As an IIoT engineer, I can not tell you how much I enjoy watching these videos you do. Too many people do not understand how critical this stuff is to take seriously. Keep up the great content! ✌🏼
Thanks for the service you do. Working in IoT and security, I appreciate you more than you know. I always tell people that, "The S in IoT stands for security".
@@Cyber_Official *Secret Service kicks down door.* Guy_With_VPN: *surprised Pikachu face, I was using a VPN* Secret Service: Nothing a warrant can't fix.
You got me playing along at home now! I have have SSH access, RTSP, and the SOAP API working! The SOAP API is the public and well documented ONVIF standard with no authentication. I haven't fully explored what can be controlled there but it looks like a lot! It also appears there is a Arduino of sorts in there possibly controlling the IR LEDs? I'd love to see a part 3 where you focus on the microcontroller in there and see what we can learn from that firmware.
Thank you for the videos; I had never touched IoT hacking beyond the 802.11 and Bluetooth until DefCon 32 in 2024 (shoutout to Loudmouth Security for the class ), and I found your channel almost immediately after that. It's been a perfect continuing education into that realm, and keeps me engaged at home in learning new skills and techniques.
@NoWeAreNotOkay you never heard of a false flag? If you are being smart and wanting hide something those 3 steps they used are pretty clean... The random caps, The extra word on a common error page, And bag grammar... If I have to explain how each of those can work alone, I think you may wanna learn more about searching in general, but having all three is simply "cop dash cams" in a coded language they could have the same set up w different words for hotel hallway cams, and wherever else... "Odd" is how you hide a pin in a stack of pens...
New to your channel and I have to say that I’m enjoying your work. I used to pen test on my own for a hobby when I was younger and your videos are eye opening on how exposed things STILL are after all these years! Thank you for showing your finding and explanations for everything. Your just gained another subscriber and looking forward to your future videos. I also do software reverse engineering when I was younger. Your videos are teaching me things in the hardware side of things that I didn’t know to much about. So thank you and maybe I’ll start messing around with things for fun in the future.
I’m super new to all of this stuff and industry. I don’t understand all of this 💯 however you still make this fun. I can definitely tell your excitement and passion.
Hey Matt! I work in IT and see tech that is so often not able to be repurposed, and a big one is the Cradlepoint devices. They are Cellular WAN modem/routers that are great for remote locations/backups. I would love to see if the internal file system (Which from my testing on an e3000 is debian) can be written over. It would make an awesome OpenWRT/Firewall appliance!
Watched many of your videos. Been subscribed for awhile. Excellent job with this one. Showing Censys was crucial as it will cause change within this community. May piss others off. Lol😂 great great video
Fascinating. A detailed autopsy without the dead body. It intrigues me how little people know about their 'magic boxes'.'_Why would anybody in law enforcement know,anything about security?_ Don't local governments have IT departments? It's also pretty funny that anything with a military-like function is so expensive and what you find in the side is a $75 Raspberry Pi.. Thanks for another great tutorial..
For many small local governments, the "IT department" is *the* "IT person" who has to deal with everything from users ("how do I find cell A374 on this Excel worksheet?") to infrastructure ("the wireless isn't working in the basement of the jail") to radio systems to politics (snooping between board members) to all sorts of other crap. Yes, you'd hope that they'd be able to understand the basics of security - but in practice, they may not even have time there.
Your channel is incredible. These videos are like a public service. I hope one day i can become an IOT pen tester too. Thanks for all of these amazing resources ❤🔥
Great video in the public's service, Matt! Thank you. Let's hope Motorola remedies their terrible security on these law enforcement devices (and that law enforcement departments pen test their devices --or hire you to do so-- before deploying them onto the innocent public.
This is crazy lol.. Having everything exposed like this means someone is going to do a public data mining 😐 Thanks Matt for this video and the nice walks through on every step.. Thanks to those videos I'm learning a ton of obscure stuff I didn't know 😄
I guess I am the only guy that was saying "there, there! Click on that one! Come on! Click on that one...." Thank you for the awesome videos! Really enjoy your content!
Another potential use of these cameras would be in traffic management, including electronic polling, speed traps, red light cameras, etc. For those uses, they would need a cell service model and potentially multiple cameras (e.g. red light has cameras in each direction at the intersection).
