Hacking security camera with an old smart bulb
HTML-код
- Опубликовано: 21 авг 2024
- TheTechieGuy hacked a real security camera just with a bulb that was thrown away! You may think it's not possible but watch this video, and you''ll find out how much information a smart bulb can contain. (P.S That much that it can hack you)
Watch the full video: • Don't use security cam...
#securitycamera #Hack #Sumsub #Shorts
Sumsub - empowering compliance and anti-fraud teams to fight money laundering, terrorist financing, and online fraud.
More about us:
sumsub.com
/ sumsubcom
/ sumsubcom
/ admin
Watch the full version of this cool experiment: ruclips.net/video/5Zcv4-HP0do/видео.html
❤❤❤
So he bought a programmer, desoldered memory chip. Looked all over for the necessary data... Not an easy job.
The link doesn’t work though 😂
This is actually kinda clever
bro thinks hes arthur morgan
Bro plzz .. I just followed you 2 days ago..now I'm in trauma 💀
don’t worry about it, it’s super unlikely.
That's why you should be careful when you throw away something. Criminals love dumpster diving.
@@jimmy3797 no.
Better yet don't put any cameras inside your house whatsoever. Don't use any smart bulbs. Don't use any Amazon echoes.
Cameras yes. But localized.....no connection via internet
@@apfelfreund6859 Unless it's a hard wired camera it's hackable.
@@apfelfreund6859 so when they break in and steal your cameras where are your cloud saves of the break-in?
@@tinostarks in my virtual machine, that uploads it on the cloud :)
This is the same reason why we never use smart security devices in our home, because they’re so weak and easy to hack.
For this to work it has to be a perfect storm. You have to go thru their trash for years until one of those bulbs go bad. It's easier to drive up and down the street with a garage door modulator and see what opens and then break in.
you could also sit nearby, wait for someone's device to connect 99 the wifi, and sniff out the credentials
@@Bomkzdamn we're all fucked
@@greatestone4eva I'd advice you not to really worry about it tbh.
You really shouldn't worry about it unless you make yourself a target.
i.e. are a politician with access to juicy data, or have a lot of money or generally a person of interest that would make somebody want to take time out of their day to hack your stuff.
you're pretty likely not even close to being remotely worth it, mean that in a non offensive way.
I don’t understand what the smart bulb has to do with hacking the wifi
@@haroldgar12 For the Smart Bulb to work properly (ie be a smart Bulb),
The bulb needs to connect to the home Wi-Fi, thus it needs the store the Wi-Fi credentials within the bulbs onboard chips.
By taken the bulb and then recovering the Wi-Fi credentials the attacker can then uses those stolen credentials to connect to the persons Wi-Fi network, and then scan any other device(s) on the home network for vulnerabilities, then the attacker can attempt to exploit those vulnerabilities and gain access to those devices.
I struggle to even log into my ring doorbell
This is why we can't have nice things.
Who the hell dispose of electronics in a trashcan, it must be disposed of in electronic waste
Secured eWaste now it seems, as even a mundane light bulb can contain secure credentials and passwords.
agree on the principle, but that actually makes the exploit easier. Now you know where to find loads of bulbs. And they will also tell you the SSID and google happens to have a geographic map saying where that ssid is.
Unfortunately I suspect most people do.
This implies that anyone within the company, who also knew the WiFi password, could also run a port scan and access the cameras.
Good grief, there are a lot of rotten, incompetent IT people out there. 🤦♂️
May I assume you are not in I.T? There is no need for the WiFi password to do a port scan. :)
You can port scan the WAN or plug into the network, both of which require no WiFi PW.
This is why ACL / whitelisting of Mac addresses is essential. Nothing is bullet proof. Best you can do is educate yourself, monitor your network, segment the network and never assume that you can't be a victim.
Also, many internet facing devices are running out of date firmware which often opens them to existing or zero-day CVE's.
Even a disgusted TV, old phone etc etc can be used to get a Mac address, that can then be cloned to try access the network. Assuming that the Mac address is toll in the whitelist :)
@@zadekeys2194Not all devices are forwarded to WAN though, so unless they are made publicly available, you will still need access to the internal network. Which is what i believe was done here, the camera was only internally accessible.
Underpaid not incompetent
@@wraithfvcker correct, not all devices are forwarded to the wan. A vulnerable router is all you need to find, and then a bit of patience to exploit it and hopefully gain access to the device or Lan.
the song of Deus Ex was playing in my mind while the hack was ongoing XD.
That smart bulb got its revenge for getting thrown out LOL 😂😂
people you waste money on smart bulbs deserve what comes to them.
You dont put a bulb in the garbage in the first place, especially not a smart bulb...
