IP Camera Trolling - Cybersecurity Showcase

Author: John Honovich, Published on Nov 09, 2015

If you want to convince your customers about the importance of cybersecurity and the risk of being the next Hikvision, Foscam or Trendnet, show them 'IP Camera Trolling'.

Physical security professionals are largely indifferent to cybersecurity, as the industry's response to yet another Hikvision Hacking Scandal shows. And major vulnerabilities remain in Tri-Ed and Anixter's cameras.

But these videos bring the risk home.

Trolling Video

In this video, the hacker plays games with a man who has a Foscam camera at his desk, taunting him while the victim calls Foscam tech support:

Don't miss the 3:50 mark where the manufacturer tech support rep reminds the user that the camera has no password by default. Yikes.

That one is definitely the most famous and most viewed but there is a small underground set who do this for fun.

NSFW

The other videos are definitely not safe for work as they use foul and sexually explicit language to attack unsuspecting people at their homes.

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

In the NSFW video below, a guy harasses a couple in their kitchen:

In the NSFW video below, another guy wakes up a couple in the middle of the night:

More Trolling

There are easily dozens of more examples on YouTube, scan them here. People are treating it like the prank phone call of the 21st century.

How It Is Done

Most of these are likely simple hacks, looking for IP cameras publicly available on the Internet, with default username / passwords. Things like Shodan are common tools for doing so.

This is certainly not the only risk, simply the most basic / visible. For another recent example, see Botnet Of 900 IP Cameras Launch DDOS Attack.

Limitations

The reality is that such hacks are extremely uncommon statistically and that taking basic precautions, like not allowing your cameras to be publicly accessible and ensuring a strong password is used will reduce the risk significantly.

Showcase

However, showing / watching these videos gives a much more vivid picture of the risks / issues that can go wrong when your cameras are accessed.

 

2 reports cite this report:

Video Surveillance Manufacturers Risk Lawsuits For Botnet Attacks on Oct 24, 2016
The unprecedented scale of internet outages on October 21st from botnet attacks risk triggering lawsuits against video surveillance manufacturers,...
Arecont and Bosch - Default Security Risk on Dec 14, 2015
Default passwords are a major security risk, enabling hackers around the world to access and control devices like IP cameras (using Shodan, turning...
Comments (7): PRO Members only. Login. or Join.

Related Reports on Hacking

Anti-Hack Access Card Shields Tested on May 26, 2017
Keeping your access control card information secure is becoming a big priority, especially since cheaper copiers can hack details easily. Multiple...
Axis Criticizes OEMs: "When You Buy An Axis Camera, An Axis Camera Is What You Get!" on May 19, 2017
When you buy a Honeywell camera, you likely get a Hikvision, Dahua or some other company's product. The same goes for easily 100 different...
Hackable 125kHz Access Control Migration Guide on May 19, 2017
Despite being one of the most popular credentials, 125 kHz credentials are easily copied and insecure as we showed in our test results, video...
Cisco: Hikvision Hired Us on May 16, 2017
The day after Hikvision's backdoor was confirmed by the US Department of Homeland Security, Hikvision issued a press release about a...
Hikvision Blaming Backdoor On Others, Cannot Hide From DHS on May 11, 2017
Numerous Hikvision employees are blaming their backdoor on others but Hikvision cannot hide from the US Department of Homeland Security. Blaming...
Hikvision Backdoor Confirmed on May 08, 2017
The US Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued an advisory for...
Hack Your Access Control With This $30 HID 125kHz Card Copier on May 01, 2017
You might have heard the stories or seen the YouTube videos of random people hacking electronic access control systems. The tools that claim to do...
Last Day - IP Networking Course May 2017 on Apr 26, 2017
Today is the last day to register for the May IP Networking Course. This is the only networking course designed specifically for video...
Chinese 'Attacking Us From Every Direction', Says US FBI on Apr 25, 2017
"Chinese eating our lunch. Attacking us from every direction" said the US FBI's Deputy Director Andrew McCabe at the ASIS 2017 CSO Summit. .@FBI...
Dahua Manager: Lots of Backdoors Beyond Dahua or Hikvision on Mar 29, 2017
A Dahua technical manager has fired back at criticisms of Dahua's backdoor, posting publicly what many at Dahua have privately been saying for the...

Most Recent Industry Reports

H.265 / HEVC Codec Tutorial 2017 on May 25, 2017
Since 2013, video surveillance professionals have talked about the potential for H.265. Now, in 2017, H.265 is starting to gain mainstream...
Camera Course Summer 2017 on May 25, 2017
Learn video surveillance and get certified. IPVM provides live online classes, recorded videos, personal help, cutting edge education and...
Most Respected Manufacturer Competitors on May 25, 2017
Manufacturers told IPVM what competitor they most respected. In terms of total revenue, Hikvision, Dahua and Axis are certainly tops but would...
CyPhy 'Unlimited' Flight Time Security Drone Examined on May 25, 2017
Drones face several issues as commercial security platforms - legal restrictions (e.g., in the US, the FAA), costs, and limited flight durations...
Milestone Entry Level Mobile Password Vulnerability Disclosed on May 24, 2017
While many manufacturers have only addressed cybersecurity vulnerabilities after public disclosures were made (or threatened), Milestone has...
How Integrators Use IPVM on May 24, 2017
150 integrators explained how they use IPVM and how it helps them stay informed and improve their business.  The 4 main uses integrators cited for...
Alarm Supervision Guide on May 24, 2017
Burglar alarms can constantly monitor the health of attached circuits, sensors, and devices to ensure that they remain operational. This is known...
Arlo Go Cellular Cloud Camera Tested on May 23, 2017
Totally wireless surveillance cameras are growing but almost all typically depend on a hub and local Internet access. However, many outdoor...
Avigilon New COO James Henderson Profile on May 23, 2017
It has been nearly 2 years since the infamous Bryan Schmode 'resigned' as Avigilon COO. Now, Avigilon once again has a COO, promoting James...
Hikvision Marketer Caught Spamming, Fails at Coverup, Fired on May 23, 2017
A Hikvision marketing employee was caught by IPCamTalk trying to surreptitiously disparage IPVM and IPCamTalk. This is an outgrowth of Hikvision's...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact