IP Camera Strangeness or By Design?

So a while ago I bought some Pyle Branded IP Camera’s for my house. The idea was to have one to record the front of the house and the other the back. I finally got chance and set one up, connecting to my Wifi network and then using the iPhone application to see how it worked.

IMG_0157.PNG

Launching this app lets me add a new camera, this is done by it scanning the network you are connected to, finding it and then it connects using a secure default password of “000000“, no kidding, that secure.

I did this and registered my camera to test then put it away for a rainy day when I actually have time to configure them and put them up. I left my camera registered in the app for when I put it back on.

Now skip to where I am right now, the waiting room at the hospital waiting for my wife to come out of surgery. I happened to launch the Pyle IP Camera application by mistake and to my surprise it said my camera was online!! Physically impossible by the way as it is packed in a box!!

IMG_0158.PNG

Interesting as each camera is supposed to have a unique ID and Dynamic DNS associated to it, plus I was not on my Wifi at home, nor the hospital Wifi (never trust the hospital public internet) but on the AT&T LTE network????

So as you would expect I clicked the camera and to my surprise I see someone else’s home!!

IMG_0159-0.PNG

No idea who’s house that is, but seems to me they have it connected to the AT&T network somehow, or the camera Dynamic ID is the same as mine was, and they have not changed the super secure password for the camera from “000000“.

The issue does not stop there, from here I can look at the advanced settings and see the Wifi network name it is connected too.

IMG_0160.PNG

If I now go and click the Wifi name I am able to perform a scan from the camera for nearby Wifi networks.

IMG_0165.PNG

The ending results list is the following.

IMG_0164.PNG

So interesting design really, if the device has the same ID as yours then you can connect to it, based on the secure code not being changed. So I am no wondering what will happen when mine gets plugged back in during he window where it boots up and the super secure password has not been changed by me yet? Will someone else see my house all of a sudden. Isn’t it funny that even devices made for security can still have some weird security issues!!

Liam Cleary

Liam began his career as a Trainer of all things computer related. He quickly realized that programming, breaking, and hacking was a lot more fun. He spent the next few years working within core infrastructure and security services until he found SharePoint. He is the founder and owner of SharePlicity, a consulting company that focuses on all areas of Technology. His role within SharePlicity is to help organizations implement technology that will enhance internal and external collaboration, document and records management, automate business processes and of course security controls and protection. Liam also serves as the Product Owner for Security at Rencore, where he is helping to develop offerings that help organizations further understand and mitigate security and compliance risks, within SharePoint and Office 365 customizations. His core focus will is to identify, control and protect whether they are full-fledged customizations or out-of-the-box Office 365 functionality. He is also a twelve-time Microsoft MVP focusing on Architecture but also crosses the boundary into Development. His specialty over the past few years has been security in SharePoint and its surrounding platforms. He can often be found at user groups or conferences speaking, offering advice, spending time in the community, teaching his kids how to code, raspberry PI programming, hacking the planet or building Lego robots.

You may also like...