IP Camera Strangeness or By Design?

So a while ago I bought some Pyle Branded IP Camera’s for my house. The idea was to have one to record the front of the house and the other the back. I finally got chance and set one up, connecting to my Wifi network and then using the iPhone application to see how it worked.

IMG_0157.PNG

Launching this app lets me add a new camera, this is done by it scanning the network you are connected to, finding it and then it connects using a secure default password of “000000“, no kidding, that secure.

I did this and registered my camera to test then put it away for a rainy day when I actually have time to configure them and put them up. I left my camera registered in the app for when I put it back on.

Now skip to where I am right now, the waiting room at the hospital waiting for my wife to come out of surgery. I happened to launch the Pyle IP Camera application by mistake and to my surprise it said my camera was online!! Physically impossible by the way as it is packed in a box!!

IMG_0158.PNG

Interesting as each camera is supposed to have a unique ID and Dynamic DNS associated to it, plus I was not on my Wifi at home, nor the hospital Wifi (never trust the hospital public internet) but on the AT&T LTE network????

So as you would expect I clicked the camera and to my surprise I see someone else’s home!!

IMG_0159-0.PNG

No idea who’s house that is, but seems to me they have it connected to the AT&T network somehow, or the camera Dynamic ID is the same as mine was, and they have not changed the super secure password for the camera from “000000“.

The issue does not stop there, from here I can look at the advanced settings and see the Wifi network name it is connected too.

IMG_0160.PNG

If I now go and click the Wifi name I am able to perform a scan from the camera for nearby Wifi networks.

IMG_0165.PNG

The ending results list is the following.

IMG_0164.PNG

So interesting design really, if the device has the same ID as yours then you can connect to it, based on the secure code not being changed. So I am no wondering what will happen when mine gets plugged back in during he window where it boots up and the super secure password has not been changed by me yet? Will someone else see my house all of a sudden. Isn’t it funny that even devices made for security can still have some weird security issues!!

Liam Cleary

I work as an Associate Director for Protiviti in Virginia. My main focus is to ensure that SharePoint can either natively or with minimal customization meet the business requirement securely. I am currently a SharePoint MVP focused on Architecture but also cross the boundary into Development and Security. I am often found at user groups, conferences speaking, offering advice, spending time in the community, teaching my kids how to code, raspberry PI programming, hacking the planet and sometimes building Lego robots.

You may also like...