I wanted to spend a bit of time performing some OSINT to show people what things are being leaked online. As part of this series “KSEC Security snapshot” we bring you “Scrutinize your security”. A short glance into how security systems can be vulnerable. That’s right .. Your security solutions are ones compromising your networks, assets and integrity.
Which is the whole purpose of a security system is to make you safe … Not the opposite. So maybe after this series, you wont trust anything. Not even water ! Who knows !
For the first snapshot, were going to use shodan to grab a few reports of “webcams” & “cameras” that are being leaked online. A large amount without any credentials at all, as you’ll see further down…
Must say the ISP “TekSavvy Solutions” Isnt all that savvy with security.
So as you can see, there are a large amount of results for cameras online. Shodan maps also allows you to query this over any country to show in live view, where devices are located.
With a shodan membership, you can pull out reports on the searches as shown bellow. Germany clearly trumps with the amount being shown for cameras just under 53k!
We can also see the OS being used which as you can see for yourself, have some very old services still being commonly used.
Netwave seems to be a very popular choice !
So lets take a look at a few of the results that shodan has returned. So some of these are fairly self explanatory … Nice mountain view in Austria, someone’s rabbit in korea .. And some weed being grown in the US.. Weird stuff to have exposed online but let’s do some more specific searches.
Here’s the link for anyone wanting to see how his grow comes along … https://www.shodan.io/host/18.104.22.168
The rabbit actually can these controls that allowed 2 way audio and remote control of the camera.
A common unauthenticated camera seems to the the webcam 7. So a quick search returned some more weird findings. With a total of 382 results there’s plenty to investigate.
We’ve got some Russian street cameras with some being able to be remotely controlled.
A Bluetit bird rest, seen a few similar nature streamers but unfortunately not much to see on this one !
The creepiest one was this … this was a whole collection of cameras which someone was selling access to view. Looked like some weird setup for a private view into their households life…
Shodan images allows you to search through screenshots of cameras and other services such as Windows servers etc. https://images.shodan.io/?query=webcam&page=3
This brings me to insecam, another what’s effectively a search engine for camera, this time they all show footage an live feeds. Some of the results were damm right concerning and the others made me want to go on holiday.
I mean they should totally sort out their security but defiantly looks like a nice place to go ! Unintentional advertising I’m sure. https://www.insecam.org/en/view/540480/