Couples Nest Security Hacked
-
@scottalanmiller said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
The homeowner could have also had UPNP enabled in their firewall allowing the hackers to gain direct access
So you're saying that potentially their router had UPnP enabled and from there opened the port to the camera\security system?
(sorry for the noob-ish question, Never heard of that until google told me what it was.)
Yep tons of shitty consumer stuff does that
but for why?
Because they are there to sell shitty consumer cameras "accessible from anywhere in the world".
Via an RTSP feed directly from the device. . .
which also means that anyone with half a brain incyber security can get into your cameras just as well. ...
Don't even need that much. The feed is literally just sitting out on the open internet waiting for anyone to go to a self hosted webpage to view.
Exactly. Its' like a billboard, but on a back road. Public, but not in your face.
What would the use of UPnP be then?
Where would that come into play? -
In the old FTP days, you'd put in your own email address as a password. That was considered public. If you make zero attempt to secure, you struggle to claim someone broke in.
-
@WrCombs said in Couples Nest Security Hacked:
@scottalanmiller said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
The homeowner could have also had UPNP enabled in their firewall allowing the hackers to gain direct access
So you're saying that potentially their router had UPnP enabled and from there opened the port to the camera\security system?
(sorry for the noob-ish question, Never heard of that until google told me what it was.)
Yep tons of shitty consumer stuff does that
but for why?
Because they are there to sell shitty consumer cameras "accessible from anywhere in the world".
Via an RTSP feed directly from the device. . .
which also means that anyone with half a brain incyber security can get into your cameras just as well. ...
Don't even need that much. The feed is literally just sitting out on the open internet waiting for anyone to go to a self hosted webpage to view.
Exactly. Its' like a billboard, but on a back road. Public, but not in your face.
What would the use of UPnP be then?
Where would that come into play?shitty consumer gear where the goal is to sell "easy to use equipment".
-
@WrCombs said in Couples Nest Security Hacked:
@scottalanmiller said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
The homeowner could have also had UPNP enabled in their firewall allowing the hackers to gain direct access
So you're saying that potentially their router had UPnP enabled and from there opened the port to the camera\security system?
(sorry for the noob-ish question, Never heard of that until google told me what it was.)
Yep tons of shitty consumer stuff does that
but for why?
Because they are there to sell shitty consumer cameras "accessible from anywhere in the world".
Via an RTSP feed directly from the device. . .
which also means that anyone with half a brain incyber security can get into your cameras just as well. ...
Don't even need that much. The feed is literally just sitting out on the open internet waiting for anyone to go to a self hosted webpage to view.
Exactly. Its' like a billboard, but on a back road. Public, but not in your face.
What would the use of UPnP be then?
Where would that come into play?UPnP is for consumer things only, mostly things like video game systems that need to open ports specifically for gaming. UPnP is mostly useless since no good networking devices support it. Put something as simple as a UBNT router in your house and UPnP is dead in the water. It was popular for a small time in the late 2000s when people were really getting into having networked gear in their homes, but hosted services were not yet common, and no one knew anything about networking.
All of those factors have changed and today it has no real use case and you never really see it.
-
@scottalanmiller said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
It's the "viewing it without permission when it was secured" that is the issue. The fact that bad security was used doesn't really matter.
If the default password was on this device, and the hacker used that password to get into the camera to see what was going on it's still B and E.
But if it's like the billboard, well its a public service at that point. The people are asking to be seen essentially. Reverse voyeurism.
No, default passwords can be seen as an exception. Not always, but sometimes. The same as "you can't disable it, so you set it as close to no password as possible to make it effectively public."
Only if the person is prompted to change the password and they don't. I know of many scenarios where you're constantly asked to change the default password but are given the option "not now".
That is the same as using bad security. It's still an invasion to break in with the default password. And is thus still hacking.
-
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@scottalanmiller said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
The homeowner could have also had UPNP enabled in their firewall allowing the hackers to gain direct access
So you're saying that potentially their router had UPnP enabled and from there opened the port to the camera\security system?
