Ok my fledgling hackers, I'm back with an exciting new installment. Have you ever wondered what people do in their free time when they don't think anyone is watching? Ever wanted to find out who the jerk is that keeps running red lights on the corner by your house? Or maybe you just want to see if your significant other is REALLY attending night classes at the local tech school?
Well, back in 2009 a guy named John Matherly came up with a solution. He designed a search engine that could find service banners used by devices that connect to the internet. This includes Webcams, security cameras, traffic cams, refrigerators, smart tv's, servers, an any other device that connects to the internet for content. The average person connects these devices without changing the default username an passwords, which makes them vulnerable with a bare minimum of technical know how. You just need to know how to find the device, and what the default username and passwords are.
Now even if the user has created secure password, these devices can be accessed. But this requires use of either Kali or Backtrack Linux OS, and either a brute force attack using rainbow tables, or a passive measure such as cookie hijacking. For now I'll assume most of my fellow Steemians don't have a copy of Backtrack laying around, so we'll stick with Windows based hacks.
First, we're going to navigate to the Shodan website. Set up a free account, it only takes a few minutes. We're going to start our search by manufacturer name. For instance, if you know your neighbor has a WebcamXP camera, you would type in webcamxp. Then we can narrow our search by country or even city. For instance is you live in Buffalo, NY you would type in webcamxp city:buffalo. Then you will be able to see all available cameras by that manufacturer in that city.
But you know where your neighbor lives, and Buffalo is a big city. So we go to Google Maps and type in the address. Then right click, and go to "what's here?". This will give you the exact latitude and longitude of the house. For example, if your neighbor stays at 452 Emslie St. in Buffalo (I apologize if you actually live here, just an example), the coordinates would be 42.888748, -78.849185. So we would go back to Shodan and search by the Geo location; webcamxp geo: 42.888748, -78.849185. This will give all cams from that manufacturer near that location. webcamxp is one of the more popular manufacturers, and the default username is admin, the default password is left blank.
There are a number of different manufacturers, and each one has a different default username and password, which people usually don't bother to change. In the case of security cameras, you can often use the web controls to pan left or right and zoom in. However, keep in mind that doing this with certain cameras and traffic cams can be illegal. Watching isn't illegal, but tampering with the cameras is. As you explore Shodan, you can find many uses for this technology. Until next time, have fun and happy hacking!!!