Welcome!

Blog Feed Post

My Home Was Hacked!

Kaskade Home Hacked

I can’t tell my wife about any of the details of our new home security cameras from NEST. I fear that she’ll learn about the level of security associated with all my digital home product choices, and literally shut me down before I perfect all my possible security measures.

Take a look at this live preschool webcam here. If you catch it at the right time, you’ll see the room full of kids playing. It doesn’t take much to use the latitude / longitude within a given radius to search a select number of day care and preschool locations. I  narrowed this webcam down to less than 5 possibilities. I suppose the good side of this is that anyone can check to make sure the staff is working hard to take care of our kids! The bad thing is that anyone has access to this day care in downtown Houston, TX. If you’re curious, take a look at the other 4400 unsecure webcams in the US by city on this site. If you’re real bored, you can use this IoT search engine, Shodan.io,  to find any unsecured device around the globe.

One can also direct their attack at a specific person. Webcam infections, like many other malware infections, can occur if you download a program that contains a Trojan. Trojans, unlike viruses, do not spread through replication. Instead, they’re hidden within programs that you install on purpose. When a webcam hack occurs, Trojan malware finds a way to activate cameras and control them without the owner’s knowledge. If you’re on a MAC, like I am, stare into the webcam on your monitor and ask yourself, “am I being watched?”. Just ask Miss Teen USA Cassidy Wolf about her compromised Apple laptop webcam.

There’s an old saying that we’re only as safe as the weakest link in the chain. That saying has real meaning with the Internet of Things, where one weak link (IPTV, smart coffee maker, etc.) can bring down a chain of connected devices…and/or your entire home network. Here’s a list of default usernames and passwords of a number of targeted devices, in case you’re ready to test your own home security.

Remember how easily Lakhani, security researcher at Fortinet, took control of a video camera? He said that gadget makers are partly to blame because they want to make their products as simple to set up as possible. That often means using default passwords like “admin” and encouraging users to log in to their devices through unsafe web accounts.

Here’s a list of the username and passwords of the most widely used webcams:

  • ACTi: admin/123456 or Admin/123456
  • Axis (traditional): root/pass,
  • Axis (new): requires password creation during first login
  • Cisco: No default password, requires creation during first login
  • Grandstream: admin/admin
  • IQinVision: root/system
  • Mobotix: admin/meinsm
  • Panasonic: admin/12345
  • Samsung Electronics: root/root or admin/4321
  • Samsung Techwin (old): admin/1111111
  • Samsung Techwin (new): admin/4321
  • Sony: admin/admin
  • TRENDnet: admin/admin
  • Toshiba: root/ikwd
  • Vivotek: root/<blank>
  • WebcamXP: admin/ <blank>

I include this list because, yes, I too was successful in hacking my neighbor’s webcam this weekend using one from this list. OMG!! In case you’re worried, here are a few precautions to keep your geeky neighbors off your home network.

Using your IoT device to hack into your home network

Fortinet researcher, Axelle Apvrille, found a Fitbit in her vicinity, and she used its Bluetooth connection to upload a small piece of unauthorized  software into the device. When the Fitbit was synched via Bluetooth up to a smart phone and/or laptop, the Fitbit sent software to the connecting device as it uploaded its data. Once this back door was created into their system, Axelle could can gain full access to the user’s machine. She demonstrated this simple method of using a consumer IoT device to gain access to your home system at a European computer security conference last year. It was the first time malware has been viably delivered to fitness trackers.

Using your IoT device as part of a Botnet

If you were anywhere near the internet in the US on Friday, October 21, you probably noticed a bunch of your favorite websites were down for much of the day. It’s all because thousands of IoT devices — DVRs and web-connected cameras — were hacked.

Once the hackers had control over these devices, they manipulated them into sending an overwhelming number of requests to a company that serves up the websites for Netflix, Google, Spotify and Twitter. When the traffic became too much to handle, the sites crashed. It was an old-school attack — often called a distributed denial of service attack, or DDoS — powered by the new web of devices called the internet of things.

To take over the cameras, hackers inserted Mirai, malicious software that lets bad guys use at least 100,000 devices as soldiers in its IoT army. The technical name for this IoT army is a botnet, and hackers have been making them out of computers for a very long time. Except this time they used internet of things – an even more powerful tool to carry out attacks. They used the botnet to send tons and tons of junk requests to Dyn, a company that manages web traffic for all the websites that were affected.

Integrity of Things?

The European Commission is now drafting new cybersecurity requirements to beef up security around so-called Internet of Things (IoT) devices such as Web-connected security cameras, routers and digital video recorders (DVRs). News of the expected proposal comes as security firms are warning that a great many IoT devices are equipped with little or no security protections.

The Wall Street Journal didn’t help my digital home efforts with my wife when they highlighted all my devices as security threats.

Arggg. We need a way to ensure the integrity of our IoT devices before my home is hacked!

Read the original blog entry...

More Stories By Jim Kaskade

Jim Kaskade currently leads Janrain, the category creator of Consumer Identity & Access Management (CIAM). We believe that your identity is the most important thing you own, and that your identity should not only be easy to use, but it should be safe to use when accessing your digital world. Janrain is an Identity Cloud servicing Global 3000 enterprises providing a consistent, seamless, and safe experience for end-users when they access their digital applications (web, mobile, or IoT).