(sorry for the noob-ish question, Never heard of that until google told me what it was.)
Yep tons of shitty consumer stuff does that
but for why?
Because they are there to sell shitty consumer cameras "accessible from anywhere in the world".
Via an RTSP feed directly from the device. . .
which also means that anyone with half a brain incyber security can get into your cameras just as well. ...
Don't even need that much. The feed is literally just sitting out on the open internet waiting for anyone to go to a self hosted webpage to view.
Exactly. Its' like a billboard, but on a back road. Public, but not in your face.
What would the use of UPnP be then?
Where would that come into play?shitty consumer gear where the goal is to sell "easy to use equipment".
So basically it's a protocol ( I use Loosely) for selling equipment? Sounds absurd.
-
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@scottalanmiller said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
The homeowner could have also had UPNP enabled in their firewall allowing the hackers to gain direct access
So you're saying that potentially their router had UPnP enabled and from there opened the port to the camera\security system?
(sorry for the noob-ish question, Never heard of that until google told me what it was.)
Yep tons of shitty consumer stuff does that
but for why?
Because they are there to sell shitty consumer cameras "accessible from anywhere in the world".
Via an RTSP feed directly from the device. . .
which also means that anyone with half a brain incyber security can get into your cameras just as well. ...
Don't even need that much. The feed is literally just sitting out on the open internet waiting for anyone to go to a self hosted webpage to view.
Exactly. Its' like a billboard, but on a back road. Public, but not in your face.
What would the use of UPnP be then?
Where would that come into play?shitty consumer gear where the goal is to sell "easy to use equipment".
It was, even that is gone. Using UPnP for that stuff required you to know your IP address all of the time, which is too hard still. So everyone has moved to hosted services to centralize access and make it easier still.
-
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@scottalanmiller said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
The homeowner could have also had UPNP enabled in their firewall allowing the hackers to gain direct access
So you're saying that potentially their router had UPnP enabled and from there opened the port to the camera\security system?
(sorry for the noob-ish question, Never heard of that until google told me what it was.)
Yep tons of shitty consumer stuff does that
but for why?
Because they are there to sell shitty consumer cameras "accessible from anywhere in the world".
Via an RTSP feed directly from the device. . .
which also means that anyone with half a brain incyber security can get into your cameras just as well. ...
Don't even need that much. The feed is literally just sitting out on the open internet waiting for anyone to go to a self hosted webpage to view.
Exactly. Its' like a billboard, but on a back road. Public, but not in your face.
What would the use of UPnP be then?
Where would that come into play?shitty consumer gear where the goal is to sell "easy to use equipment".
So basically it's a protocol ( I use Loosely) for selling equipment? Sounds absurd.
Yes, that is what it is. No, it is not absurd itself. What is absurd is that consumers bought things because of it. It's logical that companies sold people what they wanted. that they wanted something so dumb is the absurd part.
-
@scottalanmiller said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@scottalanmiller said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
The homeowner could have also had UPNP enabled in their firewall allowing the hackers to gain direct access
So you're saying that potentially their router had UPnP enabled and from there opened the port to the camera\security system?
(sorry for the noob-ish question, Never heard of that until google told me what it was.)
Yep tons of shitty consumer stuff does that
but for why?
Because they are there to sell shitty consumer cameras "accessible from anywhere in the world".
Via an RTSP feed directly from the device. . .
which also means that anyone with half a brain incyber security can get into your cameras just as well. ...
Don't even need that much. The feed is literally just sitting out on the open internet waiting for anyone to go to a self hosted webpage to view.
Exactly. Its' like a billboard, but on a back road. Public, but not in your face.
What would the use of UPnP be then?
Where would that come into play?shitty consumer gear where the goal is to sell "easy to use equipment".
So basically it's a protocol ( I use Loosely) for selling equipment? Sounds absurd.
Yes, that is what it is. No, it is not absurd itself. What is absurd is that consumers bought things because of it. It's logical that companies sold people what they wanted. that they wanted something so dumb is the absurd part.
