password (or using the default password) ANYONE on the open internet can also see your video feed. If you have cameras in your home, or know of someone who does, you may want to make sure these cameras are password protected.

    w0w, AGAIN. People will never learn - so many cheap China cameras that still have vulnerabilities AND the big tech stuff that have unpatched issues.... it keep reoccurring and.... w0w.

    ... Unzip... expand... What kind of pervert came up with this?



    |07p|15AULIE|1142|07o
    |08.........

    --- Mystic BBS v1.12 A47 2021/06/21 (Raspberry Pi/32)
    * Origin: 2o fOr beeRS bbs>>>20ForBeers.com:1337 (21:2/150)