478
Thousands of private camera footages from bedrooms hacked, sold online - VnExpress International (e.vnexpress.net)
submitted 8 months ago by fne8w2ah@lemmy.world to c/technology@lemmy.world
129 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] w2tpmf@lemmy.world -5 points 8 months ago

In general, cloud services have far better security than DIY systems. All of the hacked systems in this article are home based systems.

[-] bruhduh@lemmy.world 31 points 8 months ago

You can't connect home system that is never connected to internet, basically make home server and hook up cameras and don't ever connect that to internet

[-] 520@kbin.social 3 points 8 months ago* (last edited 8 months ago)

Bro, if I find any ingress point onto your network, I can connect to your networked cams.

Little brother downloads a Trojanised pirate copy of a game? I can connect to your cams via your lil bro's computer.

Not patched your stuff and there was a drive-by-download and RCE exploit? I can do it through your computer.

Your firewalls are important but they aren't impenetrable.

[-] lemann@lemmy.one 1 points 8 months ago

It kinda depends on the setup I think, especially when vlans and firewalls are involved, you'd likely need additional payloads to make further progress in that kind of environment IMO. Something granting persistent remote access to the compromised machine would be the most ideal option.

As always physical access is pretty much game over though lol.

My cams are only accessible via an authenticated endpoint hosted on a dedicated machine, which acts as a "bridge" between the VLAN that the cameras are on (no internet access), and another VLAN hosting internal services, like home assistant, plex etc.

Aside from physical access, the only way to access the cams (that I can think of) would be via some exploit in Home Assistant, or by brute forcing the password to (any of) my network switches to access the management VLAN, changing the VLAN the cameras are set on to something else (bypassing the routing, firewall setup, and auth "bridge" entirely). Or maybe just exploiting the bridge machine directly and dropping a payload to forward the cams out to the net via the services VLAN

With physical access, you could chop up the PoE for an external camera and using that as an ingress point - but you'd only have access to the cameras and the bridge machine unless you exploited that too. At this point the zabbix client on the bridge machine would have notified me that a camera's dropped off the network, unless you dropped a payload to force it to return a good status lol

Does sound like a very fun exercise though tbh

load more comments (11 replies)
load more comments (15 replies)
load more comments (29 replies)
this post was submitted on 18 Dec 2023
478 points (97.4% liked)

Technology

57919 readers
4515 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world