My parents thought I was in tinfoil hat territory when my first was born and I declined a baby monitor that they bought that only worked online. This sucks for all of these victims. So many lives...
My parents thought I was in tinfoil hat territory when my first was born and I declined a baby monitor that they bought that only worked online.
This sucks for all of these victims. So many lives messed up, even if hopefully temporarily, for what a quick search says is less than an average year's salary.
More frustrating is that there’s no need for it to be this way. Sure, no security is perfect, but if there were widespread remote exploits allowing access to our phone cameras there’d be absolute...
More frustrating is that there’s no need for it to be this way. Sure, no security is perfect, but if there were widespread remote exploits allowing access to our phone cameras there’d be absolute outcry.
I still get frustrated with the lax security we see on some big name platforms, but at least they normally made an attempt. A ton of embedded electronics manufacturers just seem to shrug and ignore the question entirely.
The Anker situation with their Eufy products really ground my gears. They denied and denied and deflected until the weight of evidence was so great before issuing some 'sorry you were upset'...
The Anker situation with their Eufy products really ground my gears. They denied and denied and deflected until the weight of evidence was so great before issuing some 'sorry you were upset' apology.
Never touched an Anker product since. Skeevy way to do business.
Ugh, yeah, that was so frustrating. And again, literally no reason for it - even if the original mistake was down to genuine ignorance, the cost to hire a couple of decent devs to fix it would...
Ugh, yeah, that was so frustrating. And again, literally no reason for it - even if the original mistake was down to genuine ignorance, the cost to hire a couple of decent devs to fix it would have been what, equivalent to a few minutes of revenue at their scale? A major opportunity for them to learn and improve completely went to waste because apparently someone's ego outweighed everything else. And I had the mild inconvenience of needing to find a different supplier for decent quality cables and chargers, which I think we all know is the real crime here!
The almost universal trend towards really, really, really terrible software and firmware in small electronics does make me wonder why they don't embrace open source a bit more. I get that the incentives are a little more skewed in the IoT world, where they want to harvest data and lock you into their cloud ecosystem, but I see it even in otherwise high quality and fairly specialist stuff that I buy from China as well, for products where those incentives don't exist at all.
I'm not naive enough to think that openness is much of a selling point to most consumers (sadly), but I do genuinely wonder what motivates some manufacturers to spend money on proprietary development of absolute shit software that drags down otherwise capable hardware, when they could publish a barebones spec or reference implementation and have the community jump at the chance to build them something decent for free.
Oh man I remember a long time ago there used to be a site that had whole pages of unsecured IP cams. They were almost all things like weather cams or random security cameras, but it makes me...
Oh man I remember a long time ago there used to be a site that had whole pages of unsecured IP cams. They were almost all things like weather cams or random security cameras, but it makes me wonder if there was more disturbing stuff like this on there.
Technological ignorance and dependence is a dangerous thing, it's far too easy to be trusting or even unaware about these kinds of vulnerabilities.
I think it was Insecam but it's been so long I can't remember. It was on a reddit thread like 10+ years ago. Looks like it's still up but the site seems a little sketchy now with weird ads, so I...
I think it was Insecam but it's been so long I can't remember. It was on a reddit thread like 10+ years ago. Looks like it's still up but the site seems a little sketchy now with weird ads, so I don't know if it's even the same one.
There are features offered under the paid subscription, but the base service is free; you can do comprehensive searches and find open cameras without even logging in. Most of the results are...
There are features offered under the paid subscription, but the base service is free; you can do comprehensive searches and find open cameras without even logging in. Most of the results are security cameras, but every now and then you stumble upon someone's bedroom. It's quite creepy.
I worked for a company that installed security cameras and it really drove me nuts how insecure they were set up and the owner was somewhat cognizant of the issue but one of the problems is that...
I worked for a company that installed security cameras and it really drove me nuts how insecure they were set up and the owner was somewhat cognizant of the issue but one of the problems is that it's just a race to the bottom. Installing cheap chinese hardware with trash firmware/software was seen as necessary because if 'we' (the company I worked for) didn't do it, competitors would do it and get the sale/job. I tried to insist on better security practices for the equipment we were using but the management at that company was nearly non-existent and lacked any ability to exert such a setup process that would be needed to overcome the poor firmware and software of the equipment. We were using rebadged Hikvision equipment.
And I know for a fact there were cameras installed inside homes that customers wanted, primarily in the living room areas but also in some other areas though typically the owner of the company would refuse to install in bedrooms. A couple times parents wanted cameras installed inside their kids bedrooms which at the very least they refused to do.
