Comments on: Hacking Linksys IP Cameras (pt 1)

By: Hacking Linksys IP Cameras (pt 6) | GNUCITIZEN

Hacking Linksys IP Cameras (pt 6) | GNUCITIZEN — Wed, 24 Feb 2010 07:18:35 +0000

[...] published: February 24th, 2010 This article is a continuation of the following GNUCITIZEN articles: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3), Hacking Linksys IP Cameras [...]

By: WVC54GCA Firmware v1.1 « Brian Klug: Internet Adventures

WVC54GCA Firmware v1.1 « Brian Klug: Internet Adventures — Wed, 20 Jan 2010 07:57:22 +0000

[...] about the security issues (which are supposedly fixed in 1.1), I upgraded both cameras from my previous trusty (but somewhat [...]

By: Linksys IP cam hacking | Hack a Day Thailand

Linksys IP cam hacking | Hack a Day Thailand — Wed, 16 Dec 2009 16:21:59 +0000

[...] has posted information on linksys wireless IP camera hacking. It turns out that some models send the administrator user name and password to the computer when [...]

By: rmadeat

rmadeat — Sat, 13 Jun 2009 10:25:40 +0000

Very nice.

Thank you

By: Wayland

Wayland — Fri, 05 Jun 2009 20:09:44 +0000

I can confirm that the camera does lock up on occasion but clears itself and it’s light sensitivity is not as good as a Sitecom Wifi camera. However it’s an excellent price and works very well with Go1984.

It would be interesting to turn a router or a print server into a mini USB camera server.

By: Hacking Linksys IP Cameras (pt 5) | GNUCITIZEN

Hacking Linksys IP Cameras (pt 5) | GNUCITIZEN — Fri, 05 Jun 2009 08:05:32 +0000

[...] 5) published: June 5th, 2009 This article is a continuation of the following GNUCITIZEN articles: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3), Hacking Linksys IP Cameras [...]

By: ---

--- — Sun, 10 May 2009 15:50:50 +0000

Has anyone tried to sniff and playback the video stream (probably mpeg4) of these IP cameras?

By: pagvac

pagvac — Thu, 07 May 2009 17:38:25 +0000

@shawnmer: Linksys updated the wizard URL. The new link is http://downloads.linksysbycisc.....pWiz,0.zip

FYI:

$ md5sum SetupWizard.exe
1c7cb77e906152376102b88604650577  SetupWizard.exe

By: shawnmer

shawnmer — Tue, 28 Apr 2009 02:42:36 +0000

Looks like the Linksys Setup utility has been pullled from the link you provided above: WVC54GCA-CD-Content-10-25-2007_SetupWiz.zip

By: Hacking Linksys IP Cameras (pt 4) | GNUCITIZEN

Hacking Linksys IP Cameras (pt 4) | GNUCITIZEN — Sat, 25 Apr 2009 03:29:19 +0000

[...] GNUCITIZEN articles, which include an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt [...]

By: Nederland doelwit spionage en IP camera's hack je zo

Nederland doelwit spionage en IP camera's hack je zo — Fri, 24 Apr 2009 10:08:05 +0000

[...] Meer informatie over de IP camera hack vind je hier: Hacking Linksys IP Cameras [...]

By: Hacking Linksys IP Cameras (pt 3) | GNUCITIZEN

Hacking Linksys IP Cameras (pt 3) | GNUCITIZEN — Thu, 23 Apr 2009 00:53:08 +0000

[...] GNUCITIZEN articles, which include an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt [...]

By: pagvac

pagvac — Wed, 22 Apr 2009 06:34:43 +0000

@CERT: the US-CERT note you mentioned (VU#528993) is the same as CVE-2008-4390 which I *did* talk about in this post. It might not be the same exact issue but it’s hard to tell as there is very little info provided by CVE-2008-4390/VU#528993.

Please note that:

1) a different model (WVC54GC) was reported to be vulnerable on CVE-2008-4390/VU#528993

2) the data didn’t seem to travel unencrypted in the case of the WVC54GCA during communications with the setup wizard (maybe just encoded/obfuscated?). VU#528993 mentions: “This packet is sent over the network unencrypted”, which doesn’t appear to be true for the WVC54GCA (at least at first sight, further digging might reveal otherwise)

3) there is no fix available for the WVC54GCA at time of writing, while Linksys did release a fix for the WVC54GC

I tried contacting Andre Protas and Greg Linares who found the issue you mentioned (CVE-2008-4390/VU#528993) in order to gather more details, but I received no response.

It might be possible that Linksys did fix the issue of sensitive data traveling in the clear when the wizard communicates with the camera, but might have still left unfixed a fundamental flaw: the camera sends the admin password to the wizard before the user even enters them on the wizard. I guess the developer(s) didn’t think of someone examining the memory of the wizard process?

By: Justin

Justin — Wed, 22 Apr 2009 02:07:25 +0000

Ok I just ordered one to try this myself. justin@wastate.net

By: pdp

pdp — Tue, 21 Apr 2009 20:28:44 +0000

ahhhhhhh, r u sure this is the same vuln?

By: CERT

CERT — Tue, 21 Apr 2009 14:46:42 +0000

http://www.kb.cert.org/vuls/id/528993

Old news

By: Linksys IP Cam Hacking | the2600.com

Linksys IP Cam Hacking | the2600.com — Tue, 21 Apr 2009 08:12:23 +0000

[...] So go ahead and check out how to protect yourself against this VIA Hack a Day & Gnucitizen Part 1 and Part 2 Hacks Hack, Linksys, Web Cam, [...]

By: j-zero

j-zero — Tue, 21 Apr 2009 08:06:45 +0000

yeah linksys. epic fail.

By: Linksys IP cam hacking | News for Geek

Linksys IP cam hacking | News for Geek — Tue, 21 Apr 2009 06:54:52 +0000

[...] has posted information on linksys wireless IP camera hacking. It turns out that some models send the administrator user name and password to the computer when [...]

By: Hacking Linksys IP Cameras (pt 2) | GNUCITIZEN

Hacking Linksys IP Cameras (pt 2) | GNUCITIZEN — Mon, 20 Apr 2009 22:58:18 +0000

[...] The Network Hacking Linksys IP Cameras (pt 2) published: April 20th, 2009 This article is a continuation of the following GNUCITIZEN article, which includes an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1). [...]