Skip to main content

A Simple Trick to Hack Unprotected Surveillance Cameras in Web


This is pretty much exposing post about the level of security issues in India. I’m not sure if this is practically being exploited to target broadband users in India. I’m going to show you the fun part here. Its up to the readers to act in an ethical way.
  1. First you need the Angry IP Scanner. Download it from here http://www.angryip.org/w/Download. This is a simple tool that scans for a range of Live IP Addresses and identifies user specified open ports. So I downloaded the 32-bit Beta version. This doesn’t require any installation. Just download and run it.
  2. When you open the tool you can see options to set IP ranges for scanning.
    Angry IP Scanner Home Screen
  3. I’m a BSNL Dataone Broadband user and I wanted to find out the vulnerable cameras in my locality. So I start with my IP Address. Just go to Google and Search ‘My IP’. You will get your IP address. By the way I’m not stopping you from find your IP using ipconfig command like a geek. Googling is pretty simple.

    Find IP Address from Google
  4. I entered my IP 117.193.138.135 in the starting field and 117.193.255.255 in the finishing field. This will sure take a lot of time to scan the whole range but will increase the probability of finding more vulnerable cams.
    Angry IP Scanner IP Range
  5. Next is to specify a Port so that the Angry IP Scanner will ping each IP to find out if that port is open, Go to Tools > Preferences > Ports tab. In Port selection enter the port number you want to scan. I noticed that in my locality most of them are using HIK Vision Digital Video Recorder. This device uses the port 8000. So I’m entering port 8000 in the text box.
    Angry IP Scanner Ports
  6. If you want to scan multiple ports you can enter port number separated by commas. After entering the port number go to Display tab. This where you can customize the results displayed. By default All Scanned Hosts will be checked. In this mode all Dead IP wil be displayed in Red, Alive in Blue and Open Ports in Green. So I recommend to select Hosts with open ports only so that you need not scroll through the entire ocean of Dead and Alive IPs. Once done click OK.
    Angry IP Scanner Display
  7. Now click on Start button and wait for sometime. If you have selected All Scanned Hosts in Display tab, you would have seen individual IP being scanned and listed.
  8. Looks like I got three targets. Just right click on the IP Address to copy it.
    Angry IP Scanner Scan Results
  9. Paste the link in the Address Bar of your Internet Explorer and hit Enter.  Success!!! It loads the login page. As expected its the login page of HIK VISION DVR. The reason why we are using IE is that the ActiveX designed to handled these pages can work only with IE. Even in IE sometimes you will have to wait for the prompt to install ActiveX Control for HIK Vision. If your IE blocks the addon, watch this video http://youtu.be/RymqP4uDC9U to enable it. (or Google ‘enabling unsigned activex control in IE’)
    HIK VISION
  10. Here is the trick. Most of the targets after installing their networked DVR, they fail to change their credentials from the default one provided by the manufacturer. So for HIK VISION the default username : admin and password : 12345
    If you come across a different manufacturer you can just Google the name of the manufacturer with term ‘default password’ to find out the default credentials.
  11. So I entered the default credentials and tried to login. Voila!! I’m in. It seems to be a security cam of a Fashion showroom.
    HIK VISION Cam PreviewHIK Vision Preview
  12. You can browse through various available cams placed in different positions. The interesting part is you can even access the earlier recorded clips of these cams.
  13. Lets go back to IP Scanner and check out if we got any more targets. To our Surprise we got a more than a dozen targets.
    Angry IP Scanner Scan Results
By now you would have got an idea of the extent to which our security is vulnerable. Instead of port 8000 if you scan for 80 you will get mostly online Broadband Routers around your place. Again each router manufacturer will have a default username and password. I will cover this in another post in future.
Likewise IP with open Port 3389 will allow you to make Remote Desktop Connection with them. Just repeat Step 5 with Port 3389.
Remote Desktop Connection in Port 3389
IP with open Port 445 will allow you to access the shared folders.

Accessing Windows Shared Folder with 445

This post is to create awareness among citizens to change their default passwords of their networked devices. I do not hold responsibility if someone misuses the process in this post.
Labels:

Comments

  1. ToresSeptember 7, 2012 at 11:43 PM

    Wow, cool trick! :D I will try it soon, hopefully it will work :P

    ReplyDelete

Post a Comment

Popular posts from this blog

How to use JCalendar date picker in your Java Swing Applications with NetBeans

If you are one of those JAVA beginners like me who wants to implement a datepicker module in your experimental/business critical application developed with NetBeans IDE , then this for you. Let me share how I figured out to do so in simple steps with a sample code. Assuming that you have your Java Swing application ready, you will need to download the JCalendar package from here http://www.toedter.com/en/jcalendar/index.html . The page lists out various modules available with descriptions like JDateChooser, JCalendar, JYearChooser, JMonthChooser, JDayChooser, JSpinField and JLocaleChooser. The one I chose for my app was JDateChooser. After downloading and opening the ZIP file, you can see a whole set of files in it. The one we need is in the folder ‘lib’ with the name jcalendar-1.4.jar (this is the latest version while I was writing this). extract that file to your folder of comfort. The jar file you just extracted contains everything you need to implement the date picker in y
42 comments
Read more

Configuring Google Cardboard to work with Ant VR Headset for Lenovo Vibe K4 Note

Let me make it short. Open the Google Cardboard app from your Lenovo Vibe K4 Note. Go to Switch Viewer option and scan the following QR code. This makes Google Cardboard app to work perfectly with Ant VR Headset. Thanks to this Quora thread . Note : Dont use the inbuilt VR mode and Google Cardboard together. VR mode tries to make the whole android experience viewable through VR headset whereas Google Cardboard only produces VR experience for selective apps with Cardboard compatibility. So they dont work at the same time. Nothing goes wrong even if you activate them together, you only see VRception. Dont use default Ant VR app As mentioned in the Quora thread, dont use Ant VR app. It looks fishy and amateurish. May be its even a spying venture of PLA. who knows. Difference between 360 and 3D videos? If you open 360 videos from Google Cardboard you can watch selected 360 videos (like this one ), where you can rotate your head and look everywhere within t
2 comments
Read more

Honda CB Twister India : A Quick Review

I came across a dozen reviews of Honda CB Twister on web and finally decided to buy it. I owned it on last March, 2012. It costed around ₹63,000 with disc brakes, alloy wheels, road tax and stuffs. The reason why I have included ‘India’ in title is because Twister is also available as Honda CB110 in other countries. Here is my short account on my experience with Twister. Mileage Mileage is a very essential part of my riding experience. I travel around 200 Kms every week, so fuel expenses shouldn't make me bankrupt. Twister’s 60 – 65 KmpL mileage is one of the factors that influenced my choice while buying. Anyway in advertisements its claimed to be 70KmpL.   Engine Nowadays its a increasing trend to see Indians going for high end bikes, but in my case I am good with medium performance engines. Twister’s 110CC engine makes riding smooth up to 55Kmph speed, beyond that Honda Twister turns in to a Honda Vibrator. Considering the fact that I’m not an adrenalized rider,
10 comments
Read more