ALERT! Your Camera Is PROBABLY Insecure
The Market Ticker - Commentary on The Capital Markets
Logging in or registering will improve your experience here
Main Navigation
Display list of topics
Sarah's Resources You Should See
Sarah's Blog Buy Sarah's Pictures
Full-Text Search & Archives
Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

Considering sending spam? Read this first.

2018-06-07 15:45 by Karl Denninger
in Editorial , 136 references Ignore this thread
ALERT! Your Camera Is PROBABLY Insecure
[Comments enabled]

.... you do not use "cloud connected" and other inexpensive cameras without them being handled by a highly-secure method that only you control.

Is your baby monitor safe?

Jamie Summitt, a stay-at-home mom in South Carolina, posted on a Facebook FB, -1.60% this week that her internet-connected baby monitor took a dark turn recently. She said the camera on her Wi-Fi-connected device mysteriously moved in the direction of her bed. The camera connects with an app to watch children remotely.

“All of a sudden I noticed out of the corner of my eye that the camera was moving...and it was panning over to our bed,” she wrote. “The exact spot that I breastfeed my son every day. Once the person watching realized I was not in bed, he panned back over to Noah asleep in his bassinet.”

These things are outrageously insecure, in some cases intentionally so as it makes the software easier for the authors to put together -- and the service easier too.

It's not (usually) malicious per-se, it's just easier.

This is why you want something like HomeDaemon-MCP, which securely encapsulates your camera stream and control functions, meaning your camera is not visible -- at all -- from the outside.  Ever.  Period.  For any purpose.  It cannot reach out and nobody can reach in.

The bottom line is that as soon as you let these devices connect to an outside place on their own for any reason at all, and especially if they go to a cloud service of some sort you are taking a terrible risk because the data is no longer in your personal hands.  If there are shortcuts that were taken, or just plain bugs, you're wide open and the more of these devices you have that can speak to outside places the more risk you have as well.

If you're in this line of business (providing these solutions) look to the right and email me.  I have the answer to this problem and it begins by segregating any of these sorts of devices so they cannot get outside at all, ever, in either direction.  Now if your gateway (HomeDaemon-MCP) is the only point of contact with it outside your house the attack surface is limited to that device and it's capabilities -- if someone can't hack that they also can't hack anything behind it.

Again, most of these devices if not all of them are ridiculously insecure starting with the video stream itself which is typically delivered over RTSP/H.264 and is completely unencrypted.  For most the news just gets worse from there.

Go to responses (registration required to post)
 

 
Comments.......
User: Not logged on
Login Register Top Blog Top Blog Topics FAQ
User Info ALERT! Your Camera Is PROBABLY Insecure in forum [Market-Ticker]
Geckogm
Posts: 4479
Incept: 2007-06-26

Canyon Lake
Report This As A Bad Post Add To Your Ignored User List
Typo should be>Insecure

These things are outrageously secure, in some cases intentionally so as it makes the software easier for the authors to put together -- and the service easier too.
Tickerguy
Posts: 153144
Incept: 2007-06-26
A True American Patriot!
Report This As A Bad Post Add To Your Ignored User List
Fixed - thanks.

----------
Winding it down.
Tripseven
Posts: 56
Incept: 2012-04-26

Report This As A Bad Post Add To Your Ignored User List
I run a Mobotix Q24 camera with their software off network and curious if you've ever fiddled with their cam software enough to know how insecure they are?

Hoping someone picks this up from you as I would be an instant buyer.

----------
Please God, take it all away!
Tickerguy
Posts: 153144
Incept: 2007-06-26
A True American Patriot!
Report This As A Bad Post Add To Your Ignored User List
Nope -- never played with that specific one.

----------
Winding it down.
Lobo
Posts: 474
Incept: 2013-12-25

Report This As A Bad Post Add To Your Ignored User List
Quote:
These things are outrageously insecure, in some cases intentionally so as it makes the software easier for the authors to put together -- and the service easier too.


I was recently looking at cameras due to some theft at work. One thing that struck me was how poorly written a lot of the software is. The majority have cludgy, unintuitive interfaces with poor performance. It seems like every person that can get past "Hello World" has written camera software and done a very bad job of it.

----------
Village Idiot
Tickerguy
Posts: 153144
Incept: 2007-06-26
A True American Patriot!
Report This As A Bad Post Add To Your Ignored User List
Yeah they pretty much all suck.

----------
Winding it down.
Login Register Top Blog Top Blog Topics FAQ