Finding WEIRD Devices on the Public Internet
ฝัง
- เผยแพร่เมื่อ 21 เม.ย. 2024
- jh.live/censys || Get started with the leading Internet Intelligence Platform for threat hunting and attack surface management -- find what is exposed out on the open Internet with Censys! jh.live/censys
Learn Cybersecurity - Name Your Price Training with John Hammond: nameyourpricetraining.com
Read The Hacker Mindset by Garret Gee: jh.live/hackermindset
📧JOIN MY NEWSLETTER ➡ jh.live/email
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥TH-cam ALGORITHM ➡ Like, Comment, & Subscribe!
![ChatGPT Can Now Talk Like a Human [Latest Updates]](http://i.ytimg.com/vi/ID5tc61iksY/mqdefault.jpg)
![[สปอย] มหาเวทย์ผนึกมาร 261 "ร่างโกโจโดนขโมย" ชายที่อยู่ตรงหน้านี้เขาไม่ใช่อาจารย์โกโจตัวจริง!!](http://i.ytimg.com/vi/u5GTa2Mpp_E/mqdefault.jpg)
To everyone saying he didn’t hide the IPs, it’s literally on the open internet
EXACTLY
And most of these are gonna be honeypot traps. So noobs beware😂
i mean just because my house is open to the public doesn't make it any less a crime to go into my house.
So him showing the IP's of the places he's gray area illegally going................
@@NOMAd_THe_HACKEr No man people are crazy whole factories have their siemens s7 public. You stop the factory youll see theyll fix it in 1 day lol
@@johndorian4078 in law there is no such thing as grey area, either its legal or its not. im not a lawyer and i cant tell about laws in other countries but i believe at least here in germany your fine as long as you make sure to only show publicaly available information. which would mean he wouldnt even need to censor anything.
I think those cameras on the billboards are supposed to be public. It's probably so clients can confirm their ads are being shown.
You would think they would disable the ability to interact with the camera controls AND have a restricted general account with a password.
@@omegadroidzero That's a very good point. Although, maybe the controls don't actually work.
@@drooplug The one where it had the lady working, the controls do indeed work (but you can only rotate the camera left for some reason but yea they do work or atleast that one did)
I doubt it. If you search long enough you will find there are cameras from the same vendor inside peoples houses. I doubot those are supposed to be public.
@@omegadroidzero
At which point did we go from "i just wanna host a Buffy fansite" or "i just wanna share a couple tunes with buddies" to "anything you post publically is going to be relentlessly scraped, vulnerability scanned for profit, and used in the next LLM model whether you like it or not" ?
People have been scraping and scanning for decades. Tools like nmap have existed since 1997. Governments have most likely been on top of this way before then.
The LLM stuff is debatable though.
Since altavista, hotrod and (of course) the emerge of google....
I once found a camera system on the Internet at someone's house in the middle of nowhere...and somehow ended up moving into the house about a decade later...
I think that puts you the beginning of a horror movie or true crime podcast. I'll try to watch when you are on 48 hours or wherever you end up.
Do the owners know you moved in ?
Two sentence horror right here.
Wow
I saw that movie... did you ever cure the trolls? Or are they still rampaging around with rabies ruining everyone's vacation?
This isn't only useful to cyber security experts, but also to show people why they shouldn't easily trust anything that connects to the internet, especially things with weak authentication, and even more so with none
It may be useful for end users, but it's not nearly user friendly enough for most people to understand, so it's most useful for anyone who find and take advantage of those with weak authentication.
Lmao use shodan shit you can actually just use google to search for shit if you know the right commands
Isn't it reassuring that embedded products are generally mature and secure, without firmware vulnerabilities... Oh... Wait...
geoguessr guy needs to find them to email the people that their devices are open
Fully expected John to be using Shodan lmao
Same lol, but it's cool to see a search engine of that sort that I hadn't heard of
@@revenevan11 You can scan the whole internet(every ipv4 adress) in 6-12 minutes. You only need a 10-20gbit internet speed. So in theory every person could know all device that are connected and interact with them. It is the whole purpose of this system.
Why? This dude is a joke
Me too
@@mapache2185 it would seem you find that joke funny
At 23:05 the German IP Webcam "Stützerbach - Blick vom Schlossberg" is most likely a "wether cam". So it's a webcam that's actually meant to be publicly accessible to check the weather status. Those are common in Germany and pretty neat if you think about going for a trip to some place but are unsure about the weather conditions.
