The Search Engine For Hacking IP Cameras (Shodan)

Author: IPVM Team, Published on Sep 10, 2013

With the US FTC cracking down on an IP camera manufacturer for security / privacy violations, concern over camera vulnerabilities have increased significantly. In this note, we review an online tool that is rapidly gaining in popularity as the search engine to quickly find and compromise online devices like IP cameras. We show you how it is done with a video screencast that demonstrates how lightning fast this engine makes hacking cameras.

Background of Shodan

******** * ****** ****** **** ****** *** ** **** ******* connected ** *** ********. **** ***** ** ** *******, *******, and *******, *** **** **** *********** ******* **** ******* ******, SCADA *******, *** ******* *********.

** *** ********** ******* ** ******** ********** **** ******** ** allow ********* ** **** ******* ********* ** *** ******** ***** their ********. ** *** *******, ****** **** ** *** *********** **** *** ******* **************. **** ** ******* ** **********, ****** ** ***** **** to ** * ***** ****** ** *** **** ********** ******* are *** ***** *** ********* ** *** ********.

Where ** ******* * *******

**** ** *** ******* ******* ** *********** **** *********** ** ******. *** *******, ******* ******* *** dams ** ************ ** ************* ** **** ******* *******. ******* physical ******** *** ***** ******* *** ** ****** ***** ****** is ******* ** ********** *****. *******, **** *** **** ********* to *** ********, *** ****** ********** ** ****** ****, ***. This ****** **** ******* ** ****** *** ***** ****** **** on ******. *** ******* **** ** *** ***** ***********, ** is ********* ** ****** ******* ******** ********.

******** **** ** ***** ** **** ****** **** ***** ****** for *** ** ********* ***** ** ****** * ***** *** limiting *** ****** ** ****** ******* * ****** *** *** without ****** * ************. ************* ****** **** ** *********** **** ******* ** **** **** ** ******* ********* ***********. That ***** **** * ***** ******* **** ******* **** *** technical ****-*** ** ***** *** ******* *** ******** ** * utilities *******.

'Hacking' * ****** ** **** **** ** *******

** ******** **** ******* ** **** *** *** ** *****:

Shodan *** ** *******

******** *********** ********* *** ***** * ***** **** ********* ******* **** ******* ** ** ******, ** the **** **** **** ** ** **** **** ***** ******* are ******. *** ******* **** ** ******* ** **** **** of ****, ******* *** *********** ** *********, *** ******* *********. Default *********** *** ******* ********* ****** (*.*., ********** ********* *********). *** ***, *** ******* *** ********** ******* *** ******* and *** ******* **** **** **-**** *** ******* **** ******** and ****** *** *** ****** *** *******, *** ****** *** cameras *** ******* ** ****.

**** ** ** ******* ** **** ****** ******* **** **** week ******* **** **** ******* ********* ********* ** *** ******** and ***** *********. ***** ** ***** ******* **** ************. *** fourth ** ***** ***** ******* ***** ***********.

*** *** ****** ***** ********, *** **** *** *** ****** a **** **** *** *****, *** *** *** **** ******* PTZ ********.

Impact ** ************ ***** *** *************

** **** **** *********** *** ****** ******** *** ****** ** ******* ********** ** ** *******. ** **** **** * *** ** ***** *** **** curious ***** **** **** *** ****. *************,***** ** ** *** to ** **** *** **** ****** *** ***** ** *** more ********* *******. *** ******* *** ** **** ******** ****** would ** *** ************ ************* ** ******* *** ***** ** change ******* *********** ****** *** **.

Comments (9)

*'* ***** ** ****** **** *** *** ** **** **** is ***** ********* ** *** ****...

***** ** ** *** ****....

"************* ****** **** ** *********** **** ******* ** **** **** ** ******* ********* ***********."

****, *****, ***** *** * *** **** ****** ****** **** number...?....

*** ***** ***** ************ **** ********** ******** ******?

****, ******, ***** *** * *** *** ***** **** *** that ****** ** **** ** ***** *******....?....

* ****** ******** **** ***** ****** ** * *** * computer ********* ******** ** *** ******** (*** ****** ** ******) and *** ********* **** ******** ** ***** **********... **** ** would **** *** *****...

********* ********, *** ****** *** **** ** **** ** **** computer ****** ** *** ********. *** *** ***** ** * long **** *******, ********** ** *** **** **** ***'* *** scan *** ******* ******* ** * ****.

**** ** *** ***** **** (****) ****** ****** *** *** idea ** *** *********, * *** ** ****** *** ********** had ********* ******** ********* ******* ********* *** **** **** ****** folders ******* ** *** ********. ********* ** ****** ***** **** a ****** ** ******* *** *** ***** ********* *** **** shared ****** ****** ***** ****** *** ******** *** ********. *'* run ****** ***** ******* ******* *** ***** ***** ** ********. I'd *** ** **** **** **** ** ******** **** **** on *** **** **** *** **** **** ********* ****** ***** their ***************. ********* *''* ******* ** ***** ****** ******** *** try ** **** **** * ******* **** ***.

