Jump to content

WiFi Security Cam's should NEVER Be used "."


echoblack
 Share

Recommended Posts

I was at the mall with my laptop and just was sniffing to see what was around.

Low and behold a Wireless network broadcasting an essid of "Security Cam"

First I though Hay, I could deauth the cam and connect it to my Pineapple but then realized there is a far more simple and harmful attack that could be done.

Just DeAuth all the Cam's !

It would be crazy simple to take down the whole Security Cam system & run a DOS on the AP. Any noob could do it. This alone is an Unacceptable security risk. Not to mention taping in and being able to see what all the security cams see. Sure having the Security Cam system broadcasting it's essid and naming it "Security Cam" is super dumb too but it could be found out anyway.

I think all WiFi Security Cams should be taken off the market do to there complete lack of "Security."

Link to comment
Share on other sites

Yes, It has WPA2-Personal. However, with an essid like that I bet the passphrase is crackable.

But that would not matter if you just want to DOS's it. Or if you have a Pineapple.....

Right, Jasager will just except any encryption the AP it is impersonating has or just tell the client that there is not need or something to that effect?

Link to comment
Share on other sites

I've never seen wifi cams being used in permenant locations, usually just used for short term basis.

Even if they had cloaked the ssid or obfuscated it by naming it bobs-wifi, you could still brute the ssid and if the wpa key is not well thought through it wouldn't take long till your in.

However these cams do have their own ip and web inteface which are password protected, in your case maybe not!

Link to comment
Share on other sites

There are a lot of wifi cams out there that do not support encryption, or they only support lower levels of encryption. You have to spend the big bucks to get the better encryption, so it's most probably the latter. Also.. Beware of Trojans! (not the viruses or the condoms) Could be a honey pot... Well either that or it could be some perv that set one up in the women's dressing rooms. If that were the case ddos'ing it would be a good semaritan service.

Link to comment
Share on other sites

  • 3 weeks later...

This is very poor practice on there behalf.

I actually work as a security technician. (Cameras, Card Readers, Wireless Duress etc) and never ever have i seen cameras been taken over Wifi.

It would be so stupid. Anyone can disconnect the entire network with a simple deauth attack and DOS all day if they wanted to.

As for cracking it, well if you got a good dictionary and they are stupid to have a lame password like "Security1" then it would be a matter of minutes before someone is in.

This reminds me, I still need to make that IP security cam article. Even if it's not wireless, if you can get on the same LAN as an IP camera it's pretty much game over.

Agreed.

We use axis network cameras and some people leave them as there default password "root" & "admin" all you need is to get your IP setup and its just that simple.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...