If you're old enough, you remember "IP Cam trolling" because people were lazy with securing their networked devices. Such hijinks were a thing for a while on at least one of the Chans. The main "feature" allowing the troll was that the cameras had a speaker in addition to the mic, allowing the observer to disturb the observed in some manner. TH-cam took videos about those down after some TOS change in the 2010's, even the ones that were more silly than malicious. (The ones I liked is where the guy bugging people eventually tells them to put a password on it at least. So the troll served a basic lesson in network security.) Despite all that, seems some things really never changed much. The "hack" is that things are still exposed to a lot of search engines depending on how the hosting works, so it's just a matter of knowing the keywords to bring them up.
i used to watch these cameras when i was a teenager. i liked to see what other countries were like, especially the weather, and watch people who had no idea. i tried to notify them if it was in a home, but i doubt anyone got the hint. i remember panicking once when i broke a business's security camera.
This is incredibly worrying, but it's also important to show how much of your connections are available on the internet, and why securing those connections is so very necessary.
Today it's a demonstration, tomorrow it's a legitimate malicious agent.
Not something you have to worry about unless you’re actively port forwarding your cctv cameras for all to see (or using upnp)
What is even more worrying is how easy it is to index them all ;) I have over 30k indexed worldwide, and it doesn't even matter if they shut the camera down. I still see everything and gave access to my GPT-4 model.
I learned a valuable lesson long ago: Nothing you do on the internet is truely private.
@@Guyfrommars183 It is but only when you make it private unless the provider gets hacked or there is an exploit, most the time it's more about what you share yourself. If you want to share your whole life, then prepare for it to be achieved somewhere.
I remember finding something similar back in like 08. There was a site that you could browse public IP's for various cameras in your geographic location. There was a map and you could increase or decrease the range. It was interesting some of the cameras you could access. A few of the colleges in the area were wide open.
0:06 that's a public webcam of the city of Stützerbach in Austria.
Ohh don't mention the names bro ;)
It says it at the top of the image ;)
@@Cypherx444 9:01 is Edmonton, Alberta. Recognized the area code and business lol
@@leaaon460 yes, it is lmao. 780 is the area code for edmonton, alberta. I live here. I think I know the area code and the dentist I go to
It's not, the camera would be upside down if it were Australia 🙃
I haven't done this for years! I found a freaky lobby cam once that I never saw anyone enter or exit. It was like one of those creepy alternate world things people talk about. "An Empty World, A Time Traveler, Another Dimension" 🤣
Makes sense. Most of the more popular hotels, etc have higher security on their security systems. They wouldn't be publicly accessible online, so if it was a hotel or something else, probably was lower class. From what I can tell, the high class ones run on their own private networks, not just openly online.
@@ValiantNomad You think too highly of them, they will just hire cheapest company to do it for them, it's then their decision how they going to set it up and my friend for most of them "it works" is just good enough.
@@767corp ⬆ THIS! Lowest bidder. Third party contractors. I've been mortified by what pen testers have found in "secure office buildings" and hotels. There's a security flaw in "millions of hotel-room doors" right now that I'm not seeing get fixed too fast.
You mean like the back rooms? Liminal spaces with a webcam, cool!
@@stevengill1736 Exactly, it's very strange to see a camera inside a building at an entrance but never see movement. Not knowing where the camera was located only adds to the mystery.
I really like the fact that viewers can SEE the code (and terminal) that you discuss in your videos! I can always see your code clearly and thanks so much for doing this! Most content creators that I see on TH-cam post their code in small size font where I can hardly see it.
23:00 Blick vom Schlossberg - View from the castle on the hill. (down to the village, somewhere in Thuringia, Germany)
somewhere, to be more accurate: around a city called "Ilmenau". It is also located on the Mountain Range called "Rennsteig".
Brilliant! love the way you present with such energy! Cheers!
Way to represent, Melbourne! First St Vinnies, then billboard monitoring.
I have never watched your channel before but I understand why you have 1.45 million subs, great booming voice coupled with some amazing oration skills added to some great video work, scripting and editing makes you really awesome at what you do.
Great video and thank you for the information.
actually found an open Sheriff Department CCTV system with this. Censys is way to powerfull in my mind.
