Car Hacking: More likely to be done by a mechanic than by a hacker
infosec

Car Hacking: More likely to be done by a mechanic than by a hacker

When we talk about car hacking, it comes to mind a hacker who gets remote access to the car system ...
Read More
infosec

Sri Lanka: Blocks access to social media

The government of Sri Lanka has temporarily blocked access to various social media services following deadly explosions that erupted ...
Read More
infosec tweaks

How to hack networks with Wi-Fi passwords

Probably you have a Wi-Fi network in your home or stay close to one (or more) that appears in ...
Read More
infosec tweaks

What is Social Engineering, what are its techniques and how to protect yourself?

Social Engineering is the term used for a wide range of malicious activities that are accomplished through human interactions. Uses the ...
Read More
infosec tweaks

Cryptocurrency: Ways to Enhance Your Privacy

Privacy and privacy on the internet are of great importance. It is not enough to take one or two measures to protect ...
Read More
Latest Posts

[EXCLUSIVE] Greek webcam (if) security expose citizens!

About 780 webcam was identified by the research of SecNews and iGuru, in the Greek cyberspace, where everyone can watch the daily lives of thousands of Greek citizens!

camera3

Many have wondered how secure our cameras are at work or in our personal space or how easy it would be for someone to gain access without their owners knowing it.

Without wishing to scare our readers, the short answer to the question is:

It is extremely easy for anyone to access and control or watch your cameras!

At times they have seen the light of publicity cases of unauthorized access on webcam exposed personal moments of innocent citizens while impressed the way of protection the founder of Facebook Mark Zuckerberg in the camera and microphone of the personal computer!

THE RESEARCH

camera4

The question raised in the middle of summer in SecNews's technology and journalistic team was "How exposed are we to Greece regarding our webcam security?"

SecNews in working with iGuru, in the context of informing the community, conducted a deep 2 month-long journalistic research recording the entire Greek cyberspace in an effort to identify weaknesses. In the first part of our research (which we publish today) we focused on publicly exposed cameras.

The way the relevant information was collected and evaluated was:

  • Home scanning of the Greek cyberspace (in all published IP addresses)
  • Importing the data set into a database (MongoDB)
  • Optimized scanning only of active webcam exposure addresses [specific doors, specific URLs - specific users with full rights]
  • Create automated python code to use default Access Passwords and access test to the found IP addresses
  • Create / configure relevant webapp to search for active + port ports depending on the exposed user's IP address.

webcam exposed

[Editors Note: The base we created is updated 3 times a week automated and is already being used for additional investigations of exposed servers and terminals, items that we will publish in the future]

It is worth mentioning that the process followed (beyond the programming side of the configuration) was particularly easy and can be done by ANY user of the internet with basic network knowledge and minimal programming.

This in itself makes the findings even more important and dangerous for the community as they do not need any specialized knowledge or hacking skills to get access to the webcam we mention and therefore everyone with minimal knowledge can watch exposed cameras !!

It is our delight that SecNews is working with its team friendly iGuru technology website, conducted for the first time a pan-Hellenic Independent Insecurity Detection Research (the first and only one that has been done in Greece on a massive scale, accurately and at such a level).

the findings

chamber

All of the findings raised particular concern among SecNews researchers who organized the research. The most alarming feature is the fact that the overwhelming majority (96%) of camera owners are unaware that they are exposed or can monitor any of their stores or companies. Specifically:

  1. All of the findings are about incorrectly configured webcam webcams.
  2. A large part of the research has identified incorrectly parameterized AVTECH cameras. It is not due to a failure of the camera itself, but to installers who did not change the default Access Passwords.
  3. Installers or companies that have installed closed circuits and carry the COMPLETE LIABILITY have left online access enabled AND with admin / admin default admin. Certainly we will have to look for responsibilities from the owners of these devices.
  4. Therefore, anyone who knows the IP address and the admin / admin port has full access to closed-circuit TVs with the ability to change settings, even changing the camera's PTZ look-alike!
  5. Additionally, as we have seen, in many cases the cameras are placed over stores, hotels or employees in such a place that enables the PIN code entry PIN to enter even the business e-mail passwords or corporate applications

You can see a sample below:

The Greek Webcam Exposed

It would be frivolous to publish the complete webcam list with the IP addresses we have at our disposal. If we opted for the IP addresses to be published, there was a fear of being used by malicious users, without the owner of the cameras, for a variety of purposes, but also for monitoring citizens. After meetings with the SecNews technology team, we chose to publish through custom made application.

greekwebcam

Practically this means that whoever wants it can enter the IP address (shown at the top of the web application) or another IP address and find out if it is exposed to make a prompt fix or to notify competently.

Certainly it would be best to immediately contact AVTECH cameras with their installers and find their IP address in our application to conduct proper customization.

Our application can be found here [here].

We would advise you to share the share https://secnews.gr/check-camera/ and your friends and acquaintances directly to check their exposure to the risk.

Respective mass searches / investigations by SecNews, not only for webcam but also for other weaknesses involving servers and networking devices and may lead to interceptions or leaks, will continue to inform and protect the community and Greek citizens.

We thank the iGuru team for technical participation and support in conducting research.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Comments

  1. I do not see the box to import the IP I want

    It shows my IP router (WAN)
    And yet another IP which is this?

    In my picture I get 1054 Error. What does this mean;

    In case I do not have a webcam

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *