How Internet-connected Cameras Are Being Exploited by Cybercriminals?

May 27, 2022
3 min read

In recent years, internet-connected cameras have become more commonplace. There is rarely a front door or entrance gate in many metropolitan streets that are not under the constant surveillance of icy, silicon-enabled eyes. Many of these eyes are connected to the internet and other networks outside the internet.

Because of this, fraudsters have developed sophisticated bots that frequently search the internet for gadgets that may be easily hacked. As a result, these devices have become desirable targets for cybercriminals.

This raises an important question: how widespread is this problem, and what strategies are hackers using to obtain access to internet-enabled cameras?

Because of the work that Armin Ziaie Tabari of the University of South Florida and his colleagues did, we now have something that can be considered an answer. This organization has established a worldwide network of online decoy cameras to lure malicious users to the internet and keep track of their activities. HoneyCameras and honeypot cameras are the names given to these types of surveillance systems.

They claim that during that period of time, attacks have become more sophisticated and that cameras have become an increasingly targeted component of a target's infrastructure.

Hidden Cameras, or Honeypots

The group started by simulating six internet-connected cameras on servers located in different parts of the world. They managed these HoneyCamera instances as a component of a broader system designed to track attacks on Internet of Things (IoT) devices in general.

Every instance of HoneyCamera performed a never-ending looping play of a few seconds of a fabricated video stream that was guarded by fundamental authentication procedures. According to the group, the system contained a number of false pages that replicated the functionality of IoT cameras, such as the capability to change passwords, add new users, and read network information. "We also developed a fraudulent firmware upload service that would allow us to capture and evaluate attack tools and exploits," Tabari and his colleagues said in a statement.

Because there is no valid reason for an outside user to access any of these HoneyCameras, the team treated every access attempt as potentially malicious and recorded it over the course of 25 months.

During this time period, the HoneyCameras were visited by sites from all over the world a total of 3.6 million times. The great majority of these assaults originate from bots that are programmed to search the internet for devices that are susceptible to attack.

Not all of these assaults were explicitly directed against the cameras; for example, one of them attempted to upload software for currency mining.

Attacks with Unrelenting Force

Despite this, Tabari and his colleagues claim that they discovered a large number of camera-specific assaults. The first thing that was done was an effort to find a username and password combination that would unlock the video stream through the use of brute force.

They discovered a variety of different attacks designed to take advantage of known vulnerabilities, in particular manufacturers of photographic equipment. These included methods for getting around authentication, methods for compelling the reveal of passwords, and several other approaches.

According to Tabari and his colleagues, the most frequently used login and password combinations in these attacks are admin/admin and 123456789. 666666, 888888, and 123456 are also frequently used as usernames in these types of cyberattacks. 8hYTSUFk, password, and 123456 are among the most common passwords used in these attacks.

It is interesting to note that Tabari and the group created their HoneyCamera with a known vulnerability that exposes the login name and password when the device is used. This was done in the form of an image that merely appeared to be a hacked webpage, a tactic that ensures that it is only viewable by human eyes.

According to cybersecurity specialists, this vulnerability was exploited by 29 different IP addresses. These activities were most likely performed by a human rather than automated software, according to the researchers.

These are intriguing findings that highlight the complex topography of attacks that almost every camera that is connected to the internet will certainly face.

Tabari and company set up honeypots for various additional internet-connected gadgets, and they discovered similarly concerning levels of criminal activity. This is something that is very likely to become more prevalent in the years to come as the number of connected devices continues to expand. There will be more than 40 billion of them by the year 2025, according to some estimates. According to research conducted by Kaspersky Lab, an internet security business, the number of assaults against the internet of things devices more than doubled in the first six months of 2021.

Because of the huge number of attacks, everybody who uses a camera that is connected to the internet ought to double-check their login and password combination and make sure it is as robust as it can possibly be. After that, you should keep your guard up at all times because you can't be sure who is observing you.