Hack/Access vulnerable IoT cameras easily

Internet Of Things (IoT) devices provide us a lot of features and comfort of usability as they are connected to the internet but this opens up a new security challenge if the devices are not patched or configured with security in mind.

How to easily access IoT cameras

It is possible to access a IoT camera with help of just GOOGLE, the technique used here is called Google Dorking

Google is a powerful search engine and it can index almost anything based on your queries, by using Google Dorking we can use a very specific pattern of query to access IoTs

Some of the queries that can be used to access IoT cameras

You can click on the query link to open in browser or copy these queries as text and perform search using Google

Sometimes you will land into camera control panel where you can also switch to different camera between same network move the camera or zoom in/out

Query 1

inurl:/8080 "windows" "live view"

Query 2

inurl:"view.shtml" "Network Camera"

Query 3

inurl:axis-cgi/mjpg/video.cgi

Query 4

intitle:"NetCamSC*" | intitle:"NetCamXL*" inurl:index.html

Query 5

inurl:/config/cam_portal.cgi "Panasonic"

How to protect your IoT devices from these vulnerabilities

  • Make sure you always keep your IoT devices up-to-date with all the software updates
  • Make sure you don’t keep your IoT open for public or always keep a password for connecting to your IoTs
  • Make sure you run vulnerability scan and do Google Dorks against your own IoTs to indentify weakness
  • And if the device is too old with no patch available you can try Google support and request then to deindex your device

Disclaimer

This post is only for educational purpose and intention is to make people aware and more secure

All these IoTs are publicly available on Google due to vulnerabilities and there is no issues to access them but i still recommend you to use VPN and be signed out from your Google account when Google Dorking

Note : Many advanced users also use vulnerable IoT device finder like Shodan or other Linux tools

Tech | Games | Photography | Cybersecurity | Hacking | & Stuff 😉