379
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 18 Dec 2023
379 points (97.3% liked)
Technology
59415 readers
1166 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
This is why you shouldn’t use cloud services for personal security, because the cloud is just someone else’s computer.
Also, quit putting unnecessary, Internet connected cameras indoors.
I seriously cannot fathom the amount of people that seem to want to put cameras up in their own bedrooms and just let them stream video constantly.
It has nothing to do with any serious home security, and everything to do with mindless consumerism. Hopefully it's a trend that will pass.
In general, cloud services have far better security than DIY systems. All of the hacked systems in this article are home based systems.
Even if it were true; less money to be made than from a company, so less interest and investition to hack it.
You can't connect home system that is never connected to internet, basically make home server and hook up cameras and don't ever connect that to internet
Bro, if I find any ingress point onto your network, I can connect to your networked cams.
Little brother downloads a Trojanised pirate copy of a game? I can connect to your cams via your lil bro's computer.
Not patched your stuff and there was a drive-by-download and RCE exploit? I can do it through your computer.
Your firewalls are important but they aren't impenetrable.
Yeah, but you’d pretty much need to target the person so these blanket hacks where a bunch of cameras are exposed aren’t really possible
No I don't. Like the first example above I can simply trojanise an executable, and release it to the public.
Once I'm on your network, the first thing I'm always going to do is see what I'm working with. That means a network and system info sweep. If I'm efficient, I already have a script to do this.
That sweep will reveal the presence of the camera. I might be interested in extortion material or I can sell this to a criminal gang, if I can get it open. I already have the camera's MAC address, so finding the make and model isn't too hard.
Then I might browse to it, see what system software it is running. Then I would try default usernames and passwords (people don't always change them) and see if there are any usable exploits on the software.
If I come across a certain camera type with certain vulnerabilities a lot, making a script to autofuck these cameras is child's play.
Source: am an ethical hacker/ red teamer.
What is the recommended on-ramp for someone with a CS degree and a networking background?
With that kind of background you've got a good advantage. You probably know how people fuck up their implementations as rookies, the next step is learning to take advantage of it.
Depending on the areas you want to get into (web, mobile, infrastructure, web3, etc) there are a lot of different training materials you can do. Most are free or very affordable.
Basic infrastructure stuff is a must, but it's really simple. Your main tool for this will be either Nmap or massscan, both are port-scanners. You need to learn some basic flags and understand why you might want to use some and not others depending on the scenario (you probably already know at least some of this already). This is usually the first technical step in any operation.
Basic Linux and Windows command line is also a must. You don't need to be able to do Linux From Scratch but you do need to be comfortable with Linux (and Windows) command line; if you manage to get a shell (illicit remote access) on a victim box, this is what you'll be using to get around. An industry standard toolkit also comes in the form of a Linux distro, namely Kali Linux.
For more advanced infrastructure stuff, check out the HackTricks gitbook, it's really helpful.
For web (not web3) based stuff, you can start with Damn Vulnerable Web App and OWASP Juice Shop. The former is far more tutorialy but the latter has all sorts of walkthroughs. Understanding why this works is important to understanding in future what kinds of stuff work, which is important when people actually put in (bypassable) protections.
If you want to go through more of a web3 route, get familiar with the Remix IDE and check out Ethernauts.
For mobiles, it's important to have jailbroken or rooted devices, especially in the case of iOS. Check out Damn Insecure and Vulnerable App (Android) or Damn Vulnerable iOS App (iOS). The OWASP Mobile Testing Guide is also a really useful read.
Once you get comfortable, you can also check out Capture The Flag challenges hosted by other people. CTFTime is a good aggregate for these and HackTheBox is a good training ground for them.
I would generally recommend these tools before going onto certs; once you're good at these, you'll breeze through the certs with a light refresher on course details, however the certs are an expensive way to actually learn.
As for which certs, CompTIA Pentest Plus is a good starter. Offensive Security Certified Practitioner (OSCP) is a good mid-level cert, and CTFs are a crazy good preparation (this exam is much more practical-based than your standard exam). Don't listen to some LinkedIn lunatics that call this a starter exam, it absolutely is not, and they probably have never taken it. It is, however considered something of a gold standard in the industry; if it isn't a minimum requirement, it is considered VERY helpful in most job applications.
Seperate network that's physically not connected to a network which connects to the internet or cameras with local storage.
You can't hack into the wildlife camera in my backgarden. It doesn't even have wifi, just an SD card.
Of course, that's less useful if you want to check up on your house when you're away.
It kinda depends on the setup I think, especially when vlans and firewalls are involved, you'd likely need additional payloads to make further progress in that kind of environment IMO. Something granting persistent remote access to the compromised machine would be the most ideal option.
As always physical access is pretty much game over though lol.
My cams are only accessible via an authenticated endpoint hosted on a dedicated machine, which acts as a "bridge" between the VLAN that the cameras are on (no internet access), and another VLAN hosting internal services, like home assistant, plex etc.
Aside from physical access, the only way to access the cams (that I can think of) would be via some exploit in Home Assistant, or by brute forcing the password to (any of) my network switches to access the management VLAN, changing the VLAN the cameras are set on to something else (bypassing the routing, firewall setup, and auth "bridge" entirely). Or maybe just exploiting the bridge machine directly and dropping a payload to forward the cams out to the net via the services VLAN
With physical access, you could chop up the PoE for an external camera and using that as an ingress point - but you'd only have access to the cameras and the bridge machine unless you exploited that too. At this point the zabbix client on the bridge machine would have notified me that a camera's dropped off the network, unless you dropped a payload to force it to return a good status lol
Does sound like a very fun exercise though tbh
Half the reason to own a security camera system is so you can monitor it while away. Can't do that if the system isn't online.
Online or cloud-accessed? Those are two separate things.
Blatantly false. Nowhere in the article does it say this.
I'd almost say your exposure is bigger in the cloud. WAY more software involved, it's shared environment, and someone elses computer.... In addition, it's complex to properly setup. People often leave it alone once they get it working, no security test or checks.
Even IF it was because it was hosted at home, I blame the companies who build this shit. Market to end users, "super easy to use!!" But no security by default? Nuts.
Enable auto updates, randomly generated admin password (no defaults like 123456), and support for more then 3 years will go a LONG way for the average consumer.
Ok... But cloud services are centralized and have a lot more content to obtain, so that fundamentally makes them a more valuable target. This alone adds a level of relational security to maintaining a home backup of the information. Unless someone happens upon your home network and decides to hack it, or you download a file that sends up a flare, nobody is going to seek it out unless they know you have something specific they want.
If you have an IP camera system exposed to the outside, they will "happen upon you" within the hour.
It's one of the top things searched for in wide net port scans.
But unlike those cloud services, your home network likely doesn't have enterprise level threat detection to alert you to it, or a team of network engineers to try to guard against it.
Why the fuck are you broadcasting a beacon to come hack your network? Of course they are going to find it if you light it up like a Christmas tree with a giant neon sign. I said you set up your cameras to record locally. Only an idiot would set up a camera system with an unsecured exposed port. Hell, set up anything with an unsecured exposed port for that matter. Especially one that is an always broadcasting system. It doesn't even matter if you use a cloud provider at that point. All they have to do is hack an network hop near your home and install a man in the middle and they don't have to bother hacking a server farm to get your videos.
You have a source for that?