You mentioned it being huge in the early 2000s before people had networked devices, so that would make more sense, Since I was only 4 in 2000 I wouldnt know that it had a "use" back then before things started advancing. I've only seen things from here.
-
/sigh.
-
@WrCombs said in Couples Nest Security Hacked:
@JaredBusch said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@DustinB3403 said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
@WrCombs said in Couples Nest Security Hacked:
@Dashrender said in Couples Nest Security Hacked:
The homeowner could have also had UPNP enabled in their firewall allowing the hackers to gain direct access
So you're saying that potentially their router had UPnP enabled and from there opened the port to the camera\security system?
(sorry for the noob-ish question, Never heard of that until google told me what it was.)
Yep tons of shitty consumer stuff does that
but for why?
Because they are there to sell shitty consumer cameras "accessible from anywhere in the world".
Via an RTSP feed directly from the device. . .
which also means that anyone with half a brain incyber security can get into your cameras just as well. ...
Edit
that's the most idiotic thing I've ever heard.They created a website to look for these items?
Shodan is a search engine. It does things a little differently, it starts with open ports on public facing ip addresses. Normally scans the whole of IPv4 every 2 days I think.
-
Crackers, not hackers bro.
Or whatever 1980s, early 90s jargon file stuff people tried to recapture from the media. I am a total green hat, I will be as black or white hat as you pay me to be and I've been paid well to do really mundane shit over the years and sometimes fun stuff.
-
@tonyshowoff said in Couples Nest Security Hacked:
Crackers, not hackers bro.
Or whatever 1980s, early 90s jargon file stuff people tried to recapture from the media. I am a total green hat, I will be as black or white hat as you pay me to be and I've been paid well to do really mundane shit over the years and sometimes fun stuff.
Rainbow hat
-
@scottalanmiller said in Couples Nest Security Hacked:
@tonyshowoff said in Couples Nest Security Hacked:
Crackers, not hackers bro.
Or whatever 1980s, early 90s jargon file stuff people tried to recapture from the media. I am a total green hat, I will be as black or white hat as you pay me to be and I've been paid well to do really mundane shit over the years and sometimes fun stuff.
Rainbow hat
Yeah and if you cross me it'll be a limp wristed rainbow apocalypse.
-
@tonyshowoff said in Couples Nest Security Hacked:
Crackers, not hackers bro.
Or whatever 1980s, early 90s jargon file stuff people tried to recapture from the media. I am a total green hat, I will be as black or white hat as you pay me to be and I've been paid well to do really mundane shit over the years and sometimes fun stuff.
HA I love it Green Hat cause Ill do what you pay me for
-
@WrCombs said in Couples Nest Security Hacked:
@tonyshowoff said in Couples Nest Security Hacked:
Crackers, not hackers bro.
Or whatever 1980s, early 90s jargon file stuff people tried to recapture from the media. I am a total green hat, I will be as black or white hat as you pay me to be and I've been paid well to do really mundane shit over the years and sometimes fun stuff.
HA I love it Green Hat cause Ill do what you pay me for
That's right, everything, everything you want -> mildly NSFW
-
@scottalanmiller said in Couples Nest Security Hacked:
@tonyshowoff said in Couples Nest Security Hacked:
Crackers, not hackers bro.
Or whatever 1980s, early 90s jargon file stuff people tried to recapture from the media. I am a total green hat, I will be as black or white hat as you pay me to be and I've been paid well to do really mundane shit over the years and sometimes fun stuff.
Rainbow hat
Stay away from my, almost rainbow, plaid fedora.
-
@JaredBusch said in Couples Nest Security Hacked:
@scottalanmiller said in Couples Nest Security Hacked:
@tonyshowoff said in Couples Nest Security Hacked:
Crackers, not hackers bro.
Or whatever 1980s, early 90s jargon file stuff people tried to recapture from the media. I am a total green hat, I will be as black or white hat as you pay me to be and I've been paid well to do really mundane shit over the years and sometimes fun stuff.
Rainbow hat
Stay away from my, almost rainbow, plaid fedora.
I'll recruit you yet.
