Comments on: Hacking Linksys IP Cameras (pt 1)

By: william c

william c — Wed, 22 Jun 2011 01:01:55 +0000

if its running linux why hasn’t anyone written a replacement os like dd-wrt for the routers. the cameras credentials for the plugin are out of date so the only way to view it with out the pc software is to make your browser vulnerably to unsigned content. so why doesnt some code genius do just that and write a more updated os for the camera i mean look what dd-wrt did for the wrt54g

By: Linksys ip | Janineandperry

Linksys ip | Janineandperry — Mon, 30 May 2011 06:08:07 +0000

[...] Hacking Linksys IP Cameras (pt 1) | GNUCITIZENDuring the easter break, I was playing with my my wireless Linksys IP camera which, although I bought several months ago, I hadn’t taken my time to give the … Please let me know if you know how to enable the telnet daemon on Linksys IP cameras! Ideally, I’d like to accomplish this without physically connecting to the… [...]

By: Hacking Linksys IP Cameras (pt 3) |

Hacking Linksys IP Cameras (pt 3) | — Tue, 19 Apr 2011 07:26:25 +0000

[...] GNUCITIZEN articles, that embody an introduction to a subject and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt [...]

By: Hacking Linksys IP Cameras (pt 4) |

Hacking Linksys IP Cameras (pt 4) | — Tue, 19 Apr 2011 07:26:07 +0000

[...] GNUCITIZEN articles, that embody an introduction to a subject and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt [...]

By: Hacking Linksys IP Cameras (pt 6) | SecurityGuy.org

Hacking Linksys IP Cameras (pt 6) | SecurityGuy.org — Fri, 07 Jan 2011 10:09:05 +0000

[...] article is a continuation of the following GNUCITIZEN articles: here, here, here, here and [...]

By: Surveillance | Camera

Surveillance | Camera — Fri, 17 Dec 2010 22:53:38 +0000

[...] Image by Joachim S. MÃ¼ller verwendet von der Piratenpartei Ã–sterreich und digital journal und http://www.gnucitizen.org/blog.....eras-pt-1/ und [...]

By: Hacking Linksys IP Cameras (pt 6) | GNUCITIZEN

Hacking Linksys IP Cameras (pt 6) | GNUCITIZEN — Wed, 24 Feb 2010 07:18:35 +0000

[...] published: February 24th, 2010 This article is a continuation of the following GNUCITIZEN articles: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3), Hacking Linksys IP Cameras [...]

By: WVC54GCA Firmware v1.1 « Brian Klug: Internet Adventures

WVC54GCA Firmware v1.1 « Brian Klug: Internet Adventures — Wed, 20 Jan 2010 07:57:22 +0000

[...] about the security issues (which are supposedly fixed in 1.1), I upgraded both cameras from my previous trusty (but somewhat [...]

By: Linksys IP cam hacking | Hack a Day Thailand

Linksys IP cam hacking | Hack a Day Thailand — Wed, 16 Dec 2009 16:21:59 +0000

[...] has posted information on linksys wireless IP camera hacking. It turns out that some models send the administrator user name and password to the computer when [...]

By: rmadeat

rmadeat — Sat, 13 Jun 2009 10:25:40 +0000

Very nice.

Thank you

By: Wayland

Wayland — Fri, 05 Jun 2009 20:09:44 +0000

I can confirm that the camera does lock up on occasion but clears itself and it’s light sensitivity is not as good as a Sitecom Wifi camera. However it’s an excellent price and works very well with Go1984.

It would be interesting to turn a router or a print server into a mini USB camera server.

By: Hacking Linksys IP Cameras (pt 5) | GNUCITIZEN

Hacking Linksys IP Cameras (pt 5) | GNUCITIZEN — Fri, 05 Jun 2009 08:05:32 +0000

[...] 5) published: June 5th, 2009 This article is a continuation of the following GNUCITIZEN articles: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3), Hacking Linksys IP Cameras [...]

By: ---

--- — Sun, 10 May 2009 15:50:50 +0000

Has anyone tried to sniff and playback the video stream (probably mpeg4) of these IP cameras?

By: pagvac

pagvac — Thu, 07 May 2009 17:38:25 +0000

@shawnmer: Linksys updated the wizard URL. The new link is http://downloads.linksysbycisc.....pWiz,0.zip

FYI:

$ md5sum SetupWizard.exe
1c7cb77e906152376102b88604650577  SetupWizard.exe

By: shawnmer

shawnmer — Tue, 28 Apr 2009 02:42:36 +0000

Looks like the Linksys Setup utility has been pullled from the link you provided above: WVC54GCA-CD-Content-10-25-2007_SetupWiz.zip

By: Hacking Linksys IP Cameras (pt 4) | GNUCITIZEN

Hacking Linksys IP Cameras (pt 4) | GNUCITIZEN — Sat, 25 Apr 2009 03:29:19 +0000

[...] GNUCITIZEN articles, which include an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt [...]

By: Nederland doelwit spionage en IP camera's hack je zo

Nederland doelwit spionage en IP camera's hack je zo — Fri, 24 Apr 2009 10:08:05 +0000

[...] Meer informatie over de IP camera hack vind je hier: Hacking Linksys IP Cameras [...]

By: Hacking Linksys IP Cameras (pt 3) | GNUCITIZEN

Hacking Linksys IP Cameras (pt 3) | GNUCITIZEN — Thu, 23 Apr 2009 00:53:08 +0000

[...] GNUCITIZEN articles, which include an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt [...]

By: pagvac

pagvac — Wed, 22 Apr 2009 06:34:43 +0000

@CERT: the US-CERT note you mentioned (VU#528993) is the same as CVE-2008-4390 which I *did* talk about in this post. It might not be the same exact issue but it’s hard to tell as there is very little info provided by CVE-2008-4390/VU#528993.

Please note that:

1) a different model (WVC54GC) was reported to be vulnerable on CVE-2008-4390/VU#528993

2) the data didn’t seem to travel unencrypted in the case of the WVC54GCA during communications with the setup wizard (maybe just encoded/obfuscated?). VU#528993 mentions: “This packet is sent over the network unencrypted”, which doesn’t appear to be true for the WVC54GCA (at least at first sight, further digging might reveal otherwise)

3) there is no fix available for the WVC54GCA at time of writing, while Linksys did release a fix for the WVC54GC

I tried contacting Andre Protas and Greg Linares who found the issue you mentioned (CVE-2008-4390/VU#528993) in order to gather more details, but I received no response.

It might be possible that Linksys did fix the issue of sensitive data traveling in the clear when the wizard communicates with the camera, but might have still left unfixed a fundamental flaw: the camera sends the admin password to the wizard before the user even enters them on the wizard. I guess the developer(s) didn’t think of someone examining the memory of the wizard process?

By: Justin

Justin — Wed, 22 Apr 2009 02:07:25 +0000

Ok I just ordered one to try this myself. justin@wastate.net