Linksys IP cam hacking

admin_password_extraction_2-300x216

GNUCITIZEN has posted information on linksys wireless IP camera hacking. It turns out that some models send the administrator user name and password to the computer when the setup wizard requests a connection. In theory, someone could send the request and harvest your passwords wirelessly. This seems like a pretty careless oversight. We would think that linksys will probably remedy this before too long.

Update: Part 2 has been posted.

Update: Part 3 has been posted.

21 thoughts on “Linksys IP cam hacking

  1. There’s no way this was accidental. You don’t send uname/pwd unencrypted over a network. This is nothing more than laziness on the developers part, knowing that they’re working on a “consumer” product.

    Is there a way to shut off the response to this wizard?

  2. Someone will come out with an aftermarket firmware for them like DD-Wrt. It’s tops. I run it on all my equipment. Even at work I talked our I.T. guys into using it.

  3. Well his initial fear wasn’t based on logic – the camera could have been simply sending the password hash. Not a very good idea, but not inherently insecure.

    Of course if the wizard has the password in memory before you’ve even entered it then that’s another matter!

  4. In my experience, it takes a higher-caliber programmer to think security. Coders (that I’ve worked with) *generally* don’t have security on the top of their list of things to be concerned with – to them, as long as the application works it’s golden. That’s why guys like me still have a job ;)

  5. The developers probably just ‘got it working’ for a deadline and didn’t get the time, or forgot about the security part by the end.

  6. Used to be if your neighbor was a perv he had to break into your house to plant a camera, Now all he needs is some minor hacking skills.

  7. This reminds me of the first version of windows 2000, where you could easily and remotely access a person’s user information via the reedit.

  8. I have this camera and it is not a very solid linksys product. The motion detection can only be fine tuned using Active X with IE.

    Also there is no way to turn off the auto light adjustment, so it gives about 20 false positives for motion detection in a day (if it’s in a room that allows any sunlight)

  9. i was only laughing at hollywood the other day as well… but they were switching between just about everybodys… and for some reason they all had controllable directioning as well!

    life >= art ? /s

  10. hackers (good/bad) look for stuff like this. The bad guys love glitches and use to advantage. This most certainly will be exploitable by the moderate or maybe some inexperirnced hackers.

    At least it’s not a cell with a broadcasting bluetooth that sends out a hashed SS #.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s