WiFi Security Cam's should NEVER Be used "."

[echoblack]

I was at the mall with my laptop and just was sniffing to see what was around.

Low and behold a Wireless network broadcasting an essid of "Security Cam"

First I though Hay, I could deauth the cam and connect it to my Pineapple but then realized there is a far more simple and harmful attack that could be done.

Just DeAuth all the Cam's !

It would be crazy simple to take down the whole Security Cam system & run a DOS on the AP. Any noob could do it. This alone is an Unacceptable security risk. Not to mention taping in and being able to see what all the security cams see. Sure having the Security Cam system broadcasting it's essid and naming it "Security Cam" is super dumb too but it could be found out anyway.

I think all WiFi Security Cams should be taken off the market do to there complete lack of "Security."

[dr0p]

This network didn't have any kind of protection on it?

[echoblack]

Yes, It has WPA2-Personal. However, with an essid like that I bet the passphrase is crackable.

But that would not matter if you just want to DOS's it. Or if you have a Pineapple.....

Right, Jasager will just except any encryption the AP it is impersonating has or just tell the client that there is not need or something to that effect?

[Sud0x3]

I've never seen wifi cams being used in permenant locations, usually just used for short term basis.

Even if they had cloaked the ssid or obfuscated it by naming it bobs-wifi, you could still brute the ssid and if the wpa key is not well thought through it wouldn't take long till your in.

However these cams do have their own ip and web inteface which are password protected, in your case maybe not!

[echoblack]

Hum, I'd like to do just a little more research on them. Just to find out more facts. Here in Hawaii everyone uses Aloha, Shaka, Hawaii, Pineapple, in there passwords. It is crazy easy to crack passwords out here :P

Aloha + some #'s is Huge seemingly 20% of passwords

[h3%5kr3w]

There are a lot of wifi cams out there that do not support encryption, or they only support lower levels of encryption. You have to spend the big bucks to get the better encryption, so it's most probably the latter. Also.. Beware of Trojans! (not the viruses or the condoms) Could be a honey pot... Well either that or it could be some perv that set one up in the women's dressing rooms. If that were the case ddos'ing it would be a good semaritan service.

[Dаrren Kitchen]

This reminds me, I still need to make that IP security cam article. Even if it's not wireless, if you can get on the same LAN as an IP camera it's pretty much game over.

[The Game]

This is very poor practice on there behalf.

I actually work as a security technician. (Cameras, Card Readers, Wireless Duress etc) and never ever have i seen cameras been taken over Wifi.

It would be so stupid. Anyone can disconnect the entire network with a simple deauth attack and DOS all day if they wanted to.

As for cracking it, well if you got a good dictionary and they are stupid to have a lame password like "Security1" then it would be a matter of minutes before someone is in.

This reminds me, I still need to make that IP security cam article. Even if it's not wireless, if you can get on the same LAN as an IP camera it's pretty much game over.

Agreed.

We use axis network cameras and some people leave them as there default password "root" & "admin" all you need is to get your IP setup and its just that simple.

[theSuperman]

This network didn't have any kind of protection on it?

Encryption or not, sending out deauth packets every second will prevent the wifi camera from connecting back to its AP.

[Whig]

One problem with WiFi Security cam's is also that they are so easy to jam with Wifi Jammer.

Of course there is also wireless camera without anykind of protection:

http://en.wikipedia.org/wiki/WarViewing