The path and service mentioned ONVIF, which is an IP security camera standard used to configure, control, and view security cameras. I bet you could do more with something that uses that protocol.
Love these videos. Is it possible the hotspot is just running UPNP? For the hotspot to fully trunk everything and not run NAT. That's somewhat scary too. Either way, brilliant video.
The router is stacking 2000 ports into 2001, 2002, etc, but not 8080. Without ever playing with one, I would suspect 2000 is some protocol that requires direct access, while 8080 is could just offer colorcam01, etc and then route the correct stream
Hey Matt, If I may make a suggestion; the HP Sprocket 1st Gen. They all fail with the dreaded red and green flashing light about 2 years in and is highly suspicious. I'm wondering if HP didn't straight up planned obsolescence and have the charging circuit stop working after a while as they are all failing with similar symptoms even after very light use. I can send teardown pics if you'd like. If this is what they are doing, man, you'd open up room for a class action lawsuit!
17:40 cathode ray dude did a video on a police car pc. Pretty much a standard pc in a industrial formfactor. Look for: Little Guys 7: The Cop-puter [Motorola MW800] So any vulnerabilities a pc has are viable to gain access.
sounds like the license plate scanners that are being used over here to check on paid parking. two or three cams on top of the car and just drive around scanning everything to check if they need to send out a violation for you to pay.
Here where i live in fl. We have them at certain intersections and roads and the anpr i to the county database so that if they are trying to find a vehicle and it happens to go past one they know where it was time wise. The recovered car rate has gone up here along with the amount of arrests lol
@@DM-qm5scyea. Ponce inlet has 1 road in and out. They had a shooting down there a year or so ago, they caught them within 45 minutes because of the cameras
Am curious... is that ONVIF server/service custom coded or from someone's GitHub? There are quite a few repos out there for Raspberry Pi's with ONVIF. I'd be curious to know either way.
99.9% it is from github. Does not look like the manufacturer has any ideas how to write code or configure systems or cares how to make reliable and trustworthy systems. It is just a mashup of various gihub projects.
For my day job I work on this exact camera system. These cameras are not exposted to the internet. The connect to an in car server that connects to the police laptop. The entire system does not have any access to the internet. The server is connected to the laptop via another interface. The only way the server gets external data is from the app that runs on the laptop.
6 cameras would make sense. I have seen them mounted on the sides of the light bars. 2 on each side. 2 facing forward left side/right side and 2 backwards left side/right side. Now i don't know for sure but the other 2 cameras could either be front and back thru front windshield and back window orrrrrrr they could be for the 2 cameras that get mounted inside the interceptors one viewing the officer and other viewing the detainee in the back.
Isn't this something that should be responsibly disclosed before making it this public with such an easy to follow set of instructions to actually abuse? Or did the manifacturers already publicly comment on this?
So far, the only thing you have at this point is a dashcam feed. There are publicly accessible traffic cams everywhere that film cars including license plates. What I would like to know is if the device stores the camera feed on the local device (other than let's say a 30 second 'incident' buffer). Because the systems we work with they get camera feeds, and another system processes these feeds (i.e. read license plates) and in our case checks the plate against a database. I'll assume that something similar is happening with these camera's where the license plate is checked against the DMV and/or local/state police database for outstanding fines/infractions or other issues (expired registration) using the laptop in the cop car. Not really sure why a MiFi router would ever expose 'internal ports' other than maybe a VPN port for remote access, because normally the connection would be the other way around (device calls server). Now, of course a lot of these issues arise from the fact that most government contracts go to the cheapest and not the best contractor and often the cheapest provider/contractor do things that do not align with all kind of standards like ISO-27001/27002, which is a requirement for most of the companies we provide services for. In most cases it is just an automated boom gate that opens when it recognizes a license plate. Think for example of the gate of a taxi depot yard. On the other hand if the MiFi router opens these ports, that it could theoretically be used to for example access the police laptop via the LPR in a buffer overflow exists and it can be exploited remotely. A laptop that normally is shielded. That is often the danger of IOT devices on your network. Hackers are not interested in your internet connected printer, they want to use the printer to jump to other devices on your network. This is often why I hate internet enabled devices and even if they do not expose a port directly, there is often a central 'command' server from the manufacturer that could potential be used to send commands to a lot of devices. Recently it was revealed that there was a major breach at Volkswagen ID.x EV range because a partner misconfigured a folder that contained a lot of personal and private information of 800,000 cars including geo information like where you park. If you can control something in your house/office using an app on your phone, there is a command/management server somewhere that can be exploited...
