CoreTech Blog

CoreTech Blog

CoreTech has been serving the Bowling Green area since 2006, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Researchers Investigated Internet-Connected Surveillance Cameras, What They Found is Unbelievable

b2ap3_thumbnail_internet_of_things_presents_risk_400.jpgThere’s a reason why IT professionals think that the Internet of things is a major security discrepancy. Around 5.5 million new devices are being connected to the Internet every day, and are giving security experts a run for their money. The Internet of Things and its devices could potentially become a security hazard for businesses that aren’t prepared to protect their assets from hacks.

It’s not unheard of for users of Internet of Things devices to forget to secure them, especially in the case of security cameras. If this happens, an unsecured security camera that’s connected to the Internet can be used for some nefarious things. Lisa Vaas of Naked Security reported on a study saying that these IoT devices have plenty of security holes. Her report, “DVR snaps stills from CCTV surveillance and sends them to China,” goes into detail about findings from researchers at UK-based Pen Test Partners.

The study analyzed data from Shodan, the search engine dedicated to Internet-connected devices like buildings, smart appliances, webcams, and so much more. These researchers chose to focus on Internet-connected surveillance cameras.

Just a quick note: we want everyone who uses web-connected security cameras to know that even an average PC user can create a Shodan account and use it to search for, access, view, and control unsecured cameras. We weren’t sure how well this works, but it definitely does. Take a moment to view these stills from random surveillance cameras that we came across on Shodan:

ib spy1

ib spy2

ib spy3

ib spy4

These are just a couple of random shots that we came across. There might not be much going on here, but one thing we do know, monitoring strangers in their homes is certainly unethical. These cameras are just random ones that we stumbled upon. However, Shodan has been criticized for giving its users easy access to cameras that are sensitive in nature. Vocativ cites findings by Ars Technica:

These webcams show feeds from sensitive locations like schools, banks, marijuana plantations, labs and babies’ rooms. Shodan members who pay the $49 monthly fee can search the full feed at images.shodan.io. A Vocativ search of some of the most recently added images shows offices, school, porches and the interior of people’s homes. Accompanying each of these grabs is a pinned map that shows the location of the device capturing that footage.

If you’re still not sold on how creepy and intrusive this whole concept is, let’s go back and take a closer look at the first study we mentioned by Pen Test Partners. Vass reports:

The device also has no Cross-Site Request Forgery (CSRF) protection, so attackers can trick users into clicking on links to carry out malicious actions; it has no lock-out, so attackers can guess as many passwords as they like; it sends communications without HTTPS that can be intercepted and tampered with; and there’s no firmware updates, so “you’re stuck with these issues,” Pen Test Partners said. But weirdest of all, the thing is capturing still images from video feeds and emailing them to an address that appears to be hosted in China.

Why exactly are surveillance images being sent to China? This is a question that Pen Test Partners was never able to answer. Rather than speculate on what’s going on here, we’re going to take the objective road and attempt to address the real problem: the fact that surveillance cameras are unsecured in the first place.

If your organization needs assistance with securing your Internet-connected devices, CoreTech can help. We can help you understand how Internet of Things devices work, and what you can do to ensure that maximum security for your network. To learn more, give us a call at (270) 282-4926.

Tip of the Week: Access Windows 10 Safe Mode for P...
New Technology From LG Lets You See What a Bowling...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Tuesday, 17 December 2024

Captcha Image

About CoreTech

CoreTech has been serving the Kentucky area since 2006, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses. Our experience has allowed us to build and develop the infrastructure needed to keep our prices affordable and our clients up and running.

get a free quote

Recent News

Last week, we discussed why X—the social media network once known as Twitter—has been losing many users. Here, we wanted to direct those seeking a move to consider the up-and-coming platform known as Bluesky in case you were one of those jumping ship...

Contact Us

1711 Destiny Lane Suite 116
Bowling Green, Kentucky 42104

Mon to Fri 8:00am to 5:00pm

[email protected]

(270) 282-4926


Nashville Managed IT
Louisville and Lexington Managed IT
Bowling Green Managed IT
Clarksville Managed IT