this post was submitted on 18 Dec 2023
482 points (97.4% liked)

Technology

59593 readers
2944 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] bruhduh@lemmy.world 31 points 11 months ago (3 children)

You can't connect home system that is never connected to internet, basically make home server and hook up cameras and don't ever connect that to internet

[–] deweydecibel@lemmy.world 6 points 11 months ago* (last edited 11 months ago)

The problem is cameras like these, the kind that people are putting up inside their own homes, facing their living spaces, their own damn bedrooms, they're sold to people that have this desire to be able to check in with those cameras remotely at any time, without a good reason.

The only reason my mother seems to have crap like this set up is so she can see the dogs when she's not home. They're just sleeping.

Internet connected, living space directed cameras are this bizarre consumer electronics trend that has no legitimate use case for like 90% of the people that rush to use it. Certainly not one that merits the security risks and the privacy invasion that they are inviting on themselves.

[–] 520@kbin.social 3 points 11 months ago* (last edited 11 months ago) (4 children)

Bro, if I find any ingress point onto your network, I can connect to your networked cams.

Little brother downloads a Trojanised pirate copy of a game? I can connect to your cams via your lil bro's computer.

Not patched your stuff and there was a drive-by-download and RCE exploit? I can do it through your computer.

Your firewalls are important but they aren't impenetrable.

[–] asbestos@lemmy.world 20 points 11 months ago (1 children)

Yeah, but you’d pretty much need to target the person so these blanket hacks where a bunch of cameras are exposed aren’t really possible

[–] Hyperreality@kbin.social 9 points 11 months ago (1 children)

Seperate network that's physically not connected to a network which connects to the internet or cameras with local storage.

You can't hack into the wildlife camera in my backgarden. It doesn't even have wifi, just an SD card.

Of course, that's less useful if you want to check up on your house when you're away.

[–] bruhduh@lemmy.world 10 points 11 months ago

That's what I've been trying to say, thank you for backing me up

[–] jackoneill@lemmy.world 7 points 11 months ago (1 children)
[–] 520@kbin.social 3 points 11 months ago (1 children)
  1. not a common feature of home networks

  2. If the compromised machine has access to both vlans, you're still fucked

[–] jackoneill@lemmy.world 2 points 11 months ago (1 children)

It’s a feature on mine

That’s why my security has multiple layers

[–] 520@kbin.social 1 points 11 months ago* (last edited 11 months ago)

It isn't a common feature on ISP provided routers, which is what most people use. Some ISPs (example: my own) even make it exceptionally difficult to use other routers. I had to install OpenWRT on my retail router to get it, and getting that working was such a pain.

[–] lemann@lemmy.one 1 points 11 months ago

It kinda depends on the setup I think, especially when vlans and firewalls are involved, you'd likely need additional payloads to make further progress in that kind of environment IMO. Something granting persistent remote access to the compromised machine would be the most ideal option.

As always physical access is pretty much game over though lol.

My cams are only accessible via an authenticated endpoint hosted on a dedicated machine, which acts as a "bridge" between the VLAN that the cameras are on (no internet access), and another VLAN hosting internal services, like home assistant, plex etc.

Aside from physical access, the only way to access the cams (that I can think of) would be via some exploit in Home Assistant, or by brute forcing the password to (any of) my network switches to access the management VLAN, changing the VLAN the cameras are set on to something else (bypassing the routing, firewall setup, and auth "bridge" entirely). Or maybe just exploiting the bridge machine directly and dropping a payload to forward the cams out to the net via the services VLAN

With physical access, you could chop up the PoE for an external camera and using that as an ingress point - but you'd only have access to the cameras and the bridge machine unless you exploited that too. At this point the zabbix client on the bridge machine would have notified me that a camera's dropped off the network, unless you dropped a payload to force it to return a good status lol

Does sound like a very fun exercise though tbh

[–] w2tpmf@lemmy.world 3 points 11 months ago (1 children)

Half the reason to own a security camera system is so you can monitor it while away. Can't do that if the system isn't online.

[–] aniki@lemm.ee 5 points 11 months ago (1 children)

Online or cloud-accessed? Those are two separate things.

[–] DarkDarkHouse@lemmy.sdf.org 1 points 11 months ago* (last edited 11 months ago)

It’s going to be cloud accessed. People who install these to check on whether Mittens is sleeping aren’t setting up a domain or remembering an IP.