This should be illigal, companies have a duty of care, this is a huge failure
I don't consider finding a smart light bulb in the thrash as "easy"
Given enough time on the market, "smart home" devices become a low hanging fruit.
guy was cheking garbage for 1year, waiting for broken smart bulb, 😂😂😂
Good luck. Coming across a light bulb is sometimes trash is not going to be something you will often come across. Same with the whole "reset your printer's wifi info before you sell it". The chances of someone who buys your old printer also finding your home address is very unlikely. Not to mention, that buyer would also have to be a hacker
not all 2nd hand printer buyers are hackers, but all hackers are 2nd hand printer buyers ;)
The first time I heard a bunch of engineers going orgasmic (as disgusting as it sounds) about the Coming of the Internet of Things I was rightly terrified and I wondered that no one was concerned about the loss of privacy and personal security.
"On another episode of Let's Teach Criminals"
behold the wonders of the modern smart home.
ill keep my wired cameras and dumb thermostat... my microwave doesn't need an update...
I don't get it, why is their password stored on a lightbulb? Also, how did he access the camera with just the ip? I have a security camera as well but you need to be on the same wifi to access it.
He hacked the wifi bro and then learnt what software is used in the cctv camera he then googled for any already existing exploit and then used it to view the camera
Smart devices have memory and storage so the smart lightbulb still had wifi credentials on a chip. Once they grabbed the password from the lightbulb they could log onto the network. That’s when they scanned, found the camera IPs on the same wifi, and could then see how they could go about accessing them
Ah, this makes a lot more sense now. Thanks!
The crucial problem here is that the camera has default credentials, and this could cause trouble. Powerful search engine as Shodan can track camera in the world and if you don't have at least a strong password could be a problem ☠️
@@s_l_v_m_r Yes and no. By default (generally at least) routers won’t port forward. So your cameras aren’t accessible outside your private network in most cases. If you or someone gets into your network and changes the configuration yeah it’s definitely a major security issue that’s discoverable in Shodan. All default credentials that can be changed should. Ideally to secure passwords.
Saying "aaannnd done" does not do all the hackinbg for you lol
I used shodan for a bit and found some open cameras aswell. Pretty fun to make an alarm go off and see the owners react
The hardest part is getting on their network. Do you think he wore gloves when he went through their garbage?
5 seconds in the microwave should fix the smart lightbulb
There's no such thing as a strong password. The dude who suggested it wrote a whole book explaining why it's pointless.
Basically you need to be a hacker.
By the way, we have reasonably secure microcontrollers now. There should be no excuse for a Wi-Fi password to be extractable from discarded devices without the owner's credentials.
And this is why my cameras are wired and locally stored. 😂😂😂
How "easy" it is. Thats a lot of work for no potential payoff.
Thanks for sharing. The full video goes into more details for all the keyboard warriors 😂
back in my day, we called it dumpster diving.
One of the reasons I don't use 'smart' devices. My phone is to much enough already, no need to have everything else from my life being stored by something somewhere.
If you throw away a digital chip that has had your info on it without turning it to dust first your at risk, may only be small or near zero for some of us but its still possible to do
And that's why you don't need smartbulbs, smart coffeemaker, smarttoiletbrush or any other "totally fine but we can charge you double and make it worse by making it smart-product"
There are ways to do this in half the time it takes to get a bulb out of the garbage.
Him: I DONT LIKE THIS SMART BULB
Me: Give me I use it
Him: ok
Me in mind: Hehehehehe I will hack my neighborhood WiFi
If they have to tell you its "smart" it isn't.
its easier then that you'll be surprised how many public wifi networks have default camera passwords
Research this online.."can LED lightbulbs collect and transmit data ?"
basement dwellers at work. There should call him stalky
Moral of the story wired cameras are better. Never use wifi security cameras
No need to steal the light bulb, with an external antenna and a phone with nethunter you can just grab credentials off nearby devices
Passive monitoring vs active intent... ones legal, the other is federal issue.
This is why I take everything apart to see if it's a simple fix so it can be repaired, but if not. Then I stick the PCB in the microwave for 10sec, even though 5 is more than good enough.
there’s no water in electronics, would that even work
what??? im so confused
does microwaving a pcb for 10 seconds really render it useless?
imo 5-8s seems to be the balance ⚖️ between fire risk and data erasure
@@sushai1742yeah kinda (it fries the components) can be still repaired though if no important part was damaged, best bet is to completely crush it with a hammer and then throw it in the microwave.
Hey.
Guys...
Tfs a PCB please..?
