Monday, 30 June 2014

IP Camera Leaks Your Camera Feed to Anyone - And Also Your Home Wireless Network's Password in Plain Text

Tenvis JPT3815W camera shows your video to anyone without a password. It also reveals the password for accessing your wireless network in plain text. 

These exploits are not related to my previous report where devices shipped with default empty passwords. These exploits exist even with a secure password set. The need for a password is completely bypassed.

Today, I received a message from Dimitris Platis pointing me to his blog post here - https://platis.solutions/blog/2014/06/30/tenvis-jpt3815w-camera-a-cheap-network-camera-if-you-can-afford-the-huge-security-holes/. He had read this very review of the Tenvis JPT3815W IP camera before purchasing and discovering the vulnerability and wanted to let me know about it.

He discovered a serious flaw in the camera that would expose private data to anyone without the need for any credentials.

What kind of private data? Well not only can you view the feed from the camera without a password, but shockingly, you can also retrieve the wireless network's password to which the camera is connected.

It is all explained in his blog post, so please spend the time to read it as I won't repeat it all here. Essentially, if you want to see if you are affected, you can add /snapshot.cgi or /get_params.cgi to the end of your camera's IP address and port.

For instance, if you access your camera at 

http://192.168.1.239:81 usually, try:

http://192.168.1.239:81/snapshot.cgi
http://192.168.1.239:81/get_params.cgi

You SHOULD be prompted to enter your camera's username and password. (If you have previously entered them, trying using the Incognito Mode on your browser) However, on at least one model of camera with a specific firmware, no credentials are needed and both URLs return sensitive data.

Working with Dimitris, he provided me with the URL pointing to this camera. This URL is public to the internet but most of the APIs are protected with HTTP Basic Authentication. The problem is that /snapshot.cgi and /get_params.cgi are not protected with HTTP Basic Auth; they aren't protected at all.

So far, the Tenvis JPT3815W 2014 edition camera is known to be affected:
Hardware Version = 1.10
Firmware Version = 1.1.0.5

I attempted the same exploit on my JPT3815W 2013 edition and it did not exist.

The impact of this is massive. Tenvis use a system of DDNS which users are assigned a very short unique ID to separate them from other users. That means that it is very (VERY!) easy to find other Tenvis users. From there, it is again very easy to test if they are vulnerable to this exploit.

At present, there is no newer version of the firmware available for the 2014 model meaning the only advice I can offer is to ensure you keep the camera protected by not using the DDNS functionality, or better yet, request a refund and turn it off altogether.

Saturday, 19 April 2014

Review of the Camera - HTC One M8






This review focuses on the camera of the HTC One M8

Preamble

As part of a competition run by Gizmodo UK, I have won 3 new smartphones. In exchange for keeping the phones I have agreed to write some unbiased reviews.

A version of this review can be read in an article on Gizmodo UK. This blog post is the full, unedited version.

"The HTC One M8 is a brilliant phone and has had a lot of work focussed on making the camera experience great"

Sunday, 6 April 2014

Review of the Nokia Lumia 1320 - Focus on Apps

This review focuses on my the apps available for the Nokia Lumia 1320 Windows Phone. 

Preamble

As part of a competition run by Gizmodo UK, I have won 3 new smartphones. In exchange for keeping the phones I have agreed to write some unbiased reviews.

A version of this review can be read in an article on Gizmodo UK. This blog post is the full, unedited version.

"Nokia appears to be doing as much as Microsoft, if not more, in making Windows Phone an attractive and viable smartphone option"

Review of the Nokia Lumia 1320 - Adjusting to Windows Phone

This review focuses on my experience adapting to Windows Phone using the Nokia Lumia 1320.


Preamble



As part of a competition run by Gizmodo UK, I have won 3 new smartphones. In exchange for keeping the phones I have agreed to write some unbiased reviews.



A version of this review can be read in an article on Gizmodo UK. This blog post is the full, unedited version.


"If you're coming into the smartphone market for the first time, a Windows Phone makes a lot of sense."

Dress up to play with my new phone

Saturday, 22 March 2014

Review of the Samsung Galaxy Note 3 - Samsung Extra Value Software

This review focuses on the Samsung software that is bundled on top of stock Android on the Samsung Galaxy Note 3, a 4G phone with 3GB RAM and a whopping 5.7" full HD screen.

Preamble

As part of a competition run by Gizmodo UK, I have won 3 new smartphones. In exchange for keeping the phones I have agreed to write some unbiased reviews.

A version of this review can be read in an article on Gizmodo UK. This blog post is the full, unedited version.


"You might not realise from the rest of the review but I really love this phone."





Review of Samsung Galaxy Note 3 - Battery Life

This review focuses on the battery life of the Samsung Galaxy Note 3, a 4G phone with 3GB RAM and a whopping 5.7" full HD screen.


"The Samsung Galaxy Note 3 is a mobile which you can use heavily throughout the day without having to worry about when you’ll next find a charger"

Preamble

As part of a competition run by Gizmodo UK, I have won 3 new smartphones. In exchange for keeping the phones I have agreed to write some unbiased reviews. 

A version of this review can be read in an article on Gizmodo UK. This blog post is the full, unedited version.