Thousands of private camera footages from bedrooms hacked, sold online - VnExpress International
Bedroom camera footage hacked, sold online - VnExpress International
LMAO don't put a fucking camera in your bedroom you dummies
Don't kink shame me! Gaping security violations get me all hot and bothered. Sometimes I check my bank account on public WiFi, just for the thrill.
Better: don't connect your cameras to the internet
OpenIPC looks worth testing
I'd assume fucking cameras are made specifically for the bedroom.
Counter-Argument: Each camera in a bedroom can be free entertainment for millions!
And don’t stay at hotels or airBnB or …. Well just don’t sleep.
Thank you for this comment.
Meanwhile, two comments down: "why do people have cameras in their bedroom?"
why the fuck would anyone put a camera in their bedroom, or bathroom?
Outside of people making porn, securing the entrances to a home should be sufficient, no need to video yourself sleeping.
They may have people working in their homes whom they do not fully trust - cleaners, maids, nannies etc.
Or children lol
I live in Vietnam. This is perhaps the most common reason for use of indoor cameras here. People buy random cheap Chinese security cameras on the internet and put them in their homes. They blindly trust these cameras, which leads to what you're seeing in this article.
Then don't hire them?
Oh geez what do I do?? I've got an Internet connected camera in my hand right now!
Tape over it, so you have a mechanical control over it.
How is the room relevant here? Is it not a grave invasion of privacy regardless in which room of the house it was? What even is your point, that if the camera had been in the living room instead... then what?
I know it's not 100% the same, but there's a website that gives you access to insecure webcams and has been for ages!
Obviously these aren't hacked as per the article
Ironic that the website itself is http.
Doesn't really matter too much, nothing on the website is password protected anyways
Damn, that website almost has some of everything.
I saw a building that looked like it was waiting to be boarded up. There were some streams with beautiful scenery. There was an official looking meeting room in Greece for, and I even found a stream of a train table!
Yet another reason why IoT crap sucks. You don't need to put everything on the internet. This one should be obvious.
The "S" in IOT is for "security".
People don't think about that. You have to register somewhere in order to use your $12.99 cam, install some app and are good to go.
How would a someone not interested in tech know that the footage data is stored on some online server and you are at the mercy of their itsec.
Which is why these companies that are marketing wifi and cloud-polling devices should be held responsible for the data breaches and regulated more rigorously.
It should be cost-prohibitive to design a smart device that sends data to a centralized server, but they do it because the upside value of having the data is so attractive. They shouldn't be allowed to hide behind a ToS agreement with mandatory arbitration when their security is inevitably breached.
The question isn't "how would someone know....?" the question is "do you know what a hacker does?".
With end to end encryption, and requiring manual key transfer (no key sync), this would not be an issue.
Why the fuck do people put security cameras in their bedrooms? It's so weird to me that people do this. Even if you think (or at least thought) that you were the only one with access to the footage, won't the presence of a camera make you feel like you're being watched? Are we not on camera enough as it is that we have to be on camera in the supposed privacy of our bedrooms? Imagine if you told George Orwell that people would willingly put cameras in their most personal and private spaces.
Some do it to potentially document accidents - I know some racial minorities in my country that say they are accused of child abuse and investigated at the drop of the hat if they bring their kid to the doctor and they have any kind of bruise. I heard of a Muslim woman who lost custody of her kid for 48 hours until she was able to produce CCTV footage of her child breaking his arm in a playground accident, and not due to some act of child abuse.
So,, having a cam that catches your kid experiencing an innocuous fall wherever it may be in the house is a good security measure, particularly if the justice system comes at you preloaded with bias.
it's funny the vnexpress would publish this. vietnamese people are obsessed with security cameras. they see them as a deterrent, or as a way to find the perpetrator later and get all your property back. they put them everywhere.
Hypothetically I want to secure my home with Cameras…
What’s the best way to do this? OSS preferably.
So, just an FYI, I bought Eufy cameras because I believed their marketing bullshit about being secure and end-to-end encrypted. About two months later they changed how they describe their security and quietly modified their privacy policy. Turns out they're not really end-to-end encrypted and it is possible to gain access to the streams sometimes.
My recommendation, after doing my research is not to buy anything that is able to be viewed remotely. Buy something that stores the video locally, in your home. If possible, buy and install wired cameras.
The most important thing is just to have cameras that are positioned to watch you in bed.