Great channel! I hack since the beginning of 1980s It was and is ever a game to hack things. On C64 no monster on every game recognised me and no wall existed for me in every game. That was my game not the game itself.
The device has a static IP, just create a VLAN, configure the network for that address space (make a guess at CIDR range, likely a /24) and you could likely hit that SSH. I don’t believe there is a default gateway set, which can easily be fixed with root access, but that’s a crummy way to protect this thing
If I send you the firmware of a modem that uses an ISP and makes remote restrictions with a secret user, can you find this user pass for us? The company is constantly putting its customers in a very difficult situation.
Nothing wrong with saying folders for Linux, unless you are a pedantic asshole. Nothing wrong about saying backslack, it's hella arbitrary anyway. Nothing wrong with "starting with Windows" or using it, unless you are 13 years old.
So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!
Private companies use these devices all the time. They are mounded on the outside of buildings and such. This security isn't about these devices, its about the need for public display of proof that road use tax is paid.
I only know of HackTheBox and TryHackMe if there are any others I would love to know!!! (These platforms have pretty solid free hardware hacking examples though)
I'm pretty sure I saw a video a guy did for the passively cooled PC you showed at 17:35, however I'm not having much luck. The best I've managed to narrow it down to was th-cam.com/video/GdiZGmB6GTk/w-d-xo.html from Premio by the looks of it. The PC had a 2 power inputs one for a polarized barrel jack and one terminal block connector with 4 pins if memory serves, one was used for an ignition signal present when the car had it's ignition on(but I don't think it was shown where in a car one can piggyback for it to work that way). I'd assume they're running some Windows Embedded SKU. If I ever find the video the guy did on those I'll reply/edit this comment.
So is it only a IP webcam or is there any kind of plate/facial recognition built into the device? My guess is it's just a stupid webcam, that look oddly similar to the Xbox 360 Kinect sensor and you need the box you showed for it to do any recognition. Also... that's Motorola, how can Motorola release such a bad product destined to the law enforcement market. It's not an oversight, it's basic security any IT guy at a police department would have found...
I've never trusted a lense out in the world... And I knew they could be accessed... This vids just the kind of confirmation most people should be aware of... 😂 A keyboard unlocks all doors
Le mot de passe 12345 ne fonctionne plus. Essayons 123456 🤣 Et après on accuse les pirates chinois des pires maux. Mais vos serrures s'ouvrent en moins de 10 secondes. Merci pour le partage du savoir.
Tried one for the fun of it, think it has been patched ;) Even with /camcolor i get the 404 error page, also password pi with 12345 does not work as well, so thats good i guess, i guess you let them know the issue.
I really don't see a issue with the device. Who is going to have physical access to this device long enough? Even if they did what would they gain access to a camera 2ft away? Simply using something like ZeroTier (SD-WAN Software-Defined Wide Area Network) If you did to send this camera traffic over the internet. The SD-WAN would mitigate all security issues if any. You didn't show the initial setup how do I know you configured it properly in the first place?
These don’t only have to be in cop cars. They could be at intersections tied to red light cameras or speed cameras, or at the entrance to paid parking lots. And usually those are managed by companies who just might leave them open to the internet so they can administer them from afar.
It's cool we can't feed people, can't have free college/trade school, can't maintain our infrastructure, can't recover from natural disasters, but every town in this country can send at least 1/3 of their budget towards toys like this for people who are much better at violating the constitution than upholding it.
As an IIoT engineer, I can not tell you how much I enjoy watching these videos you do. Too many people do not understand how critical this stuff is to take seriously. Keep up the great content! ✌🏼
same page here! 👍
Sameeeeee 🔥
It's amazing how laissez-faire it all really is done. I think the EU is starting to regulate this nonsense.
Good they don’t understand, keeps our wages high 😁
Why are most IoT device’s horrendously insecure. Are you part of the problem?
The sign of someone _not_ working in red teaming: Claiming "no one will ever configure the device _that_ way ... "
yeah the police aren't really known for critical thinking LOL
Thanks for the service you do. Working in IoT and security, I appreciate you more than you know. I always tell people that, "The S in IoT stands for security".
