The good guys over at Context Information Security have cracked Motorola's outdoor security camera just to point out how the Internet of Things is still a completely unsecure industry that needs serious work.
The camera that got cracked was the Motorola Focus 73, and not only did the researchers manage to get inside, but they also managed to obtain the home network’s Wi-Fi password, take full control of the camera’s movement and even redirect the video feed.
The exploit was fixed in the meantime, and the update to the firmware released without the end user having to do anything. So basically, if you have one of those cameras, there’s no need to panic, any more.
The sole process of cracking the camera was, according to the researchers, a piece of cake: “During set up, the private Wi-Fi security key is transmitted unencrypted over an open network, using only basic HTTP Authentication with username ‘camera’ and password ‘000000’, while a number of legacy webpages on the camera revealed that the device is based on the same hardware as a legacy baby monitor product,” the company said in a press release.
After some more investigation, the researchers managed to get root access to the camera. The root password was easy to crack as it was ‘123456’ – one of those passwords you should never set up. The home network’s Wi-Fi password was sitting there in plaintext, as well as factory wireless credentials for secure test networks.
What’s funny, is that the credentials for the developers’ Gmail, Dropbox and FTP accounts were also there. For the icing on the cake, the researchers managed to install their own firmware and it wasn’t checked for validity.