There's a bunch of cameras that come out with open ports, there was a whole series of HIKvision cameras that are exposed if you only know the IP address in the correct port number
Baby monitors, nanny cams, webcams, security cams, ect... Only way to stop it is to practice safe networking
Oh man....
The "S" in IOT stands for "Security"
Remember looking at all this kind of stuff back before GUI, just using command line or crude level text and being blown away at how much was on the open internet.
Thanks for sharing! I can see how easily you can go down the rabbit hole to find Alice.
"Weird, wild, wacky stuff!"
It's just cars, buildings, and streets.
This dude's easily amused, I guess. Maybe an Amy Schumer fan.
This is gold for sure. I'm sold.
John just found something, that my grandpa showed me as a kid (no joke) LMAO.
The funniest thing is that most of these cameras actually are publicly available. Like not only because of this site, but rather they are intended to be public.
@John, please stop yelling! while this stuff is indeed interesting, it's also difficult listening to..
What a fabulous video! I'm going to consider Censys for further analysis and exploration. It seems fun, interesting and helpful-thanks a lot! ❤
I'm more curious on the shirt/cloth John is wearing. It looks so shiny and cool looking.
hammond : bowling mask...what is that...
bowling mask : 😸
Love your content! And question what keyboard you are using?😂
I was surprised to see after looking into Censys that they're physically located in Ann Arbor. I lived in Ann Arbor for years :-O
My good friend does that with the 3D printers. He has them on a remote switch and he will run them while he is at work, so he can check on them remotely and if therer is an issue he can shut it down remotely.
If you do not configure it willingly, devices in your LAN are not accessible from the WAN. The most problematic devices are these, connected to a cloud, because you have no control over the interfaces. If the cloud is compromised, all devices are as well. If you use webcams, buy them from big brands like DLink, Panasonic, Mobotics, Hikvision.... Think twice where you want to place a webcam as well. Not in the bedroom etc...
25:53 gute Preise, gute Besserung 😂
(That's the slogan from the company ratiopharm)
This seems very similar to Shodan. These sites are always very shady because I bet a lot of these people had no idea these devices were on the internet
Correct they didn't. Shady though? Nope. Just service scanning
Well every device that is connected to the internet is public space. If you do not close the door it is like a starbucks store, people can walk in and out and should see what service is being offered today.
@@maktiki Except Starbucks chose to give access to customers. This is more like going into a random person's home because they left the door ajar.
@@iuse9646 in some countries port scanning is illegal. Its likes nooping around someones house looking for an open window.
@@NorthLaker If there is no authentication protocol there is no door, and the autonomous system/server/iot device etc is just part of or an extension of public space.
I literally did this today with Finn. The synchronicity is real
Well, that is something that is left there forever.
It is
Ive found multiple cameras from inside home with people just doing their thing on shodan, creepy af, also found controllable cameras through out some landmarks in rome.
a lot of stuff i looked up actually had a login page after the 200 so... kudos to them.
this is cool. like the overpass turbo of the Internet. awesome
I was bord one day and found out you can watch some security cameras online depending on the company that provides the service. I watched a store front downtown Toronto (known location) at the end of the day the guy takes the money out of the register to count it then puts it into a popsicle box in the freezers with the other popsicles. would be a good idea if his cameras weren't public.
It's crazy what you can find on the internet.
So, that’s why I see that going on my website 1 times every week, it’s just scanning for changes!
Love this and another great site 😊👍
This site was part of a question in my CEH cert exam.
Have you taken the masters ?
They called me crazy but i knew i had to install a cctv and not a crappy smart camera
a whole video that's just a sponsor segment is WILD
3:01
Interesting queries, hope there aren't any Internet exposed industrial systems.
spoilers, there are
there are alot some even let you change settings
Install exe -> Default --> Next --> Next --> Next --> Finish
😃👍
@@dcquence And many SCADA systems (especially older ones) have hard coded usernames and passwords for administration, or they don't allow changing the one that was chosen on first install.
Sucks if any such system controls vital infrastructure and use known hard coded login details...
John Hammond is the Barney of cybersecurity.
lol this tickled me_no Diddy tho🤣
You're his biggest fan
Dude , he isn't at all
Barney, like the dinosaur? Can’t tell what you’re getting at.