How many guys are SSH'ing into police cars this afternoon
Guy: *FBI Knocks on their door because they forgot to use VPN*
Guy: *Shocked pikachu face*
@@Cyber_Official
*Secret Service kicks down door.*
Guy_With_VPN: *surprised Pikachu face, I was using a VPN*
Secret Service: Nothing a warrant can't fix.
Hopefully no one would be doing this from their home internet or with a device they have ever used on their home internet.
@@jamess1787 you definitely need to change your VPN provider...
Just use Tor. Unless you do something actually critically damaging, they aren't going to use the exit node card
You got me playing along at home now! I have have SSH access, RTSP, and the SOAP API working! The SOAP API is the public and well documented ONVIF standard with no authentication. I haven't fully explored what can be controlled there but it looks like a lot! It also appears there is a Arduino of sorts in there possibly controlling the IR LEDs? I'd love to see a part 3 where you focus on the microcontroller in there and see what we can learn from that firmware.
Kinda scary video today with the Censys results. Great job, Matt!
Thank you for the videos; I had never touched IoT hacking beyond the 802.11 and Bluetooth until DefCon 32 in 2024 (shoutout to Loudmouth Security for the class ), and I found your channel almost immediately after that. It's been a perfect continuing education into that realm, and keeps me engaged at home in learning new skills and techniques.
That 404 message looks like an Indian scammer wrote it 🤣
😂😂😂
I'm sure it was made to look that way, and as he said, easy to search n weed out... For those who wanna keep an eye on those sorts of things...
"all your base are belong to us"
@@thcrtn so they used typos and bad grammar to make it stand out? That seems odd
@NoWeAreNotOkay you never heard of a false flag? If you are being smart and wanting hide something those 3 steps they used are pretty clean...
The random caps,
The extra word on a common error page,
And bag grammar...
If I have to explain how each of those can work alone, I think you may wanna learn more about searching in general, but having all three is simply "cop dash cams" in a coded language they could have the same set up w different words for hotel hallway cams, and wherever else...
"Odd" is how you hide a pin in a stack of pens...
New to your channel and I have to say that I’m enjoying your work. I used to pen test on my own for a hobby when I was younger and your videos are eye opening on how exposed things STILL are after all these years! Thank you for showing your finding and explanations for everything. Your just gained another subscriber and looking forward to your future videos. I also do software reverse engineering when I was younger. Your videos are teaching me things in the hardware side of things that I didn’t know to much about. So thank you and maybe I’ll start messing around with things for fun in the future.
I’m super new to all of this stuff and industry. I don’t understand all of this 💯 however you still make this fun. I can definitely tell your excitement and passion.
Bro, your vids/channel are on the up. I'm glad for you. Beena lurking fan for a long time. Props dude. :)
Hey Matt! I work in IT and see tech that is so often not able to be repurposed, and a big one is the Cradlepoint devices. They are Cellular WAN modem/routers that are great for remote locations/backups. I would love to see if the internal file system (Which from my testing on an e3000 is debian) can be written over. It would make an awesome OpenWRT/Firewall appliance!
And then one "wonders" how the bad hacker were able to get into the network... There are no words for whomever setup these up.
Watched many of your videos. Been subscribed for awhile. Excellent job with this one. Showing Censys was crucial as it will cause change within this community. May piss others off. Lol😂 great great video
Fascinating. A detailed autopsy without the dead body. It intrigues me how little people know about their 'magic boxes'.'_Why would anybody in law enforcement know,anything about security?_ Don't local governments have IT departments? It's also pretty funny that anything with a military-like function is so expensive and what you find in the side is a $75 Raspberry Pi.. Thanks for another great tutorial..
For many small local governments, the "IT department" is *the* "IT person" who has to deal with everything from users ("how do I find cell A374 on this Excel worksheet?") to infrastructure ("the wireless isn't working in the basement of the jail") to radio systems to politics (snooping between board members) to all sorts of other crap. Yes, you'd hope that they'd be able to understand the basics of security - but in practice, they may not even have time there.
Your channel is incredible. These videos are like a public service. I hope one day i can become an IOT pen tester too. Thanks for all of these amazing resources ❤🔥
Awesome work. Nice to know that you read the coments. I saw somebody say somthing similar to the way you beleive it works. Very cool stuff man. 👍
I enjoy blending my hobby of programming with my love of police tech/tv dramas. Looking forward to what you come up with in the future, subscribed.
