{"id":6118,"date":"2014-08-04T12:30:58","date_gmt":"2014-08-04T16:30:58","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=6118"},"modified":"2014-08-04T12:30:58","modified_gmt":"2014-08-04T16:30:58","slug":"is-your-dropcam-live-feed-being-watched-by-someone-else","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/04\/is-your-dropcam-live-feed-being-watched-by-someone-else\/","title":{"rendered":"Is your Dropcam live feed being watched by someone else?"},"content":{"rendered":"

\"\"<\/a><\/p>\n

Dropcam, the popular video monitoring camera, bills itself as \u201csuper simple security.\u201d But a pair of researchers plan to show at the Defcon hacking conference later this week how a Dropcam could be a weak point.<\/p>\n

Patrick Wardle and Colby Moore, both of whom work for security firm Synack, tore apart a $200 Dropcam and figured out how its software works.<\/p>\n

They found several vulnerabilities, none of which granted the holy grail of remote online access, but say their examination portends security problems because of the increasing pervasiveness of Internet-connected embedded devices, often referred to as the \u201cInternet of things.\u201d<\/p>\n

Google already has a strong stake in the Internet of things and devices for home automation. It owns Nest Communications, which makes Internet-connected thermostats and smoke detectors. Nest acquired Dropcam in June.<\/p>\n

Embedded devices usually don\u2019t run security software, and it\u2019s very difficult \u201cfor consumers to vet the integrity of the devices,\u201d said Moore, a security research engineer, in a phone interview.<\/p>\n

\u201cPeople don\u2019t realize they are basically mini-computers,\u201d he said.<\/p>\n

\"\"<\/a><\/p>\n

Dropcam sells subscription plans for online video storage. When someone wants to view the video, the service verifies a digital certificate shipped on a Dropcam in order to grant access.<\/p>\n

Moore and Wardle plucked the private and public SSL (Secure Sockets Layer) certificates from the Dropcam they analyzed. With those in hand, it would be possible for them to view videos a person has stored or upload their own videos that would appear to have come from a specific Dropcam.<\/p>\n

\u201cIt would allow an attacker to basically hijack or take over the video stream,\u201d Wardle said.<\/p>\n

In an email statement, a Nest spokeswoman said such an attack would require physical access to a Dropcam.<\/p>\n

\u201cThe Synack folks were not able to remotely compromise any of our cameras\u2014only ones they had physical access to,\u201d wrote spokeswoman Kate Brinks. \u201cThis is not a unique problem.\u201d<\/p>\n

But it\u2019s not far fetched that an attacker could buy a Dropcam and give it as a gift to someone, essentially a Trojan horse attack that opens up their video to monitoring.<\/p>\n

Full Story: Is your Dropcam live feed being watched by someone else? | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Dropcam, the popular video monitoring camera, bills itself as \u201csuper simple security.\u201d But a pair of researchers plan to show […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[3,7,9],"tags":[308,395,481,482],"class_list":["post-6118","post","type-post","status-publish","format-standard","hentry","category-hardware","category-security","category-software","tag-dropcam","tag-gadgets","tag-home-automation","tag-home-tech"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1AG","jetpack-related-posts":[{"id":9452,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/11\/19\/internal-bug-discovery-security-now-693\/","url_meta":{"origin":6118,"position":0},"title":"Internal Bug Discovery – Security Now 693","author":"NCCT","date":"November 19, 2018","format":false,"excerpt":"https:\/\/youtu.be\/ClVI9PMQGCY Australia vs Encryption, Google+ Bugs Hasten its Demise -- Australia's recently passed anti-encryption legislation -- Details of a couple more mega-breaches including a bit of Marriott follow-up -- A welcome call for legislation from Microsoft -- A new twist on online advertising click fraud -- The DHS is interested\u2026","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/ClVI9PMQGCY\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9378,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/07\/13\/smart-home-security-tips\/","url_meta":{"origin":6118,"position":1},"title":"Smart Home Security Tips","author":"NCCT","date":"July 13, 2018","format":false,"excerpt":"https:\/\/youtu.be\/ESqqAf3IGok Megan Morrone and Florence Ion talk to Stacey Higginbotham about tips for securing your smart home. The advantages and disadvantages of running devices on a guest network. Plus, how do you know if your devices are getting regular firmware updates.","rel":"","context":"In "Networking"","block_context":{"text":"Networking","link":"https:\/\/nccomputertech.com\/techtalk\/category\/networking\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/ESqqAf3IGok\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9368,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/06\/18\/this-week-in-tech-671-a-bad-day-for-the-internet\/","url_meta":{"origin":6118,"position":2},"title":"This Week in Tech 671: A Bad Day for the Internet","author":"NCCT","date":"June 18, 2018","format":false,"excerpt":"https:\/\/youtu.be\/wJdSNos8swI Social media is still destroying the world. Top trends at E3. The end of Net Neutrality and the AT&T\/ Time Warner Merger are a 1-2 punch against consumers. Automation is taking jobs in China and at Amazon. White house hacked. GDPR is killing email marketing. Theranos founder up on\u2026","rel":"","context":"In "Social Media"","block_context":{"text":"Social Media","link":"https:\/\/nccomputertech.com\/techtalk\/category\/social-media\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/wJdSNos8swI\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9938,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/05\/16\/google-antitrust-ruling-breakdown-what-this-means-for-chrome-and-search\/","url_meta":{"origin":6118,"position":3},"title":"Google Antitrust Ruling Breakdown – What This Means for Chrome and Search","author":"NCCT","date":"May 16, 2025","format":false,"excerpt":"https:\/\/youtu.be\/ELXjmrnN1uM The panel breaks down the antitrust ruling that could force Google to sell Chrome, stop paying Apple billions for default search placement, and fundamentally reshape the internet. This is just one explosive topic from This Week in Tech - we also discuss AI's environmental impact and the government's security\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/ELXjmrnN1uM\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9370,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/06\/24\/this-week-in-tech-672-meme-the-queen\/","url_meta":{"origin":6118,"position":4},"title":"This Week in Tech 672: Meme the Queen","author":"NCCT","date":"June 24, 2018","format":false,"excerpt":"https:\/\/youtu.be\/ZCttWvS1qJw Two HUGE Supreme Court decisions, Apple admits its keyboards suck, Europe's war on memes, and more. -- The US Supreme Court kills warrantless cell phone location fishing and okays state sales taxes on internet purchases. -- Apple offers refunds on MacBook butterfly keyboard repairs and wants to let you\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/ZCttWvS1qJw\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9902,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/02\/11\/tpm-2-0-is-not-required-for-windows-11\/","url_meta":{"origin":6118,"position":5},"title":"TPM 2.0 Is Not Required for Windows 11","author":"NCCT","date":"February 11, 2025","format":false,"excerpt":"https:\/\/youtu.be\/yjjCbOOpREg On Security Now, Steve Gibson talks about Microsofrt dropping the TPM 2.0 requirement from Windows 11.","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/yjjCbOOpREg\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/6118","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=6118"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/6118\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=6118"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=6118"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=6118"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}