The worst part about that is, the passwords for basically all camera systems installed at all customer systems was the same. The Hikvision systems had no management user layer generally, like there were certain things you could only do with the hardcoded admin account and if you were a security company wanting to provide a higher level of customer service to customers you needed this admin account, but that also meant you had access to all the camera footage. So combined with the atrocious password management, this meant technicians or really anyone working at the company had full access to nearly every single camera system the company installed, including some systems that customers had cameras installed inside their homes. And the password was not all that complex, so if I had to guess that password is in a ton of databases for security cameras and people across the world could likely easily access them.
Ironically this made some cloud-controlled security camera services more secure within this context, because they could be more easily configured for better security. These services were intended for a middle-man security company which meant the software was built in such a way to satisfy the needs of the middle-man to provide service and shield the company from liability by limiting their access unless the customer explicitly approved it. The ones we used at that company were through Alarm.com and its subsidiary OpenEye.
Wow, super interesting. Not sure about the rest of the west, but Hikvision was banned in Canada last year. I still have a few in my rotation at home, but the camera passwords have been changed,...
Wow, super interesting. Not sure about the rest of the west, but Hikvision was banned in Canada last year. I still have a few in my rotation at home, but the camera passwords have been changed, they run off of a Blue Iris PC and are not accessible unless you've got the password to the web forwarding service I belong to.
It's been a crazy process figuring out how these work and I probably still have security vulnerabilities.
Did you have run ins with EZViz cameras? I've enjoyed the couple of cameras if have from them but am always wary of tech that I don't control directly.
I think maybe one time I dealt with EZViz but not extensively. I would be way more wary of anything purely cloud based, not necessarily just for security or privacy reasons but because I don't...
I think maybe one time I dealt with EZViz but not extensively. I would be way more wary of anything purely cloud based, not necessarily just for security or privacy reasons but because I don't trust the devices to not become paperweights or trust the company not to leverage the possibility of making the devices paperweights unless you pay an exorbitant monthly fee.
Hikvision was also restricted in the US, but from what I recall it was predominantly on federal government properties and the company I worked for didn't do any government projects so that was never an issue.
One of the other notable issues with Hikvision and restrictions in the US is that Hikvision was not offering their cloud management service in the US, which was meant to be a solution for middle man security companies. In theory it would have limited many, but not all, of the security issues that we were encountering with those systems, but I think they were concerned about legal issues so they intentionally excluded the US from the service. They also chose to remove their app from the Google Play Store which made installation of the app more annoying on customer devices since it had to be sideloaded, which is yet another potential security issue because these customers would otherwise have never encountered a reason to sideload anything on their phone in all likelihood.
I wouldn't have necessarily had an issue with using their cameras if they were segmented on an outbound restricted vlan behind a recording system like an NVR or PC running Blue Iris, but I'd never choose to expose them to the internet on my own. And even my recording system I would not expose, I personally use Tailscale to access all my self-hosted services.
What really bothered me is that those cameras were absolutely much cheaper and easier to acquire than many other cameras of more reputable places. Like comparing Hikvision to Hanwha or Axis etc., the prices for the reputable brands were absolutely outrageous by comparison. Now one could easily argue that there's a reason the price of one is so much lower and that it means there is something nefarious about them, but in any case it still made it a very hard pill to swallow to go with more high-end reputable brands when a camera with certain specs from Hikvision could be $150 while a similar spec camera from another brand would be $800.
Wow, that's so informative. If it's not clear to the world already, discounted, government subsidized tech for cheap is absolutely a scorched earth operation with the potential for spying. Raze...
Wow, that's so informative. If it's not clear to the world already, discounted, government subsidized tech for cheap is absolutely a scorched earth operation with the potential for spying.
Raze the competition landscape with cheap cameras and $6000 electric cars and throw the switch when there's no alternative. China created capitalism's poison pill and we're all taking it happily.
I remember when I jail broke my iPhone 4, I found an ipcam viewer app on the Cydia app store. Never saw anything explicit or inherently “private”, but it was still crazy that I could look at some...
I remember when I jail broke my iPhone 4, I found an ipcam viewer app on the Cydia app store. Never saw anything explicit or inherently “private”, but it was still crazy that I could look at some warehouse loading docks in real time.
Oh no no no no no The other ones aside from home, people probably not getting naked in a karaoke or Pilates classroom. But the GYN's feel so much worse because women aren't even happy to be there...
Locations of cameras hacked in the country reportedly included private homes, karaoke rooms, a pilates studio and a gynaecologist's clinic.
Oh no no no no no
The other ones aside from home, people probably not getting naked in a karaoke or Pilates classroom. But the GYN's feel so much worse because women aren't even happy to be there and are necessary, invasive and often painful visits.