These videos are awesome and super informative! Love it and keep up the great work!!
Great video in the public's service, Matt! Thank you. Let's hope Motorola remedies their terrible security on these law enforcement devices (and that law enforcement departments pen test their devices --or hire you to do so-- before deploying them onto the innocent public.
Wow, really enjoyed this two part series. Can't wait for more like this.
This is crazy lol..
Having everything exposed like this means someone is going to do a public data mining 😐
Thanks Matt for this video and the nice walks through on every step.. Thanks to those videos I'm learning a ton of obscure stuff I didn't know 😄
I guess I am the only guy that was saying "there, there! Click on that one! Come on! Click on that one...."
Thank you for the awesome videos! Really enjoy your content!
Another potential use of these cameras would be in traffic management, including electronic polling, speed traps, red light cameras, etc. For those uses, they would need a cell service model and potentially multiple cameras (e.g. red light has cameras in each direction at the intersection).
It’s amazing that the designers saw that 404 page and thought “it’s good enough, ship it”
Absolutely fascinating watch. Thank you for sharing!!!
Starting 2025 with quite strong video :) Nice one, I wonder how many people are now scanning the police streams :D
The path and service mentioned ONVIF, which is an IP security camera standard used to configure, control, and view security cameras. I bet you could do more with something that uses that protocol.
Yeah I'm surprised he didn't seem to pick up on or at least mention this. I've messed with a lot of IP home security cameras that all use ONVIF
Absolutely Amazing work
Awesome stuff man!
Fascinating stuff!
a normal sim would likely be using cgnat and wouldn't be visible. I suspect that you found public static ip sims.
Love these videos. Is it possible the hotspot is just running UPNP? For the hotspot to fully trunk everything and not run NAT. That's somewhat scary too. Either way, brilliant video.
The router is stacking 2000 ports into 2001, 2002, etc, but not 8080. Without ever playing with one, I would suspect 2000 is some protocol that requires direct access, while 8080 is could just offer colorcam01, etc and then route the correct stream
I hardly ever comment on videos...these are awesome!
Great video as always!
Hey Matt, If I may make a suggestion; the HP Sprocket 1st Gen. They all fail with the dreaded red and green flashing light about 2 years in and is highly suspicious. I'm wondering if HP didn't straight up planned obsolescence and have the charging circuit stop working after a while as they are all failing with similar symptoms even after very light use. I can send teardown pics if you'd like.
If this is what they are doing, man, you'd open up room for a class action lawsuit!
17:40 cathode ray dude did a video on a police car pc.
Pretty much a standard pc in a industrial formfactor.
Look for: Little Guys 7: The Cop-puter [Motorola MW800]
So any vulnerabilities a pc has are viable to gain access.
AWWWW YEAH! Part 2!
Seems like posting how-to for reading the images from the streams of data available is getting deleted in the comments :(
Pigs want privacy, but don’t think you deserve any.
sounds like the license plate scanners that are being used over here to check on paid parking. two or three cams on top of the car and just drive around scanning everything to check if they need to send out a violation for you to pay.
A lot of these devices without probing them seem to be located at the corners of intersections. I wonder if they are traffic systems???
Here where i live in fl. We have them at certain intersections and roads and the anpr i to the county database so that if they are trying to find a vehicle and it happens to go past one they know where it was time wise. The recovered car rate has gone up here along with the amount of arrests lol
@@WX4CB Very interesting!
@@DM-qm5scyea. Ponce inlet has 1 road in and out. They had a shooting down there a year or so ago, they caught them within 45 minutes because of the cameras
I bet the cops use cradlepoint routers. They have a cloud interface that you can apply group settings to load of endpoints.
And how much are PD’s paying for poor grammar and a raspberry pi 😂
with that video, 46 people are going to jail to connect to police car license plate reader xD
it'd take them years to get them even if you gave them an address so i wouldnt worry
Am curious... is that ONVIF server/service custom coded or from someone's GitHub? There are quite a few repos out there for Raspberry Pi's with ONVIF. I'd be curious to know either way.
99.9% it is from github. Does not look like the manufacturer has any ideas how to write code or configure systems or cares how to make reliable and trustworthy systems.
It is just a mashup of various gihub projects.
@@ingulari3977 Looking up for the same typos on Github could yield interesting results.
