looney2ns
IPCT Contributor
IPC-T5442T-ZEB disables ability to paste into password
Exactly, which is why I noted "properly isolated".
FWIW just because cameras are isolated doesn't mean they are entirely safe. In modern times it is very easy and fairly common to launch more sophisticated multi-stage attacks. Another internal device would be compromised and from there devices like IP cams are in turn compromised. I am a CISSP and do security daily as part of my day job. At one time such attacks were not worth the effort, but now there are complete toolkits that almost do this for you
Thinking a camera on an isolated network is completely safe would be a false sense of security. The risk may be low but there is still a risk. There are countless stories (most of which never become known publicly) of utilities such as water, gas, electric that are compromised for this very reason. SCADA networks are isolated similar to the methods described here, but yet still get compromised when that single device to which they are connected is compromised.
It all comes down to risks and asking the question of "what if" then going from there.
FWIW just because cameras are isolated doesn't mean they are entirely safe. In modern times it is very easy and fairly common to launch more sophisticated multi-stage attacks. Another internal device would be compromised and from there devices like IP cams are in turn compromised. I am a CISSP and do security daily as part of my day job. At one time such attacks were not worth the effort, but now there are complete toolkits that almost do this for you
Thinking a camera on an isolated network is completely safe would be a false sense of security. The risk may be low but there is still a risk. There are countless stories (most of which never become known publicly) of utilities such as water, gas, electric that are compromised for this very reason. SCADA networks are isolated similar to the methods described here, but yet still get compromised when that single device to which they are connected is compromised.
It all comes down to risks and asking the question of "what if" then going from there.
Getting back on topic, the OP specifically addresses the issue of the web UI on the cameras not allowing passwords to be pasted (IE: forcing them to be manually typed). This hinders the use of password managers, which in turn hinders the use of strong passwords.
Progressing from there, proper isolation as described repeatedly in these forums helps mitigate the risk with weaker passwords (it does not eliminate the risk). If proper isolation is not used then the risks are well documented all over the internet, and you can easily find an endless number of cameras that have been compromised and are readily viewable on the internet. If those cameras are not isolated then anything and everything else connected to that network must be assumed to be similarly compromised as those CAMs were just used to defeat any internet firewall that may be in place.
Similar should apply for any IoT device, but IP cams are a primary target.
Progressing from there, proper isolation as described repeatedly in these forums helps mitigate the risk with weaker passwords (it does not eliminate the risk). If proper isolation is not used then the risks are well documented all over the internet, and you can easily find an endless number of cameras that have been compromised and are readily viewable on the internet. If those cameras are not isolated then anything and everything else connected to that network must be assumed to be similarly compromised as those CAMs were just used to defeat any internet firewall that may be in place.
Similar should apply for any IoT device, but IP cams are a primary target.
IAmATeaf
Known around here
It doesn’t really hinder does it? Just makes it more difficult.
fenderman
Staff member
- Joined
- Mar 9, 2014
- Messages
- 36,903
- Reaction score
- 21,274
Lol, the passwords on these camera are useless. They are hacked every other Tuesday. Properly isolation the camera is the only way to secure them and 100 percent effective. You are also confused about what we mean by isolation. We don't mean simply isolating them from other lans, but not providing any direct internet access. This is why the use of traditional VPN or something like zero tier is recommended. If someone has access to your network you have bigger fish to fry. It's amazing that you call yourself a security expert and are 1) unaware of the long list of vulnerabilities on these cams that bypass the password 2) the manufacturers often delay patching even when notified 3) they don't patch when camera is eol. If some has access to your nework you need to be fired.
Last edited:
^ I think you meant to reply to the other "w" poster @waterside LOL as he was the one that said he is an IT professional. I agree with everything you said.
Yes, that would still be hindering.
Thank you for the personal attack. With that I'm done.
I did note there are two scenarios - one where the camera itself is attacked and used as a bridge to other hosts, and the other where another host is used as a bridge to attack a camera.
Proper security dictates that just because there may be a weakness in one place doesn't mean you can relax protections in other places. But if so many others seem to think they know better then I'm out.
I did not make a personal attack. You are the one that said you are an IT pro and I am not. I was simply letting someone know they tagged me by mistake as their reply was clearly meant to you...