But am also wondering if this is happening in every country, and only South Korea police are bothering to investigate
As a non-purveyor, I ask without judgement, what? Like videos that label themselves as hacked cams of individuals not consenting to the recording and its upload?
As a non-purveyor, I ask without judgement, what? Like videos that label themselves as hacked cams of individuals not consenting to the recording and its upload?
More like edited clips of the "best" bits with people and camera angles that are clearly not actors or staged spaces. They aren't saying "This is stolen footage."
More like edited clips of the "best" bits with people and camera angles that are clearly not actors or staged spaces. They aren't saying "This is stolen footage."
Aside from sketchy nature of finding this kind of stuff, isn't that also boring and or risky for viewers? There could be nothing all day, or there could be kids O..O
Aside from sketchy nature of finding this kind of stuff, isn't that also boring and or risky for viewers? There could be nothing all day, or there could be kids O..O
My parents thought I was in tinfoil hat territory when my first was born and I declined a baby monitor that they bought that only worked online.
This sucks for all of these victims. So many lives messed up, even if hopefully temporarily, for what a quick search says is less than an average year's salary.
Yeah. About IOT services, the question isn’t if they can be hacked - it’s when.
Yep. As ever, the S in IOT stands for security.
I really like this phrase. Thank you.
More frustrating is that there’s no need for it to be this way. Sure, no security is perfect, but if there were widespread remote exploits allowing access to our phone cameras there’d be absolute outcry.
I still get frustrated with the lax security we see on some big name platforms, but at least they normally made an attempt. A ton of embedded electronics manufacturers just seem to shrug and ignore the question entirely.
The Anker situation with their Eufy products really ground my gears. They denied and denied and deflected until the weight of evidence was so great before issuing some 'sorry you were upset' apology.
Never touched an Anker product since. Skeevy way to do business.
Ugh, yeah, that was so frustrating. And again, literally no reason for it - even if the original mistake was down to genuine ignorance, the cost to hire a couple of decent devs to fix it would have been what, equivalent to a few minutes of revenue at their scale? A major opportunity for them to learn and improve completely went to waste because apparently someone's ego outweighed everything else. And I had the mild inconvenience of needing to find a different supplier for decent quality cables and chargers, which I think we all know is the real crime here!
The almost universal trend towards really, really, really terrible software and firmware in small electronics does make me wonder why they don't embrace open source a bit more. I get that the incentives are a little more skewed in the IoT world, where they want to harvest data and lock you into their cloud ecosystem, but I see it even in otherwise high quality and fairly specialist stuff that I buy from China as well, for products where those incentives don't exist at all.
I'm not naive enough to think that openness is much of a selling point to most consumers (sadly), but I do genuinely wonder what motivates some manufacturers to spend money on proprietary development of absolute shit software that drags down otherwise capable hardware, when they could publish a barebones spec or reference implementation and have the community jump at the chance to build them something decent for free.
Oh man I remember a long time ago there used to be a site that had whole pages of unsecured IP cams. They were almost all things like weather cams or random security cameras, but it makes me wonder if there was more disturbing stuff like this on there.
Technological ignorance and dependence is a dangerous thing, it's far too easy to be trusting or even unaware about these kinds of vulnerabilities.
This is still a thing https://www.shodan.io/.
paid service.
maybe camhacker.com? pentopia.com?
I think it was Insecam but it's been so long I can't remember. It was on a reddit thread like 10+ years ago. Looks like it's still up but the site seems a little sketchy now with weird ads, so I don't know if it's even the same one.
This a cool one of a Japanese solar farm. http://www.insecam.org/en/view/1010777/
Or this one of some French cows chilling
http://www.insecam.org/en/view/1010215/
There are features offered under the paid subscription, but the base service is free; you can do comprehensive searches and find open cameras without even logging in. Most of the results are security cameras, but every now and then you stumble upon someone's bedroom. It's quite creepy.
I worked for a company that installed security cameras and it really drove me nuts how insecure they were set up and the owner was somewhat cognizant of the issue but one of the problems is that it's just a race to the bottom. Installing cheap chinese hardware with trash firmware/software was seen as necessary because if 'we' (the company I worked for) didn't do it, competitors would do it and get the sale/job. I tried to insist on better security practices for the equipment we were using but the management at that company was nearly non-existent and lacked any ability to exert such a setup process that would be needed to overcome the poor firmware and software of the equipment. We were using rebadged Hikvision equipment.
