Peer-to-peer takes on a whole new meaning when used to spy on 3.7 million or more cameras, other IoT gear More than 3.7 million. That's the latest number of surveillance cameras, baby monitors, doorbells with webcams, and other internet-connected devices found left open to hijackers via two insecure communications protocols globally, we're told. This is up from estimates of a couple of million last year. The protocols are CS2 …
The worst thing about this tech is that it can't be turned off in some devices. But even if it can be turned off, you will be disabling a crucial bit of functionality of the device which will render it close to useless: what's the point of a cctv camera if you can't check the video feed?
The first time I installed an IP camera for a friend some 10+ years ago and was trying to work out what ports to forward in the router only to hear my friend saying "it works!" before I even did anything, I was both shocked that the firewall was bypassed and disappointed that my skills weren't in fact needed.
"The equipment contacts central servers to announce they're powered up, and they stay connected by sending heartbeat messages to the servers. These cloud-hosted servers thus know which IP addresses the gadgets are using, and stay in constant touch with the devices."
To me that sounds like the exact opposite of a P2P system, but rather a bog standard "client/server" architecture. Or I am missing something?
As for IoT and security, that topic has been beaten to death on here and other tech sites. I guess we just get to watch the slow motion train wreck.
There have been some improvements in the space, however as long as there is no liability from the manufacturer, what will happen when a model is compromised, is the manufacturer will wash their hands of the whole thing and just tell people to chuck them and buy newer models, which many will be loathe to do, especially as the old kit is "working" for them.
Yes, some will replace them due to being security sensitive, but even then, the vulnerable models usually just end up on ebay or equivalent to be bought by the budget conscious, meaning the problem won't go away. Most of these devicies will just sit there and be a botnet in waiting.
Icon, as its the only way to be sure this ceases to be a problem :-P
Er, well, even classic P2P networks have a pool of central systems that you connect to initially to find other clients. This is just like that.
The P2P nature comes into play when machines relay connections between each other, and when endpoints talk to each other directly. See the talk for details (it's also covered later on in our article.)
C.
I am surprised that less than 10% are affected.
It still begs the question as to why so many people feel the need to buy and setup this junk. So I can have a camera on my doorbell so that when someone rings it you can see who it is. I can do the same with a peephole. If I am not in then what difference does it make? If it was a parcel delivery Pre-Covid then they would either leave a card and take it away, leave it with a neighbour or lob it over the nearest fence depending on the company. At the moment due to Covid everything is "contactless" which means ring the bell if you are luck and dump the parcel or just dump it.
If you really need a security camera to see what is happening at the door then why does it have to be connected to the Internet?
You can see who it is from the other end of your garden / in bed without visiting the front door. And you can answer the doorbell when out which is a major security benefit as you can say you cant come to the door right now if its "lucky heather sellers". Also can leave instructions for couriers / deliveries, etc that might otherwise have to be rescheduled. And you can set it to record video from movement and act as a CCTV system.
But a major downside is that if it cannot establish a link with a server halfway around the World, you can be sat in your living room without knowing that someone is pressing your doorbell. And at certain times of the day, the caller may well have given up and left between the time of pressing the doorbell and the time the system takes to notify you that it had been pressed.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
