SYS-CON MEDIA Authors: Elizabeth White, Yeshim Deniz, Pat Romanski, Liz McMillan, William Schmarzo

Blog Feed Post

My Home Was Hacked!

Kaskade Home Hacked

I can’t tell my wife about any of the details of our new home security cameras from NEST. I fear that she’ll learn about the level of security associated with all my digital home product choices, and literally shut me down before I perfect all my possible security measures.

Take a look at this live preschool webcam here. If you catch it at the right time, you’ll see the room full of kids playing. It doesn’t take much to use the latitude / longitude within a given radius to search a select number of day care and preschool locations. I  narrowed this webcam down to less than 5 possibilities. I suppose the good side of this is that anyone can check to make sure the staff is working hard to take care of our kids! The bad thing is that anyone has access to this day care in downtown Houston, TX. If you’re curious, take a look at the other 4400 unsecure webcams in the US by city on this site. If you’re real bored, you can use this IoT search engine, Shodan.io,  to find any unsecured device around the globe.

One can also direct their attack at a specific person. Webcam infections, like many other malware infections, can occur if you download a program that contains a Trojan. Trojans, unlike viruses, do not spread through replication. Instead, they’re hidden within programs that you install on purpose. When a webcam hack occurs, Trojan malware finds a way to activate cameras and control them without the owner’s knowledge. If you’re on a MAC, like I am, stare into the webcam on your monitor and ask yourself, “am I being watched?”. Just ask Miss Teen USA Cassidy Wolf about her compromised Apple laptop webcam.

There’s an old saying that we’re only as safe as the weakest link in the chain. That saying has real meaning with the Internet of Things, where one weak link (IPTV, smart coffee maker, etc.) can bring down a chain of connected devices…and/or your entire home network. Here’s a list of default usernames and passwords of a number of targeted devices, in case you’re ready to test your own home security.

Remember how easily Lakhani, security researcher at Fortinet, took control of a video camera? He said that gadget makers are partly to blame because they want to make their products as simple to set up as possible. That often means using default passwords like “admin” and encouraging users to log in to their devices through unsafe web accounts.

Here’s a list of the username and passwords of the most widely used webcams:

  • ACTi: admin/123456 or Admin/123456
  • Axis (traditional): root/pass,
  • Axis (new): requires password creation during first login
  • Cisco: No default password, requires creation during first login
  • Grandstream: admin/admin
  • IQinVision: root/system
  • Mobotix: admin/meinsm
  • Panasonic: admin/12345
  • Samsung Electronics: root/root or admin/4321
  • Samsung Techwin (old): admin/1111111
  • Samsung Techwin (new): admin/4321
  • Sony: admin/admin
  • TRENDnet: admin/admin
  • Toshiba: root/ikwd
  • Vivotek: root/<blank>
  • WebcamXP: admin/ <blank>

I include this list because, yes, I too was successful in hacking my neighbor’s webcam this weekend using one from this list. OMG!! In case you’re worried, here are a few precautions to keep your geeky neighbors off your home network.

Using your IoT device to hack into your home network

Fortinet researcher, Axelle Apvrille, found a Fitbit in her vicinity, and she used its Bluetooth connection to upload a small piece of unauthorized  software into the device. When the Fitbit was synched via Bluetooth up to a smart phone and/or laptop, the Fitbit sent software to the connecting device as it uploaded its data. Once this back door was created into their system, Axelle could can gain full access to the user’s machine. She demonstrated this simple method of using a consumer IoT device to gain access to your home system at a European computer security conference last year. It was the first time malware has been viably delivered to fitness trackers.

Using your IoT device as part of a Botnet

If you were anywhere near the internet in the US on Friday, October 21, you probably noticed a bunch of your favorite websites were down for much of the day. It’s all because thousands of IoT devices — DVRs and web-connected cameras — were hacked.

Once the hackers had control over these devices, they manipulated them into sending an overwhelming number of requests to a company that serves up the websites for Netflix, Google, Spotify and Twitter. When the traffic became too much to handle, the sites crashed. It was an old-school attack — often called a distributed denial of service attack, or DDoS — powered by the new web of devices called the internet of things.

To take over the cameras, hackers inserted Mirai, malicious software that lets bad guys use at least 100,000 devices as soldiers in its IoT army. The technical name for this IoT army is a botnet, and hackers have been making them out of computers for a very long time. Except this time they used internet of things – an even more powerful tool to carry out attacks. They used the botnet to send tons and tons of junk requests to Dyn, a company that manages web traffic for all the websites that were affected.

Integrity of Things?

The European Commission is now drafting new cybersecurity requirements to beef up security around so-called Internet of Things (IoT) devices such as Web-connected security cameras, routers and digital video recorders (DVRs). News of the expected proposal comes as security firms are warning that a great many IoT devices are equipped with little or no security protections.

The Wall Street Journal didn’t help my digital home efforts with my wife when they highlighted all my devices as security threats.

Arggg. We need a way to ensure the integrity of our IoT devices before my home is hacked!

Read the original blog entry...

More Stories By Jim Kaskade

Jim Kaskade currently leads Janrain, the category creator of Consumer Identity & Access Management (CIAM). We believe that your identity is the most important thing you own, and that your identity should not only be easy to use, but it should be safe to use when accessing your digital world. Janrain is an Identity Cloud servicing Global 3000 enterprises providing a consistent, seamless, and safe experience for end-users when they access their digital applications (web, mobile, or IoT).

