this post was submitted on 18 Dec 2023
480 points (97.4% liked)

Technology

60083 readers
4322 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (4 children)

Bro, if I find any ingress point onto your network, I can connect to your networked cams.

Little brother downloads a Trojanised pirate copy of a game? I can connect to your cams via your lil bro's computer.

Not patched your stuff and there was a drive-by-download and RCE exploit? I can do it through your computer.

Your firewalls are important but they aren't impenetrable.

[–] asbestos 20 points 1 year ago (1 children)

Yeah, but you’d pretty much need to target the person so these blanket hacks where a bunch of cameras are exposed aren’t really possible

[–] [email protected] 9 points 1 year ago (1 children)

Seperate network that's physically not connected to a network which connects to the internet or cameras with local storage.

You can't hack into the wildlife camera in my backgarden. It doesn't even have wifi, just an SD card.

Of course, that's less useful if you want to check up on your house when you're away.

[–] bruhduh 10 points 1 year ago

That's what I've been trying to say, thank you for backing me up

[–] jackoneill 7 points 1 year ago (1 children)
[–] [email protected] 3 points 1 year ago (1 children)
  1. not a common feature of home networks

  2. If the compromised machine has access to both vlans, you're still fucked

[–] jackoneill 2 points 1 year ago (1 children)

It’s a feature on mine

That’s why my security has multiple layers

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

It isn't a common feature on ISP provided routers, which is what most people use. Some ISPs (example: my own) even make it exceptionally difficult to use other routers. I had to install OpenWRT on my retail router to get it, and getting that working was such a pain.

[–] [email protected] 1 points 1 year ago

It kinda depends on the setup I think, especially when vlans and firewalls are involved, you'd likely need additional payloads to make further progress in that kind of environment IMO. Something granting persistent remote access to the compromised machine would be the most ideal option.

As always physical access is pretty much game over though lol.

My cams are only accessible via an authenticated endpoint hosted on a dedicated machine, which acts as a "bridge" between the VLAN that the cameras are on (no internet access), and another VLAN hosting internal services, like home assistant, plex etc.

Aside from physical access, the only way to access the cams (that I can think of) would be via some exploit in Home Assistant, or by brute forcing the password to (any of) my network switches to access the management VLAN, changing the VLAN the cameras are set on to something else (bypassing the routing, firewall setup, and auth "bridge" entirely). Or maybe just exploiting the bridge machine directly and dropping a payload to forward the cams out to the net via the services VLAN

With physical access, you could chop up the PoE for an external camera and using that as an ingress point - but you'd only have access to the cameras and the bridge machine unless you exploited that too. At this point the zabbix client on the bridge machine would have notified me that a camera's dropped off the network, unless you dropped a payload to force it to return a good status lol

Does sound like a very fun exercise though tbh