Connecting to anyones network no matter how secure or open is illegal.
ya i'll be sure to look out for people who seem to want to go through my garbage next time im throwing out a dead smart device, that one time per 365 days 😂
Just create an IOT zone where nothing else lives and has no access to your internal network. Job done. C'ya.
To say it's easy to hack someone is relative. It's not like anyone could just do it then and there. Regardless, it's better to be aware Abt. these things.
Let’s not forget about Brandon Jackson who in (June?) 2023 was locked out of his Amazon devices because Amazon thought he was racist.
Now we have to grind the numbers off of the bulbs we throw out.
I want to live to be 200 just to see where we go.
New excuse for sticking bulb where sun doesn't shine
From a company attack, I could see this. From a personal attack...unlikely any normal criminal has the means...I guess its possible but so is becoming a millionare.
That's why i never go for exchange offers 😕 just keep my phones in a box in some corners or break other stuff before giving them out
This is why you use closed network cameras 😂
well he was able to login into their wifi and scan the whole net with nmap. In this scenario closed network doesn't help
Reaver is the easiest way to get into a network you just need a good directional arial and the network to have wps enabled.
Even if you can somehow access the wifi network using the bulb which is already a big fail it's kind of even more fail that anybody having access to the wifi network would be able to log into the camera system.
And this is why my wifi uses a manually added device white-list, and all cameras are hardwired.
It is not if you will be hacked, it is are you worth protecting?
I threw away that bulb to follow the person that stole it by implanting a tracker and malware to allow me to connect to anyone that tries this.
What a bright 💡 idea 😂
smart bulb? why do you need that?
Easy when you know how, just like anything
So it's not old bulb, lol
this is why YOU NEVER Connect your phone to a free wifi its not secure and once you do anyone on that network has access to your device!
Heck yeah. Nice dumpster dive breach.
One question: why is he scavenging someone else' garbage
🤘HACK THE PLANET 😂
Thank god we are storing login tokens in light bulbs. Where would be in the world right now without that?
is that a smart bulb though? looks like a regular LED bulb.
It is a basic light bulb by ecosmart. The stuff shown is just the typical power use, lumens, colour temp, etc.
Bro I did kinda similar to this.. so my school had this projectors for the lesson and stuff so when I scanned the network with nmap and angry ip scanner I found every projector on the network, after I pasted the IP of one of them I got the sign in page, and can you believe it it had the default credentials that I got from the manual that is open source, and at the end I could project my things or change the setting of them also freez and unfreeze the screen(but I've never done it because I didn't want to get in trouble)
Why would the smart bulb bought at a random retail store contain info like a hardwired IP address, SSID, BSSID, MAC address of the person who eventually bought it after the bulb was discarded? Oh, I see you have a video. Let me watch it and maybe that answers my Q
trash light bulb yes, an in use device that isnt yours...NO. just dont.
Why can't I get one decent recommendation?
A fucking smart bulb ?!?!😂
Bulbs got a network 😅
Nice! Good pwning, love seeing it. I hope he informed them about the vulnerability
Checks for house key under flower pot
oh shit. does this mean the smart bulbs i’ve returned to the store?
Yes, every time, unless you ask for clarification on the process to validate weather or not.
Always change username and password of routers and other wifi enabled devices you bring into your home for this reason.
Microwave everything.
damn, all cuz their lightbulbs connect to the internet... that's so crazy...🙄
Use Access Control Lists or Blacklist the Mac address when you throw away a network device.
Just told my grandma to do that. Solved all of her problems and she knew what a Mac address is.
@@jessewilliams6459 your Grandma is a true G. G is also for Google ;)
Yeah all those first steps were pretty unnecessary if it’s a simple IOT camera there’s a bunch of websites you can just go and view them like the one in the last clip.
That's why I remove the insides of things like these before I throw them away. And typically keep the logic board.
Alternatively just click the factory reset button.
That isn’t a smart bulb. I’m assuming you just used a random video of a LED bulb though
Wait, you said this was easy? Don't know if that's an insult to all other normal people without that knowledge, or it's just bragging
Reminds me of the movie “the net”. As a pro one can only laugh about it.
Real life watch dogs
That's how easy it is if you have a shit router and you throw away smart devices without any care in the world.
So he's telling everyone how to do it. Smh
Well, if it's "that easy" I might as well just put my wifi password on a framed card iny living room.
Omg the smartbulb thats brilliant
You can simple use google to control web cams
Good thing my tech is dumb
A smart bulb has information? How?
Remember to smash the chip
No info about electricity yet....? Not yet....
I stopped using any thing that has a smart name before device.
If use something called smart devices before throwing away Fully destroyed first.
🧐 hmmm.. got some free bulbs from random people.. ok got it, burned at the utilisation barrel. 🙄
Tank for the tutorial..god bless you