If you have an IP camera someone could be watching you.
One thing I learned from my SWE30011 IoT Programming unit in is that IoT devices are naturally vulnerable to threats. My IP camera on the software needs an account to access via app. I got curious if maybe this camera has some vulnerabilities. So I grabbed my laptop, did a quick security auditing and I got a port state lists. One of the ports is 554 which is the default port for RTSP..
1 | |
RTSP is a protocol used for video and audio streams and it should be closed or require authentication to access. After a little bit of research, I came across an article from SportRadar here which has a list of streaming channel url that I could try. I used ffmpeg’s ffplay to try and stream each one of the links and one of them worked.
1 | |
and I was able to stream the live video feed from the ip camera.
Conclusion
Why is it left open and unprotected? Most likely it’s because of bad system engineering and cost cutting.
Couple solutions that I have in my mind to protect my privacy:
- One is to create a virtual router and only connect the ip camera to it. While this is not the best solution but it is the easiest and much practical solution I know.
- Second is just replace the camera and get a reputable ip camera brand.