this post was submitted on 18 Dec 2023
479 points (97.4% liked)

Technology

59446 readers
3750 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] guitarsarereal@sh.itjust.works 51 points 11 months ago* (last edited 11 months ago) (2 children)

All of the hacked systems in this article are home based systems.

[citation needed] because that's not in the article. According to the article, attackers used automated scanning software, which strongly implies they brute-forced cameras connected to the Internet with default or weak credentials. That has nothing to do with whether or not the service is based in the cloud.

In general, cloud services have far better security than DIY systems

As a matter of fact, it's known that the leading cloud-based surveillance system, Ring, has been subject to employee abuse and user accounts have been widely compromised via credential stuffing. In fact, Amazon is currently facing a proposed order from the FTC over the fact that they allowed abuse by employees and more or less knew for years that their lax security practices were placing their customers in danger from cybercriminals. Hell, it's 2023 and all you have to do to pre-empt most credential stuffing attacks is enforce 2FA, and this was optional in a HOME SECURITY PRODUCT from a LEADING cloud provider. "In general cloud providers have better security" my ass.

Cloud based security only gets better when regulators force cloud providers to improve security, after cloud providers allow hackers to harm thousands to millions of customers.

I'm just gonna say it again: the cloud is just someone else's computer.

[–] GamingChairModel@lemmy.world 10 points 11 months ago* (last edited 11 months ago) (1 children)

According to the article, attackers used automated scanning software, which strongly implies they brute-forced cameras connected to the Internet with default or weak credentials. That has nothing to do with whether or not the service is based in the cloud.

This is a known problem with popular brands of security cameras sold in Vietnam, that the default configuration has an admin password of "admin" or "12345" accessible from the public Internet. They're basically sold insecure, and rely on customers to consciously adopt a custom configuration to be secure.

Although, in order to be publicly accessible, one would imagine that they've had to configure their firewall to let outside signals to the devices themselves. Or maybe some kind of ddns setup.

Either way, it doesn't have anything to do with the cloud, and the parent comment is basically right about that.

[–] WhatAmLemmy@lemmy.world 4 points 11 months ago

Although, in order to be publicly accessible, one would imagine that they've had to configure ...

I'm guessing there are providers in Vietnam offering remote access accounts and apps, the same as 90% of IP security cameras on AliExpress, Amazon, eBay etc. Most of the zero config ones are authenticated with a cloud server 24/7 to enable remote viewing. This being Vietnam specific leads me to believe that the "hackers" are actually a domestic crime org selling compromised hardware; could be as simple as opening the box and obtaining device information (like the serial, MAC, or QR code) before shipping the product.

[–] MonkderZweite@feddit.ch 4 points 11 months ago* (last edited 11 months ago)

In general, cloud services have far better security than DIY systems

Even if it were true; less money to be made than from a company, so less interest and investition to hack it.