EXCLUSIVE Greek webcam (if) security expose citizens!

About 780 webcams were detected by the of SecNews and iGuru, in the Greek cyberspace, in which anyone can follow the daily life of thousands of Greek citizens!

Many have wondered how secure our cameras are at work or in our personal space, or how easy it would be for someone to gain access without their owners knowing it.webcam

Without wishing to scare our readers, the short answer to the question is:

It is extremely easy for anyone to access and control or watch your cameras!

From time to time, cases where unauthorized access to a webcam exposed private moments of innocent citizens have seen the light of the public, while the way of protecting its founder caused an impression in the camera and microphone of the personal computer!

THE RESEARCH

camera4

The question raised in the middle of summer in SecNews's technology and journalistic team was "How exposed are we in Greece to our security webcam?"

SecNews in working with iGuru, in the context of informing the community, conducted a deep 2 month-long journalistic research recording the entire Greek cyberspace in an effort to identify weaknesses. In the first part of our research (which we publish today) we focused on publicly exposed cameras.

The way the relevant information was collected and evaluated was:

  • initial scans of the Greek cyberspace (in all published IP addresses)
  • importing the data set into a database (MongoDB)
  • Optimized scanning exclusively of the active addresses of exposed webcam services [specific ports, specific URLs - specific users with full privileges]
  • Generate automated python code to use default Passwords and access to the found IP addresses
  • Create / configure relevant webapp to search for active + port ports depending on the exposed user's IP address.

webcam exposed

[Editors Note: The base we created is updated 3 times a week automated and is already being used for additional investigations of exposed servers and terminals, items that we will publish in the future]

It is worth mentioning that the process followed (beyond the programming side of the configuration) was particularly easy and can be done by ANY user of the internet with basic network knowledge and minimal programming.

This in itself makes the findings even more important and dangerous for the community as they do not need any specialized knowledge or hacking skills to get access to the webcam we mention and therefore everyone with minimal knowledge can watch exposed cameras !!

It is our delight that SecNews is working with its team friendly iGuru technology website, conducted for the first time a pan-Hellenic Independent Insecurity Detection Research (the first and only one that has been done in Greece on a massive scale, accurately and at such a level).

the findings

room

The totality of the findings created particular concern among of SecNews who organized the relevant investigation. The most worrying fact that emerges is the fact that the vast majority (96%) of camera owners are unaware that they are exposed or that anyone can monitor their stores or companies. Specifically:

  1. All of the findings are about incorrectly configured webcam webcams.
  2. A large part of the research has identified incorrectly parameterized AVTECH cameras. It is not due to a failure of the camera itself, but to installers who did not change the default Access Passwords.
  3. Installers or companies that have installed closed circuits and carry the COMPLETE LIABILITY have left online access enabled AND with admin / admin default admin. Certainly we will have to look for responsibilities from the owners of these devices.
  4. Therefore, anyone who knows the IP address and the admin / admin port has full access to closed circuit TVs with the ability to change settings, even changing the camera's PTZ look-alike!
  5. In addition, as we have seen, in many of the cases the cameras are placed above the cash registers of shops, hotels or employees in such a position that it allows the PIN input code of customer cards and even passwords to business or

The Greek Webcam Exposed

It would be risky to make public the full list of webcams with IP addresses we have. In case we chose to make the IP addresses public, there was the fear that they would be used by users, without the knowledge of the owners of the cameras, for a variety of purposes as well as monitoring citizens. Following meetings with the SecNews technology team, we chose to publish via a custom made application.

greekwebcam

Practically this means that whoever wants it can enter the IP address (shown at the top of the web application) or another IP address and find out if it is exposed to make a prompt fix or to notify competently.

Certainly it would be best to immediately contact AVTECH cameras with their installers and find their IP address in our application to conduct proper customization.

Our application can be found here [here].

We would advise you to share the share https://iguru.gr/check-camera/ and your friends and acquaintances directly to check their exposure to the risk.

Respective mass searches / investigations by SecNews, not only for webcam but also for other weaknesses involving servers and networking devices and may lead to interceptions or leaks, will continue to inform and protect the community and Greek citizens.

We thank the iGuru.gr team for the technical participation and support during the of investigations.

https://iguru.gr/107235/webcam/

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).