*** **** * **** * ****** *** ****** * ******* investigator ******** *** *** ****** ******* **** ****** ** ******'* background ****** *** ******* ** *** ********; ***** ** *****, SS#'s, *** *** ****** **** **** *****. ** *** *** and ********** ** *****, *** **** ***** ** ** **** clean ** *** ****** *** ******* *** ***. ** ****** a **** ********, *** ******, ***** ** ****** **** * few ***** *****.

*** **** **** ******** *** ** ****** **** **** ** my *** ****.

******** *** ****, ***** ***** **** ** ******** ********** ** the ***** ******* ***** ***** **** ** **** *****/*** *****.

****** ***********... *** ***** *** **** *********. ******.

** *** **** ** ****** **** **** ************** ** *** network, ** ** *********** *** **** **** ******* ** ******* for *********** ** * ***** *******?

***** *** ********** **** ** *** ****** ** * *** from *** ******** ** ****** ** **** ****** *** *********** of **** ****?

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Hacking

Hikvision Rejects Responsibility for Hacked Hikvision Cameras on May 10, 2016
After a massive number of Hikvision cameras were hacked, Hikvision has added new, and questionable legal language, declaring that Hikvision will...
ADI Refuses to Fix Their OEM'd Hikvision Security Risks [Solved] on Mar 09, 2016
More than a year after massive hacks against Hikvision was disclosed; More than 9 months after Hikvision issued improved security firmware, mega...
Network Security for IP Video Surveillance Guide 2016 on Feb 03, 2016
Keeping surveillance networks secure can be a daunting task, but there are several methods that can greatly reduce risk, especially when used in...
Arecont and Bosch - Default Security Risk on Dec 14, 2015
Default passwords are a major security risk, enabling hackers around the world to access and control devices like IP cameras (using Shodan, turning...
Axis Cybersecurity Hardening Guide Examined on Nov 19, 2015
In most IT areas, 'hardening' guides are commonplace, providing best practices for improving the cybersecurity of network products (e.g., see this...
IP Camera Trolling - Cybersecurity Showcase on Nov 09, 2015
If you want to convince your customers about the importance of cybersecurity and the risk of being the next Hikvision, Foscam or Trendnet, show...
Dahua Finally Has A US Distributor on Oct 08, 2015
Finally. Billion dollar Dahua is the 'smaller' of the two mega Chinese surveillance manufacturers (the other being Hikvision). Historically,...
The Hikvision Hacking Scandal Returns on Sep 22, 2015
With a vengeance. The last time, the industry mostly shook it off. This time, it is clearly much worse. In this note, we examine Hikvision's...
Warning: ADI and Tri-Ed Video Products Major Security Risk on Sep 22, 2015
Recently, ADI and Tri-Ed both started OEMing Hikvision products. Reference - IPVM test on ADI W Box, IPVM test of Tri-Ed Northern Video. Both ADI...
Anixter/Tri-Ed Northern Video Tested on Sep 18, 2015
ADI is an IP video manufacturer now (see IPVM's ADI W Box test results). And now, their top rival, Anixter's Tri-Ed arm has also entered the IP...

Most Recent Industry Reports

Nest Cam Outdoor Tested on Sep 23, 2016
After years of claiming an outdoor model was "coming", addressing their biggest user demand, Nest has finally released their Outdoor Camera, an...
ACTi Refuses Race To The Bottom, Shifts To Solutions on Sep 23, 2016
The original low cost IP camera disruptor was ACTi. Back in the 2008 - 2010 time frame, Taiwanese manufacturer ACTi challenged the Western and...
You Get Robbed, Canary Will Pay You Up To $1,000 on Sep 22, 2016
Canary is trying to break the status quo in DIY security, first by raising over $40 million, and now a revamp of their monthly services package...
Milestone Ends Development of "Enterprise" VMS on Sep 22, 2016
Milestone 'Enterprise' was one of the first enterprise video management software offerings, selected by many early adopters of IP video. However,...
History of Video Surveillance on Sep 22, 2016
This is a concise history of video surveillance covering the past decade.  The goal is to help professionals newer to the industry understand...
Access Control Course Fall 2016 on Sep 22, 2016
IPVM offers the most comprehensive access control course in the industry. Unlike manufacturer training that focuses only on a small part of the...
Totally Wireless IP Camera (IPVideo Corp NomadHD) on Sep 21, 2016
Wireless battery powered cameras have been a surveillance pipe dream for years, limited by camera power consumption, battery technology, and...
Axis Launches IP Speakers on Sep 21, 2016
First, Axis introduced an IP horn, then it was video intercoms, and now it is Networked Speakers? While IP-based Public Address systems are not...
Tagged RFID Object Search Recorded Video on Sep 20, 2016
Video analytics has gotten fairly good at tagging people in video, but it does not solve the problem of finding items like specific merchandise or...
FLIR and Geovision Join the Hikvision Price Cut Race on Sep 20, 2016
Hikvision's price cuts are clearly a trend setter. After numerous and increasingly large cuts, the destructive cycle is accelerating. Last month,...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact