Hack a webcam with a smartphone

Hack a webcam with a smartphone

Recently I was on vacation with my girlfriend. One night I couldn?t sleep so I decided to play around with the hotel WiFi, armed of my phone only.

As first thing, I tried to reach the router, so I opened my web browser and typed 192.168.1.1 without knowing the class of my IP. Surprisingly it worked and I was in front of the webpage of a modem/router owned by a bigger Italian operator, that asked me to insert username and passwords. ?No segregation ah, ok..?. So I typed admin:admin and voil, I was in. It was too easy.

Then I remembered the webcam at the front desk in the hall and I asked myself ?How cool would it be if I could reach and take that webcam?!?.

Image for post

So, instead of searching through all the connected devices and ports, I decided to use an app to view the streams of the webcams that automatically finds all the webcams connected to a network.

Image for post

The webcam was a Netwave and was reachable at the address 192.168.1.99.

Typed the address into the browser and it asked for username and password. This time admin:admin didn?t worked.

I decided to try the credentials used by ?hackers? to build up the (in)famous Mirai Botnet aaand? nothing. No luck this time.

So, I searched on Google and I found that the model of this webcam suffered of memory leak, here the exploit. Great! But, how could I use it from my smartphone?

Examining the exploit code, I found that essentially I only needed to make a GET and strings the output for post examination. The password should have been around the 10000th line. So I looked for a good terminal emulator for Android and I found Termux (if you don?t already use it, check it out because is really awesome!), then I typed

wget http://192.168.1.99//proc/kcore | strings | nano

Checking the memory leak I couldn?t find the password, so I searched for the word ?admin?, because I thought that the admin is the default user and the password is usually near the username and, lucky me, it was like I guessed!

Image for post

As you can see above, the password was sandokan.

I played a little bit with the webcam. Here is the webcam reflected in the windows of the hall.

Image for post

The next morning I warned the staff of the hotel about the problems 🙂

Image for post

No Responses

Write a response