I'm just about to setup TP-link cameras connected to Frigate (NVR software) with a Coral TPU for offline object detection. This means I can block access to internet for the cameras and use a VPN home if I want to watch them.
Zoneminder and any IP camera you can afford.
If you setup wireless you would be best served using a VLAN
Onvif camera (It's the standard. Any camera that supports onvif will be plug and play). Block the cameras' Mac addresses at your router so they can't get out directly. Install zoneminder on Linux. If you need remote access follow all the guides to securing a Linux server that has ports open to the Internet. (Ssl, tailscale etc.)
Blueiris for Windows is great but it's not open source.
I use a old phone with IP cam on it, and only allowed local network access connected to my home assistant.
I can view it remotely via home assistant cloud, which is E2EE from instance to phone.
I presume Raspberry Pi Camera is also a great solution. And also I dont put any camera in bedroom or bathroom, because there is no reasonably accessible entrance there.
The first step is to set a strong password.
Not open but https://unify.com/en/
Link didn't work for me there was nowhere to actually buy the videos. Where is the correct link?
Sus af bruh wtf
Edit because im being down voted, i find it so insane that you guys are actively seeking out hacked ip cam footage from innocent people that's being leaked online.
There's tons of porn on the Internet, and no reason for you all to be trying to PAY SOMEONE for non-consensual sexual footage
They actually left watermarks with the telegram account on it in the pictures
footages
You're going to be upset when you fail the 4thbgrade.
No no foot fetish footage, "footages". They're calling out foot fetish enjoyers.
This is why you shouldn’t use cloud services for personal security, because the cloud is just someone else’s computer.
Also, quit putting unnecessary, Internet connected cameras indoors.
I seriously cannot fathom the amount of people that seem to want to put cameras up in their own bedrooms and just let them stream video constantly.
It has nothing to do with any serious home security, and everything to do with mindless consumerism. Hopefully it's a trend that will pass.
In general, cloud services have far better security than DIY systems. All of the hacked systems in this article are home based systems.
[citation needed] because that's not in the article. According to the article, attackers used automated scanning software, which strongly implies they brute-forced cameras connected to the Internet with default or weak credentials. That has nothing to do with whether or not the service is based in the cloud.
As a matter of fact, it's known that the leading cloud-based surveillance system, Ring, has been subject to employee abuse and user accounts have been widely compromised via credential stuffing. In fact, Amazon is currently facing a proposed order from the FTC over the fact that they allowed abuse by employees and more or less knew for years that their lax security practices were placing their customers in danger from cybercriminals. Hell, it's 2023 and all you have to do to pre-empt most credential stuffing attacks is enforce 2FA, and this was optional in a HOME SECURITY PRODUCT from a LEADING cloud provider. "In general cloud providers have better security" my ass.
Cloud based security only gets better when regulators force cloud providers to improve security, after cloud providers allow hackers to harm thousands to millions of customers.
I'm just gonna say it again: the cloud is just someone else's computer.
You can't connect home system that is never connected to internet, basically make home server and hook up cameras and don't ever connect that to internet
Where are you pulling this from? These aren't "DIY". DIY is when you roll your own remote network access (e.g. VPN, DDNS, port forwarding, etc) or FOSS software/hardware. I'd trust most DIY systems more than any cloud provider, because most DIY systems would be LAN only or VPN accessible. The QR code authentication mentioned in the article sounds like these are generic IP security cameras of stock firmware, that utilize a cloud server to enable remote viewing over the internet. Even reputable cloud services use the same method to connect or setup individual cams to their cloud.
That doesn't mean the exploits used are of no fault of the user — from the vendors authentication implementation, software, or hardware.
Maybe, but the difference is a lot more people are going to be looking to target the cloud provider than your home network. To say nothing of the fact that your videos on the cloud are subject to the terms and services that you agree to and those terms can be changed at any time. And also the fact that you can't guarantee that the stuff you delete off of that server is actually being deleted.
Blatantly false. Nowhere in the article does it say this.
Ok... But cloud services are centralized and have a lot more content to obtain, so that fundamentally makes them a more valuable target. This alone adds a level of relational security to maintaining a home backup of the information. Unless someone happens upon your home network and decides to hack it, or you download a file that sends up a flare, nobody is going to seek it out unless they know you have something specific they want.
You have a source for that?
Removed by Moderator — Modlog