Greg_Talyor wrote: ↑
Tue Sep 15, 2020 11:53 am
Is this practice wide spread?
As a lot of these backdoors aren't documented (security through obscurity) it's hard to know until they get exploited, or unless you worked at the company making them
For one camera, there was an unpublished URL (e.g. http://camera/video.cgi
etc. format) which lead to a page which would disgorge the settings of the camera (resolution, frame rate, current time/date, admin password, y'know, stuff like that!) -- and you didn't need to be logged in to do it. Bad.
For other cameras, there was a hard-wired undocumented admin account (in addition to the usual admin/root etc. that you can
change the password on) which was embedded and not changeable. Meaning, anyone with that knowledge could access the camera, nothing you could do would stop it.
A lot of these things are found by nosy people reverse engineering the binary firmware blob (which in many cases is made up of a bootloader, a filesystem blob of a cutdown Unix-like operating system, a filesystem blob of HTML/CSS and templates for the look-and-feel of the GUI) and working from there.
"binwalk" is a useful utility on firmware blobs, as is the ability to slice up a binary single file based on the output of "binwalk", and feed it to various decompressers (lzma, gzip, bzip ...) or "strings" to pick out readable stuff.
Best to keep the cameras firewalled from the internet, and trust your firewall isn't backdoored too.