do a quick search on google using the webcam model number to see if theres an exploit.
Sudden and unexplained webcam traffic
I don't know if this topic belongs here, you can flame me if it doesn't. Anyways, I have a question regarding webcams.
About two weeks ago all the surveillance webcams in my university received traffic reaching over more then 20MB/s,
which stayed that high for about a week. Now if thats not alarming enough, the same week we got port scans which led
back to Korea. Does anybody have an idea what hackers could possible send to a webcam that needs such a connection?
do a quick search on google using the webcam model number to see if theres an exploit.
Every so often, someone in the media rehashes the Google "hacks" that allow access to the web-based consoles that control some video cameras. In fact, just recently another such news story was published. It could be likely that this was the case.Originally Posted by Adar Ree
My guess is that if a site allows console access to their webcams, someone will look for other such weaknesses through port scans and other enumeration techniques. In other words, the reasoning would be that if your site has one weakness it is likely to have others that could be exploited.
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
If your webcams were not meant for public usage, then they either be on their own VLAN, segregated from the internet, or be behind their own firewall, where only those that are meant to see them can see them. Mixing public and private devices on the same network is just asking for trouble.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
And what if the webcams can't be accessed through a browser? You need special software installed on your computer to acces the cameras. I don't know the exact model name, so I dont know if it allows both browser and software control, I'l go check that tomorrow.
Even if it isn't accessible through a WebBrowser, as long as it's on the network it's receiving commands via TCP traffic. If the cameras require no authentication to receive commands, then the traffic could be spoofed and made to appear to come from control software.
As I said before, if these cameras were not meant to be viewed by the public, they should be segregated from the rest of the network. Proper network design should be implemented.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
If it is "receiving" 20MB/s that's pretty messed up. My guesses would be:
1) Someone is trying to do some kind of over-ride/spoof on the actual video feed.
2) Someone (or some group) is trying to DoS the camera.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
(Sorry for the late response)
These network cameras do not provide browser support. You need special software installed to use it.
My guess is that it's probably malicious, and that somebody is trying to use them as some kind of backdoor.
I don't know what Thorin means with override/spoof, but a scenario where hackers are trying to mask
some kind of virus as video footage from those cameras so that it gets stored on the main server doesn't
seem that far fetched (correct me if I'm wrong), especially because the scanned ports concerned VNC ones.
I meant perhaps someone is trying to replace the actual video feed with different video. Perhaps a previously attained loop (so that they can playback footage with no activity while they do something they should), perhaps some completely different video (to make you think your system is totally FUBAR), or perhaps they're trying to insert something into the live footage (like: http://news.bbc.co.uk/2/hi/europe/7171374.stm) into the live feed.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Do you have any idea if theres something to read up on about this?
Posting Permissions