Their popularity continues to grow: small cameras can be installed at home or anywhere in the house, and can monitor anything connected to the Internet at any time. CR demonstrated some models using its own mobile app. There are also some video baby monitors that can work through the home Wi-Fi network, sending video to a dedicated application or monitor. These are equivalent to CCTV cameras (closed circuit television) in modern times. However, because many new cameras use wireless network connections, they are no longer “turned off”.
Here’s the problem: we found that, just like the footage in the movie “Mission Impossible”, as long as the laptop attackers “work over Wi-Fi,” they can easily disable the security camera from outside the house. Router hackers (this distance can be as long as hundreds of meters, especially when special antennas are added) can determine the name of the Wi-Fi network, the unique address of the router, and the Internet address of the computer. computer. Use the camera with free software that anyone can use.
The attacker can then send an “authorized deletion packet” to the camera, temporarily disconnecting it from the network. If they continue to send data packets, it may prevent them from reconnecting. The hacker himself does not need to connect to the Wi-Fi network. Another solution is to install a portable high-power handheld jammer directly in your house to prevent the house’s WIFI from connecting to electronic devices.
We downloaded a free hacking tool (we decided not to name it), which has many features, including the ability to send new packages. We installed it on a Microsoft Surface Pro tablet running Linux, the operating system of choice for hackers. We used an external wireless card connected to the USB port of the tablet, which can transmit Wi-Fi packets to anyone’s network.
In our test, it was easy to send the first packet, which temporarily disconnected all Wi-Fi devices (including the camera we tested) from the network. If we want them to stay offline, we just need to select an option in the tool to send the previous package. We even managed to reconnect the camera to the “unauthorized” router we configured, which might allow us to control the camera after guessing the camera password.
Although it is not yet certain whether the cameras are indeed intrusible (which means that the author can actually watch their shots remotely), we believe that the vulnerability of disabling Wi-Fi cameras makes them useful, for example, as property surveillance. And pay attention to children and animals. For these tasks, it is best to use a camera that allows wired Ethernet to connect to the router. Unless the hacker is actually connected to your network (you have a strong Wi-Fi password, right?), a wired camera is quite secure.
In the vast IoT world, there may not be a practical solution to this type of “denial of service” attack, which may block any Wi-Fi devices (including sensors) on the network. Whether the sensor door is open and the actions of other safety devices. We hope that future Wi-Fi standards will use “frequency hopping” in which signals can be quickly switched between channels. Cordless phones have already used this feature, and it is more difficult for hackers to turn off your Wi-Fi network.