Direct access to video equipment is the most common attack method used by attackers. It is achieved by deciphering related wireless network passwords, user names, and passwords of device management accounts, etc. The negligence of user names and passwords in the process of use even makes this attack is easy.
Generally, an attacker wants to control a video device, which can be accessed through local network and remote network attack.
Access the camera through the local network, that is, the wireless network to which the intrusion camera is connected. In local networks, cameras are not always protected by encryption. An attacker only needs to run a specific program within the range of the wireless network to which the camera is connected, decipher the password of the corresponding wireless router, and then control the camera and other connected home smart devices.
Establishing a deceptive network is also a way to hack cameras through your local network. The attacker lures the camera device to connect by establishing a network with a stronger signal and the same server identity as the local network. When the camera is connected to a deceptive network, an attacker can access the relevant video equipment at will.
Because most devices do not remind the user twice when connecting to a wireless network that has been connected, once the device successfully connects to the deceptive network, when the device enters the signal range of the deceptive network again, the device The connection will happen automatically, but the user will rarely notice it.
For home cameras, remote network attack intrusions are more common. When a camera transmits a video source over the Internet, an attacker will launch a password attack on its video signal. Devices that are set to weak or default passwords often become victims of the attack.
The home camera sold in the market usually has a unified default password set by the manufacturer. The passwords of each brand are mostly unified and can be easily queried in the network. Many people have the mentality of “no private lens, no need to change password”, and have not changed their account name and password after purchasing the camera. After an attacker has cracked a type of brand password, they often have mastered tens of thousands of cameras that maintain their initial settings.
Some camera users, even if they have changed the initial settings, are extremely hasty about the password settings. They use extremely common password characters such as "123456". This type of "weak password" device is also a key target of attackers.
Weak passwords, that is, passwords that are easy to decipher, are usually letters or numbers with simple rules, such as "000000", "abcdef", etc., because of their simple and easy to remember, they are frequently used by a large number of people.
Attackers use cracking software to set weak passwords that are frequently used by people and conduct large-scale scanning attempts to obtain information such as IP addresses, user names, and login passwords of crackable devices, and then start peeping through specific playback software Already.