Shodan.io is the searchable index of open IoT devices.
Change the default password, people!
Those cameras are there since 90s I remember watching them in ActiveX in real media player plugin in IE. Nothing changed.
40k? Impressive resolution.
For the Emperor!
40K?
Praise the Omnissaiah!
It would be nice to know what brands or models are most vulnerable.
What this is talking about is not really about the brand or model, its just about them being misconfigured. These cameras were exposed to the internet with either default credentials or no authentication.
Theres very few good reasons to expose a camera to the internet at all, just access it over a VPN. If for some reason someone really needs to access it over the internet (I genuinely cannot think of any), then they should put some proper authentication in front of it.
An IP camera may stay in use for a decade or more without any firmware updates. You shouldn’t trust any sort of authentication that’s built into the camera to be secure. Keep them on an isolated LAN and only allow access from the server that’s running the DVR software.
Even when they are protected, when did they receive the last update? There are probably so much more vulnerable IoT devices.