For my day job I work on this exact camera system. These cameras are not exposted to the internet. The connect to an in car server that connects to the police laptop. The entire system does not have any access to the internet. The server is connected to the laptop via another interface. The only way the server gets external data is from the app that runs on the laptop.
If they are deployed correctly they won't be exposed on the Internet... Clearly not everyone deploys them that way... I'm looking at you Illinois.
Why didn't you query the ONVIF port first? That also would give a lot of information.
Bridged, seems like it'd provide a risk as a jumpoff or exfil host inside the subnet it was deployed in
Can you replace the live stream with another stream?
How dusty/vulnerable is the ssh implementation in the unit on your bench?
Shocking, almost as if the police are inviting a hack
Vigillant installs a lot of these camera on traffic lights and connect via cellular or wireless.
6 cameras would make sense. I have seen them mounted on the sides of the light bars. 2 on each side. 2 facing forward left side/right side and 2 backwards left side/right side. Now i don't know for sure but the other 2 cameras could either be front and back thru front windshield and back window orrrrrrr they could be for the 2 cameras that get mounted inside the interceptors one viewing the officer and other viewing the detainee in the back.
Isn't this something that should be responsibly disclosed before making it this public with such an easy to follow set of instructions to actually abuse? Or did the manifacturers already publicly comment on this?
What has the "manufacturer publicly commenting" to do with this?
You know with a name like "ReaperHD" it was built for helping the citizens and serving the public fairly.
So far, the only thing you have at this point is a dashcam feed. There are publicly accessible traffic cams everywhere that film cars including license plates.
What I would like to know is if the device stores the camera feed on the local device (other than let's say a 30 second 'incident' buffer). Because the systems we work with they get camera feeds, and another system processes these feeds (i.e. read license plates) and in our case checks the plate against a database. I'll assume that something similar is happening with these camera's where the license plate is checked against the DMV and/or local/state police database for outstanding fines/infractions or other issues (expired registration) using the laptop in the cop car.
Not really sure why a MiFi router would ever expose 'internal ports' other than maybe a VPN port for remote access, because normally the connection would be the other way around (device calls server). Now, of course a lot of these issues arise from the fact that most government contracts go to the cheapest and not the best contractor and often the cheapest provider/contractor do things that do not align with all kind of standards like ISO-27001/27002, which is a requirement for most of the companies we provide services for. In most cases it is just an automated boom gate that opens when it recognizes a license plate. Think for example of the gate of a taxi depot yard.
On the other hand if the MiFi router opens these ports, that it could theoretically be used to for example access the police laptop via the LPR in a buffer overflow exists and it can be exploited remotely. A laptop that normally is shielded. That is often the danger of IOT devices on your network. Hackers are not interested in your internet connected printer, they want to use the printer to jump to other devices on your network. This is often why I hate internet enabled devices and even if they do not expose a port directly, there is often a central 'command' server from the manufacturer that could potential be used to send commands to a lot of devices. Recently it was revealed that there was a major breach at Volkswagen ID.x EV range because a partner misconfigured a folder that contained a lot of personal and private information of 800,000 cars including geo information like where you park. If you can control something in your house/office using an app on your phone, there is a command/management server somewhere that can be exploited...
That’s not the only thing, there’s the sudo access via ssh which is a gaping hole for exploiting and manipulating the device.
Great channel! I hack since the beginning of 1980s It was and is ever a game to hack things. On C64 no monster on every game recognised me and no wall existed for me in every game. That was my game not the game itself.
How did you connect to that device to begin with?? Was it a wifi open device or something??
Ethernet I think
The device has a static IP, just create a VLAN, configure the network for that address space (make a guess at CIDR range, likely a /24) and you could likely hit that SSH. I don’t believe there is a default gateway set, which can easily be fixed with root access, but that’s a crummy way to protect this thing
If I send you the firmware of a modem that uses an ISP and makes remote restrictions with a secret user, can you find this user pass for us? The company is constantly putting its customers in a very difficult situation.
not sure whats going on but fking love it
I hope the people that said this wasnt a big deal last video feel really stupid and quit CS.
Pro-tip: You can press CTRL+L to clear the screen instead of typing 'clear'.
You should do one on the Flock camaeras
Great find! iot not safe
folders and backslash. bro definitely started with windows 😂
Nothing wrong with saying folders for Linux, unless you are a pedantic asshole. Nothing wrong about saying backslack, it's hella arbitrary anyway. Nothing wrong with "starting with Windows" or using it, unless you are 13 years old.