Prior to Janrain, Jim was the VP & GM of Digital Applications at CSC. This line of business was over $1B in commercial revenue, including both consulting and delivery organizations and is focused on serving Fortune 1000 companies in the United States, Canada, Mexico, Peru, Chile, Argentina, and Brazil. Prior to this, Jim was the VP & GM of Big Data & Analytics at CSC. In his role, he led the fastest growing business at CSC, overseeing the development and implementation of innovative offerings that help clients convert data into revenue. Jim was also the CEO of Infochimps; Entrepreneur-in-Residence at PARC, a Xerox company; SVP, General Manager and Chief of Cloud at SIOS Technology; CEO at StackIQ; CEO of Eyespot; CEO of Integral Semi; and CEO of INCEP Technologies. Jim started his career at Teradata where he spent ten years in enterprise data warehousing, analytical applications, and business intelligence services designed to maximize the intrinsic value of data, servicing fortune 1000 companies in telecom, retail, and financial markets.

Latest Stories
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
For organizations that have amassed large sums of software complexity, taking a microservices approach is the first step toward DevOps and continuous improvement / development. Integrating system-level analysis with microservices makes it easier to change and add functionality to applications at any time without the increase of risk. Before you start big transformation projects or a cloud migration, make sure these changes won’t take down your entire organization.
Cloud promises the agility required by today’s digital businesses. As organizations adopt cloud based infrastructures and services, their IT resources become increasingly dynamic and hybrid in nature. Managing these require modern IT operations and tools. In his session at 20th Cloud Expo, Raj Sundaram, Senior Principal Product Manager at CA Technologies, will discuss how to modernize your IT operations in order to proactively manage your hybrid cloud and IT environments. He will be sharing bes...
A look across the tech landscape at the disruptive technologies that are increasing in prominence and speculate as to which will be most impactful for communications – namely, AI and Cloud Computing. In his session at 20th Cloud Expo, Curtis Peterson, VP of Operations at RingCentral, highlighted the current challenges of these transformative technologies and shared strategies for preparing your organization for these changes. This “view from the top” outlined the latest trends and developments i...
Automation is enabling enterprises to design, deploy, and manage more complex, hybrid cloud environments. Yet the people who manage these environments must be trained in and understanding these environments better than ever before. A new era of analytics and cognitive computing is adding intelligence, but also more complexity, to these cloud environments. How smart is your cloud? How smart should it be? In this power panel at 20th Cloud Expo, moderated by Conference Chair Roger Strukhoff, paneli...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex software systems for startups and enterprises. Since 2009 it has grown from a small group of passionate engineers and business...
Hardware virtualization and cloud computing allowed us to increase resource utilization and increase our flexibility to respond to business demand. Docker Containers are the next quantum leap - Are they?! Databases always represented an additional set of challenges unique to running workloads requiring a maximum of I/O, network, CPU resources combined with data locality.
SYS-CON Events announced today that GrapeUp, the leading provider of rapid product development at the speed of business, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market acr...
SYS-CON Events announced today that Ayehu will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara California. Ayehu provides IT Process Automation & Orchestration solutions for IT and Security professionals to identify and resolve critical incidents and enable rapid containment, eradication, and recovery from cyber security breaches. Ayehu provides customers greater control over IT infras...
SYS-CON Events announced today that Datanami has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datanami is a communication channel dedicated to providing insight, analysis and up-to-the-minute information about emerging trends and solutions in Big Data. The publication sheds light on all cutting-edge technologies including networking, storage and applications, and the...
Artificial intelligence, machine learning, neural networks. We’re in the midst of a wave of excitement around AI such as hasn’t been seen for a few decades. But those previous periods of inflated expectations led to troughs of disappointment. Will this time be different? Most likely. Applications of AI such as predictive analytics are already decreasing costs and improving reliability of industrial machinery. Furthermore, the funding and research going into AI now comes from a wide range of com...
SYS-CON Events announced today that EnterpriseTech has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. EnterpriseTech is a professional resource for news and intelligence covering the migration of high-end technologies into the enterprise and business-IT industry, with a special focus on high-tech solutions in new product development, workload management, increased effi...
SYS-CON Events announced today that SourceForge has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SourceForge is the largest, most trusted destination for Open Source Software development, collaboration, discovery and download on the web serving over 32 million viewers, 150 million downloads and over 460,000 active development projects each and every month.
In this presentation, Striim CTO and founder Steve Wilkes will discuss practical strategies for counteracting fraud and cyberattacks by leveraging real-time streaming analytics. In his session at @ThingsExpo, Steve Wilkes, Founder and Chief Technology Officer at Striim, will provide a detailed look into leveraging streaming data management to correlate events in real time, and identify potential breaches across IoT and non-IoT systems throughout the enterprise. Strategies for processing massive ...
"Our strategy is to focus on the hyperscale providers - AWS, Azure, and Google. Over the last year we saw that a lot of developers need to learn how to do their job in the cloud and we see this DevOps movement that we are catering to with our content," stated Alessandro Fasan, Head of Global Sales at Cloud Academy, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.