Calisro
Senior Member
Sure. I really do not want to turn this thread into a side-bar on security but I think since we're talking about security on the local lan not mattering, I think its worth one more post.
Here are some ways:
https://conference.hitb.org/hitbsec...ning Your Surveillance Camera Against You.pdf
http://www.slideshare.net/Synack/internet-of-things-51400317
Many of these devices are exposed to the internet. They run linux or a culinux or similar. They don't provide much protection to replacing their firmwares once compromised. They, if they are exposed, are your weak link. Some come with UPNP ON by default as well to make it nice and ease for a home user to operate.
An example hack:
One hack would be to compromise a low security device and place a reverse proxy on that device. The person wouldn't even know they are hacked. They can now use that proxy to have network access through your router to that device that was exposed to the internet through a legitamite port forward. SPI/NAT doesn't protect anything because the packets are being routed legitamitely. You told it to port forward that device. Since a hacker can now proxy through that device to your local network, they can now logon to your router with that 'password' password and replace your router firmware or set up their own policies on the router. Again, not that hard. We can grab a build right from this site and compile whatever I want into the firmware and upload it. Now I no longer need that reverse proxy and I can use your router to have permanent access including disabling the ability to update the firmware of that router. If you want an example or many examples of this, PM me and I'm happy to give you some.
The problem is NOT your router as they are built for security. It is usually other lower security devices people do not consider a threat if compromised. "Who cares if someone can see my front lawn from my outside security camera, so i'll just open a port to it and leave the password as 'admin' ". Even if they do change their password, most of these devices have ZERO protection against brute force dictionary attacks and most people use weak passwords. Once they are on the local lan, yes you are already compromised but why give them EVEN MORE access to EVEN MORE devices that control EVERYTHING on your network like your router.
To your other question of "why" would someone want to do this? A few real examples come to mind:
Snowden and compromise of SIM cards. It's in the news. Google it. The attack against the company started with profiling their engineers/staff. They did this by gathering personal communication data from those people (easy to gather if i'm on your local lan). If you work for a company and someone sees you as a target for social engineering then you're a target from a far away land.
Or how about some pervert that wants to view your webcams.
Or Botnet or as decoy sources in a targeted attack against other more critical targets (corporations, small / large businesses).
I'm not trying to be rude or paint the picture of a boogey man. Hacks do happen. It isn't only against corporations. Soft targets can aid in higher level attacks. If you would like to discuss further, start a PM thread.
Here are some ways:
https://conference.hitb.org/hitbsec...ning Your Surveillance Camera Against You.pdf
http://www.slideshare.net/Synack/internet-of-things-51400317
Many of these devices are exposed to the internet. They run linux or a culinux or similar. They don't provide much protection to replacing their firmwares once compromised. They, if they are exposed, are your weak link. Some come with UPNP ON by default as well to make it nice and ease for a home user to operate.
An example hack:
One hack would be to compromise a low security device and place a reverse proxy on that device. The person wouldn't even know they are hacked. They can now use that proxy to have network access through your router to that device that was exposed to the internet through a legitamite port forward. SPI/NAT doesn't protect anything because the packets are being routed legitamitely. You told it to port forward that device. Since a hacker can now proxy through that device to your local network, they can now logon to your router with that 'password' password and replace your router firmware or set up their own policies on the router. Again, not that hard. We can grab a build right from this site and compile whatever I want into the firmware and upload it. Now I no longer need that reverse proxy and I can use your router to have permanent access including disabling the ability to update the firmware of that router. If you want an example or many examples of this, PM me and I'm happy to give you some.
The problem is NOT your router as they are built for security. It is usually other lower security devices people do not consider a threat if compromised. "Who cares if someone can see my front lawn from my outside security camera, so i'll just open a port to it and leave the password as 'admin' ". Even if they do change their password, most of these devices have ZERO protection against brute force dictionary attacks and most people use weak passwords. Once they are on the local lan, yes you are already compromised but why give them EVEN MORE access to EVEN MORE devices that control EVERYTHING on your network like your router.
To your other question of "why" would someone want to do this? A few real examples come to mind:
Snowden and compromise of SIM cards. It's in the news. Google it. The attack against the company started with profiling their engineers/staff. They did this by gathering personal communication data from those people (easy to gather if i'm on your local lan). If you work for a company and someone sees you as a target for social engineering then you're a target from a far away land.
Or how about some pervert that wants to view your webcams.
Or Botnet or as decoy sources in a targeted attack against other more critical targets (corporations, small / large businesses).
I'm not trying to be rude or paint the picture of a boogey man. Hacks do happen. It isn't only against corporations. Soft targets can aid in higher level attacks. If you would like to discuss further, start a PM thread.
