Nov 6, 2020
Hack/Access vulnerable IoT cameras easily
Internet Of Things (IoT) devices provide us a lot of features and comfort of usability as they are connected to the internet but this opens up a new security challenge if the devices are not patched or configured with security in mind.
How to easily access IoT cameras
It is possible to access a IoT camera with help of just GOOGLE, the technique used here is called Google Dorking
Google is a powerful search engine and it can index almost anything based on your queries, by using Google Dorking we can use a very specific pattern of query to access IoTs
Some of the queries that can be used to access IoT cameras
You can click on the query link to open in browser or copy these queries as text and perform search using Google
Sometimes you will land into camera control panel where you can also switch to different camera between same network move the camera or zoom in/out
Query 1
inurl:/8080 "windows" "live view"
Query 2
inurl:"view.shtml" "Network Camera"
Query 3
Query 4
intitle:"NetCamSC*" | intitle:"NetCamXL*" inurl:index.html
Query 5
inurl:/config/cam_portal.cgi "Panasonic"
How to protect your IoT devices from these vulnerabilities
- Make sure you always keep your IoT devices up-to-date with all the software updates
- Make sure you don’t keep your IoT open for public or always keep a password for connecting to your IoTs
- Make sure you run vulnerability scan and do Google Dorks against your own IoTs to indentify weakness
- And if the device is too old with no patch available you can try Google support and request then to deindex your device
Disclaimer
This post is only for educational purpose and intention is to make people aware and more secure
All these IoTs are publicly available on Google due to vulnerabilities and there is no issues to access them but i still recommend you to use VPN and be signed out from your Google account when Google Dorking
Note : Many advanced users also use vulnerable IoT device finder like Shodan or other Linux tools