And I know for a fact there were cameras installed inside homes that customers wanted, primarily in the living room areas but also in some other areas though typically the owner of the company would refuse to install in bedrooms. A couple times parents wanted cameras installed inside their kids bedrooms which at the very least they refused to do.
The worst part about that is, the passwords for basically all camera systems installed at all customer systems was the same. The Hikvision systems had no management user layer generally, like there were certain things you could only do with the hardcoded admin account and if you were a security company wanting to provide a higher level of customer service to customers you needed this admin account, but that also meant you had access to all the camera footage. So combined with the atrocious password management, this meant technicians or really anyone working at the company had full access to nearly every single camera system the company installed, including some systems that customers had cameras installed inside their homes. And the password was not all that complex, so if I had to guess that password is in a ton of databases for security cameras and people across the world could likely easily access them.
Ironically this made some cloud-controlled security camera services more secure within this context, because they could be more easily configured for better security. These services were intended for a middle-man security company which meant the software was built in such a way to satisfy the needs of the middle-man to provide service and shield the company from liability by limiting their access unless the customer explicitly approved it. The ones we used at that company were through Alarm.com and its subsidiary OpenEye.
Wow, super interesting. Not sure about the rest of the west, but Hikvision was banned in Canada last year. I still have a few in my rotation at home, but the camera passwords have been changed, they run off of a Blue Iris PC and are not accessible unless you've got the password to the web forwarding service I belong to.
It's been a crazy process figuring out how these work and I probably still have security vulnerabilities.
Did you have run ins with EZViz cameras? I've enjoyed the couple of cameras if have from them but am always wary of tech that I don't control directly.
I think maybe one time I dealt with EZViz but not extensively. I would be way more wary of anything purely cloud based, not necessarily just for security or privacy reasons but because I don't trust the devices to not become paperweights or trust the company not to leverage the possibility of making the devices paperweights unless you pay an exorbitant monthly fee.
Hikvision was also restricted in the US, but from what I recall it was predominantly on federal government properties and the company I worked for didn't do any government projects so that was never an issue.
One of the other notable issues with Hikvision and restrictions in the US is that Hikvision was not offering their cloud management service in the US, which was meant to be a solution for middle man security companies. In theory it would have limited many, but not all, of the security issues that we were encountering with those systems, but I think they were concerned about legal issues so they intentionally excluded the US from the service. They also chose to remove their app from the Google Play Store which made installation of the app more annoying on customer devices since it had to be sideloaded, which is yet another potential security issue because these customers would otherwise have never encountered a reason to sideload anything on their phone in all likelihood.
I wouldn't have necessarily had an issue with using their cameras if they were segmented on an outbound restricted vlan behind a recording system like an NVR or PC running Blue Iris, but I'd never choose to expose them to the internet on my own. And even my recording system I would not expose, I personally use Tailscale to access all my self-hosted services.
What really bothered me is that those cameras were absolutely much cheaper and easier to acquire than many other cameras of more reputable places. Like comparing Hikvision to Hanwha or Axis etc., the prices for the reputable brands were absolutely outrageous by comparison. Now one could easily argue that there's a reason the price of one is so much lower and that it means there is something nefarious about them, but in any case it still made it a very hard pill to swallow to go with more high-end reputable brands when a camera with certain specs from Hikvision could be $150 while a similar spec camera from another brand would be $800.
Wow, that's so informative. If it's not clear to the world already, discounted, government subsidized tech for cheap is absolutely a scorched earth operation with the potential for spying.
Raze the competition landscape with cheap cameras and $6000 electric cars and throw the switch when there's no alternative. China created capitalism's poison pill and we're all taking it happily.
I remember when I jail broke my iPhone 4, I found an ipcam viewer app on the Cydia app store. Never saw anything explicit or inherently “private”, but it was still crazy that I could look at some warehouse loading docks in real time.
Oh no no no no no
The other ones aside from home, people probably not getting naked in a karaoke or Pilates classroom. But the GYN's feel so much worse because women aren't even happy to be there and are necessary, invasive and often painful visits.
But am also wondering if this is happening in every country, and only South Korea police are bothering to investigate
I’ve noticed an uptick in these kind of videos on “normal” porn sites for a while now so I think it’s safe to say it does.
As a non-purveyor, I ask without judgement, what? Like videos that label themselves as hacked cams of individuals not consenting to the recording and its upload?
More like edited clips of the "best" bits with people and camera angles that are clearly not actors or staged spaces. They aren't saying "This is stolen footage."
Aside from sketchy nature of finding this kind of stuff, isn't that also boring and or risky for viewers? There could be nothing all day, or there could be kids O..O
Basically yes. I have no idea how to tell if they’re legit or fakes but the “genre” seems to be on the rise.