Probably toll-road devices by the same company.
Or traffic light cameras.
So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!
13:30 c'mon man, you know those are not backslashes
Thank you ❤
Private companies use these devices all the time. They are mounded on the outside of buildings and such. This security isn't about these devices, its about the need for public display of proof that road use tax is paid.
is there a telegram channel or a discord server for hardware hacking community, i really wanna join one, if anyone have an invite plz share.
I only know of HackTheBox and TryHackMe if there are any others I would love to know!!! (These platforms have pretty solid free hardware hacking examples though)
What fbi branch do you work for?
Fed
@@ychannel3 hahaha that's funny, but im serious, i really need help with some hardware hacking.
@@ButterBallTheOpossum hahahaha that's what a fed would say !, share a community with me if you have one :D
bash history has some goodies in it as well.
next take AXIS LPR camera
Will be part 3?
Let's go!
I'm pretty sure I saw a video a guy did for the passively cooled PC you showed at 17:35, however I'm not having much luck. The best I've managed to narrow it down to was th-cam.com/video/GdiZGmB6GTk/w-d-xo.html from Premio by the looks of it. The PC had a 2 power inputs one for a polarized barrel jack and one terminal block connector with 4 pins if memory serves, one was used for an ignition signal present when the car had it's ignition on(but I don't think it was shown where in a car one can piggyback for it to work that way). I'd assume they're running some Windows Embedded SKU. If I ever find the video the guy did on those I'll reply/edit this comment.
Contact Motorola and lodge a GPL request for the source, etc. for these cameras.
So is it only a IP webcam or is there any kind of plate/facial recognition built into the device? My guess is it's just a stupid webcam, that look oddly similar to the Xbox 360 Kinect sensor and you need the box you showed for it to do any recognition. Also... that's Motorola, how can Motorola release such a bad product destined to the law enforcement market. It's not an oversight, it's basic security any IT guy at a police department would have found...
So your telling me this Motorola device is just a raspberry pi in a custom box?
I've never trusted a lense out in the world... And I knew they could be accessed... This vids just the kind of confirmation most people should be aware of... 😂
A keyboard unlocks all doors
👏👏✌
Bro is exploiting every single device existing
Awesome
It’s disappointing you didnt extract the weights for the neural net doing the plate and number recognition
I am on learning
Heck yeah
H-1B
huh, so DeadSec is real
I could make my own license plate reader with a webcam and a pi or mini atx.
All you need is orbot and a dream bruh.
Word
"but its vpn" - if you think this way and take care of your infrastructure the same way... youre vpn may be already broken and compromised :P
NSA backdoor.
You keep saying "we". I only see you.
Is there a way to vroadcast a scramble code to interupt the code reader?
Le mot de passe 12345 ne fonctionne plus. Essayons 123456 🤣
Et après on accuse les pirates chinois des pires maux. Mais vos serrures s'ouvrent en moins de 10 secondes.
Merci pour le partage du savoir.
Tried one for the fun of it, think it has been patched ;)
Even with /camcolor i get the 404 error page, also password pi with 12345 does not work as well, so thats good i guess, i guess you let them know the issue.
Try cam1color or cam0color :)
@@userPrehistoricman Okay, so not patched, of course it running into the box so it has a ID
Hi!!!!!
I really don't see a issue with the device. Who is going to have physical access to this device long enough? Even if they did what would they gain access to a camera 2ft away? Simply using something like ZeroTier (SD-WAN Software-Defined Wide Area Network) If you did to send this camera traffic over the internet. The SD-WAN would mitigate all security issues if any. You didn't show the initial setup how do I know you configured it properly in the first place?
Lol you just outed yourself for not watching the whole video
These don’t only have to be in cop cars. They could be at intersections tied to red light cameras or speed cameras, or at the entrance to paid parking lots. And usually those are managed by companies who just might leave them open to the internet so they can administer them from afar.
yo
1
This device really takes the cake for being as awful as the people that use it. Go Team America!
It's cool we can't feed people, can't have free college/trade school, can't maintain our infrastructure, can't recover from natural disasters, but every town in this country can send at least 1/3 of their budget towards toys like this for people who are much better at violating the constitution than upholding it.