So you bring home a shiny new gadget. You plug it into your network, turn it on, and it does… well, whatever it wants. Hopefully, it does what you expect and no more, but there is no guarantee: it could be sending your network traffic to the NSA, MI5 or just the highest bidder. [Jelmer] decided to find out what a new IP camera did, and how easy it was to find out by taking a good poke around inside.
In his write-up of this teardown, he describes how he used Wireshark to see who the camera was talking to over the Interwebs, and how he was able to get root access to the device itself (spoilers: the root password was 1234546). He did this by using the serial interface of the Ralink RT3050 that is the brains of the camera to get in, which provided a nice console when he asked politely. A bit of poking around found the password file, which was all too easily decrypted with John the ripper.
This is basic stuff, but if you’ve never opened up an embedded Linux device and gotten root on it, you absolutely should. And now you’ve got a nicely written lesson in how to do it. Go poke around inside the things you own!