Gadget Victims: security

Post Top Ad

Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

From Synology DS213+ to DS720+

10/18/2021 12:21:00 PM 0

My Synology DS213+ has been a reliable central storage for all the household for several years.

When it reached the end of its support lifecycle, I started looking for the most suitable upgrade in 2021: The DS720+ (after some hesitation with the DS 220+)

 


Read More
6/14/2021 01:43:00 PM

 The Rise of Cybersecurity Incidents against Healthcare Organizations and How to Stay Protected



Read More

Wanscam K21 is finally fully compatible with Synology Surveillance Station

8/03/2020 10:52:00 AM 0


...or maybe I should say that Synology Surveillance Station is finally fully compatible with the Wanscam K21.

In my initial review, I noted that the K21 would be detected by Onvif Device ManagerIP Camera Viewer,  OnviferAnycam.IO and HappyTime, but not by Synology Surveillance Station. 

In the latest version 8.2.8-6334 of Surveillance Station, Synology included a fix (that was developped in December last year!) which allows to capture the full functionalities of the Wanscam K21 as an ONVIF device.

This change is likely to benefit other Onvif cameras that failed to work sith SS8 before. 
   
The Wanscam K21 can be found below 30€ at Bangood

Read More

Is your IP Camera (still) vulnerable to XSS?

1/21/2020 11:03:00 AM 0
XSS or Cross Site Scripting is a common vulnerability in software allowing attacker to inject code via the user interface.
Often, an input field just intended to collect a server address or user name will also accept entries of a different nature that will be interpreted by the system.

Low-cost IP Cameras, but also more professional ones, have been exposed to XSS for many years, a good reminder that such network devices should not be directly exposed to the Internet!
Hopefully that vulnerability is now well known and many manufacturers eventually "patched" their devices or reduced the attack surface by removing telnet and ftp altogether.

If your IP camera has a HTTP-based user interface, here's a working example of command injection (for learning purpose). This works great on old generation Veskys and Digoo BB-M2 (the pictures below comes from that model), and does not with the Wanscam models I tested.

First check if the admin interface of your camera as an FTP server settings page like this:



Then instead of FTP Server address, copy this command:
put $(killall telnetd)
That first command killed the running telnet daemon.
The second will now launch the Busybox shell without a user/pass prompt. In the username field, copy this: 
$(telnetd -l /bin/sh)

Click the Set up button to save the entries, and click the "Test" button to send them.
The actual FTP server test will report "Test  ...  Failed" which doesn't matter at all because the commands have been executed.

After that, use any telnet emulator, like Putty, and connect to the camera on port 23

As the owner of the camera, this trick allows you to gain full control on your camera.
"hslwificam"

Source: https://nm-projects.de/2017/01/hacking-ip-camera-digoo-bb-m2-part-3-getting-root-access/

More reading:
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2010/february/busybox-command-injection/
Read More

Can a Hacker Hijack Your Medical Device?

7/18/2019 10:15:00 PM



medical devices
Technology has a tremendous impact on the medical field. Innovations in technology have advanced to the point where patients can control medical devices with the touch of a button.
Surgeries are completed with the assistance of robots. And diagnostics are more precise than ever.
Most medical devices are connected to the internet and a network that communicates between devices, patients, and healthcare providers. While this is an advantage for patients, it is also an advantage for some unorthodox criminals. Criminals have increasingly targeted medical devices that are connected to a network that they can hack into.
Read More

You shouldn't buy the Digoo DG-UFC anymore

4/10/2019 12:17:00 PM 1

The DG-UFC IP camera has an interesting form factor, making it ideal for discrete wall mounting.

However, I could not choose a worse time to buy one...



Read More

A tour of the ASUS router RT-AC86U (RT-AC2900)

4/18/2018 12:02:00 PM 1
The RT-AC86U router, released in August 2017, is the revamped successor of the 5 years old RT-AC68U , and Asus didn't just swap two numbers.
This way for a guided visit...

Read More

ASUS routers RT-AC1200 and RT-AC1200GU

6/08/2017 10:45:00 AM 5

Asus routers are excellent but choosing a model can be tricky due to all the variants available.

If you don't want to invest in the ultimate beast, you can still get some great value for money in budget-friendly models like the RT-AC1200 and RT-AC1200GU once you know where and what to look for...







Read More

Keep your privacy under control on Windows 10

3/28/2017 05:00:00 PM 0

Many privacy threats come in the form of "services" claiming to make your life easier. There are actually so many potential data collectors on Windows 10 that it would take a dedicated app to control them all.
Well, a solution came up just to do that.
Read More

HOMEDIA HM631GB 720P Onvif IP Camera review

Wanscam HW0049 HD IP Camera review

11/06/2016 01:18:00 AM 47
The first Wanscam product I reviewed last year left a very good impression.
The HW0049 is the latest addition in the HW series.




Read More

Do your IP cameras put your privacy at risk?

10/15/2016 06:00:00 PM 8

IP Cameras are getting increasingly smart, easy to use and affordable.

They are convenient security add-ons but they also have potential to be exactly the opposite!

Are you the only one watching your cameras?
Read More

Connecting IP Camera Viewer to Synology Surveillance Station

7/12/2013 03:34:00 PM 2
HitMob's IP Camera Viewer for Android and iOS can be configured to access the IP Cameras through Synology Surveillance Station, with the distinctive advantage that such connection can be encrypted.

The process is not over-complicated but deserves to be properly documented.





Read More

Firmware v5.60 for "MayGion" H.264

6/27/2013 03:59:00 PM 0
This latest firmware from Maygion is mostly a security update in reaction to vulnerabilities documented by
coresecurity.com last month.

Read More

Security and IP Cameras

2/24/2012 02:46:00 PM 29

While being a security device by vocation, an entry-level IP camera is rarely secure itself: the embedded server does not offer any way to encrypt your login and the data stream. Fortunately there are ways around it, as well as common sense practice to reduce the risks.

Read More

Upgrading to Gigabit and Wireless-N

2/14/2012 03:57:00 PM 0
There are many WiFi-N routers on the market, but add the Gigabit requirement, and this choice drops dramatically. Add a further requirement for an embedded ADSL modem, and you're left with just a handful of candidates left.

Read More

VPN through Billion 7402GXL

2/02/2012 04:21:00 PM 0
Until recently, setting up a PPTP VPN passthrough on my Billion  7402GXL router was impossible, and for once, it turns out it was not all my fault...
Read More

3G Router with Usage Allowance control

12/13/2010 12:17:00 PM 1
Following a recent horror story with my 3G Broadband operator, I started to look for a router with a security
feature that would warn me when I reach the data usage limit and, if possible, disconnect the modem.

Read More

How to access your IP camera from the Internet

5/13/2010 07:36:00 PM 8
True geeks come usually with 3 major faults:  they don't do backups, they don't quarantine new fishes, and, they never read the manual!

What follows is actually quite well explained in the IP camera manuals, but remains the most frequently asked question:
"How do I access my IP camera from the Web ?" 

Read More

Interfacing UPS, Synology and WinNUT for Windows

2/22/2010 04:53:00 PM 15
Power cuts are very common in my area with about 2 incidents monthly. So far, the damage has been minimal with just one hard disk full of games lost. It would have been another story if it happened to the NAS dedicated to my  photos, music and movies.
After comparing different brands and models, the BE700G(-UK) from APC appeared as the obvious choice.
Read More

Post Top Ad