Re: knock, knock.
I had a basic tilt and turn IP camera. A VGA quality service with a MIPS processor.
It was running a cut down version of Linux with some extra blobs to provide the functionality. One of those bits was the Go-ahead server.
Turns out that it had a CRITICAL flaw. If you sent an HTTP request and omitted the initial /, it would send the information requested completely ignoring and password controls. So it was entirely possible to throw together some BASIC on my Pi to extract the configuration file (which was saved in the same place as the UI web pages, thus accessible). This gives you the login passwords and the passwords for the AP and any email or FTP services used. Plus it means you can log in and push your own firmware upgrade to the device.
Okay, granted, these hacks are specific to this type of device (it and all the other branded clones). But if this is an idea of the level of security in the domestic IoT arena, well, I would not be surprised if the world wasn't rife with shitty easily hacked bits of cheap Chinese tech.
I contacted the company asking for the source code. Never heard back, though to be fair I think their entire involvement with the device was sticking their label on the front...
And, yes, uPNP and WPS are disabled around these parts. Anything else is crazy.
Biting the hand that feeds IT