Prior to Janrain, Jim was the VP & GM of Digital Applications at CSC. This line of business was over $1B in commercial revenue, including both consulting and delivery organizations and is focused on serving Fortune 1000 companies in the United States, Canada, Mexico, Peru, Chile, Argentina, and Brazil. Prior to this, Jim was the VP & GM of Big Data & Analytics at CSC. In his role, he led the fastest growing business at CSC, overseeing the development and implementation of innovative offerings that help clients convert data into revenue. Jim was also the CEO of Infochimps; Entrepreneur-in-Residence at PARC, a Xerox company; SVP, General Manager and Chief of Cloud at SIOS Technology; CEO at StackIQ; CEO of Eyespot; CEO of Integral Semi; and CEO of INCEP Technologies. Jim started his career at Teradata where he spent ten years in enterprise data warehousing, analytical applications, and business intelligence services designed to maximize the intrinsic value of data, servicing fortune 1000 companies in telecom, retail, and financial markets.

Latest Stories
Nutanix has been named "Platinum Sponsor" of CloudEXPO | DevOpsSUMMIT | DXWorldEXPO New York, which will take place November 12-13, 2018 in New York City. Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The Nutanix Enterprise Cloud Platform blends web-scale engineering and consumer-grade design to natively converge server, storage, virtualization and networking into a resilient, software-defined solution with rich machine ...
Intel is an American multinational corporation and technology company headquartered in Santa Clara, California, in the Silicon Valley. It is the world's second largest and second highest valued semiconductor chip maker based on revenue after being overtaken by Samsung, and is the inventor of the x86 series of microprocessors, the processors found in most personal computers (PCs). Intel supplies processors for computer system manufacturers such as Apple, Lenovo, HP, and Dell. Intel also manufactu...
Digital transformation is about embracing digital technologies into a company's culture to better connect with its customers, automate processes, create better tools, enter new markets, etc. Such a transformation requires continuous orchestration across teams and an environment based on open collaboration and daily experiments. In his session at 21st Cloud Expo, Alex Casalboni, Technical (Cloud) Evangelist at Cloud Academy, explored and discussed the most urgent unsolved challenges to achieve fu...
Wasabi is the hot cloud storage company delivering low-cost, fast, and reliable cloud storage. Wasabi is 80% cheaper and 6x faster than Amazon S3, with 100% data immutability protection and no data egress fees. Created by Carbonite co-founders and cloud storage pioneers David Friend and Jeff Flowers, Wasabi is on a mission to commoditize the storage industry. Wasabi is a privately held company based in Boston, MA. Follow and connect with Wasabi on Twitter, Facebook, Instagram and the Wasabi blog...
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
The dream is universal: heuristic driven, global business operations without interruption so that nobody has to wake up at 4am to solve a problem. Building upon Nutanix Acropolis software defined storage, virtualization, and networking platform, Mark will demonstrate business lifecycle automation with freedom of choice and consumption models. Hybrid cloud applications and operations are controllable by the Nutanix Prism control plane with Calm automation, which can weave together the following: ...
Inzata is a powerful, revolutionary data analytics platform for integrating, exploring, and analyzing data of any kind, from any source, at massive scale. Powerful AI-assisted Modeling and a patented analytics engine help users quickly load, blend and model raw and unstructured data into powerful enterprise data models, actionable real-time analytics and engaging visualizations. Go beyond spreadsheets and slides and compose a powerful narrative about how your business is performing, and how y...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the most comprehensive program and with 222 rockstar speakers throughout our industry presenting 22 Keynotes and General Sessions, 250 Breakout Sessions along 10 Tracks, as well as our signature Power Panels. Our Expo Floor will bring together the leading global 200 companies throughout the world of Cloud Computing, DevOps, IoT, Smart Cities, FinTech, Digital Transformation, and all they entail. As ...
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine where she evaluated and tested application-focused technologies including app secu...
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
Only Adobe gives everyone - from emerging artists to global brands - everything they need to design and deliver exceptional digital experiences. Adobe Systems Incorporated develops, markets, and supports computer software products and technologies. The Company's products allow users to express and use information across all print and electronic media. The Company's Digital Media segment provides tools and solutions that enable individuals, small and medium businesses and enterprises to cre...
In today's always-on world, customer expectations have changed. Competitive differentiation is delivered through rapid software innovations, the ability to respond to issues quickly and by releasing high-quality code with minimal interruptions. DevOps isn't some far off goal; it's methodologies and practices are a response to this demand. The demand to go faster. The demand for more uptime. The demand to innovate. In this keynote, we will cover the Nutanix Developer Stack. Built from the foundat...
Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes. We are offering early bird savings...
Daniel Jones is CTO of EngineerBetter, helping enterprises deliver value faster. Previously he was an IT consultant, indie video games developer, head of web development in the finance sector, and an award-winning martial artist. Continuous Delivery makes it possible to exploit findings of cognitive psychology and neuroscience to increase the productivity and happiness of our teams.
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the most comprehensive program and with 222 rockstar speakers throughout our industry presenting 22 Keynotes and General Sessions, 250 Breakout Sessions along 10 Tracks, as well as our signature Power Panels. Our Expo Floor will bring together the leading global 200 companies throughout the world of Cloud Computing, DevOps, IoT, Smart Cities, FinTech, Digital Transformation, and all they entail.