Glad to of seen this and find out my ip is all good and no open service, port exposed to the public
Oui John!!
there are a lot of publicly accessable webcames in germany that just sit on houses and show you the enviornment
5:12 cellco partnership is Verizon Wireless. Not entirely sure WHY they use Cellco instead of VZW but they do.
VNC Resolver is something very similar to this which posts random snapshots on fedi
Isn't that by the guy who made CollabVM?
@@UCILaGtQaYAh3wnkvg4Rxzqg I wouldn't know
@ 4:08 Hold Ctrl then scroll your mouse wheel up or down to quickly zoom the page in or out. -
Searches are limited to 10 per day unless you create a login.
How has the FBI not know about this
What a useful tool!
I use it to check traffic, but the public cameras are pretty slow since everybody is using it
How is the legal situation with such a search engine? Are they allowed to scan the whole internet over and over again? I thought I remembered that at least in my country (Germany) port scanning is illegal. But I might be wrong.
Great video today
i remember yt vids of ipcam trolling. good times.
for more info , the endpoints of the misconfigured cameras for example AXIS, are full of RFI and LFI.
I giggled when I saw the "Try one of these examples" and the first example shown was "Russian hosts running RDP or FTP". 🤣
Imagine looking at active cameras and randomly seeing someone through their webcam.. that would.. not be good.
I have one client who have mail server on shared hosting (the same IP is for more email domains) that I don't have access (I only have access to cPanel of his domain). I just want to know what other email domains are on that IP address because my client have problems: his IP gets to blacklist very often and then they can't send emails to some partners. His company is clear I know for sure. Some other company that have email domain on the same IP are making problems and I need to know who else is on that IP so that I can contact them and ask them to check their security or maybe someone is sending malicious emails. They are all in my country, maybe in the same town. But I don't want to call hosting company before I check this by myself.
Thanks Mr.Jhon that's great scammer hacker ❤
Big Tech meets Big Ick - I love it!!
Takes me back 20-30 years ago 😊😊
One of those billboards is literally 5 minutes from my house. What are the chances.
bro really just recorded himself breaking multiple privacy laws and computer misuse laws
The billboard companies are playing 4D chess tricking us into viewing their ads for free
When i was taking my course in CEH, our instructor (big dude, with a big beard, and full sleeves) poked some Chinese routers that were open to the Internet. Illegal? I dunno. Funny. Hell yes
Once saw one of these videos of an old guy asleep on his sofa, think the camera was inside a TV. You're better off covering anything thats got a camera if you don't want others being able to see you. I have tape covering the camera on my laptop for the same reason. If you've got any webcams also unplug them when not using them.
There are thousands of links online and through google that give access to all these cameras.
In 1989, Nielsen considered a system that would include camera-like devices and computers attached to the top of TVs in households. The computers would be programmed with facial images of each family member, and the cameras would scan the room for faces when the TV was turned on. However, the New York Times reported that Nielsen said the system would not be in service for at least three years and that they are sensitive to privacy concerns.
Also you find the camera via streetview, then contact the company. Then they remove the camera and few days later they make it public again :facepalm
I'm actually surprised these devices let you use their app without setting a password
@23:04 The title translates to something like "Blick on Castlecity."
Whats the difference between Censys and Shodan?
the best part is when you can move them :)
Ive watch many of these stream years ago with a little the same pictures.
Your background is cool
y’all remember that one site that would take u to a random persons public webcam?🤣
Imagine finding out you have been the main character of a tv show in another country because you forgot to secure your home cameras 😮
Take a shot every time this guy says "drill down into" or "dig into"
You should connect to new refrigerators and see what food people have.
The webcam from ~ 22:56 is a public, the one from the roof
There's a pretty cool song to play through the ip cameras: The Police - Every Breath You Take. It's the ultimate stalker's theme.
Edit: Remember John, do not feed the monkeys.
No when they sleep start moaning, when they wake up stop and repeat every night.
SauSarge and CharlieTheJanitor had classic content that did exactly that. Others pranks that were funny were also the smoke detector beep and getting some dog to randomly start barking. Eventually they lost their TH-cam channels for that content after a TOS change, although I think one resumed on another differently named channel that is now notorious for making fun of gaming exploits.
Now if you think they were entirely bad guys, they often ended the joking around by telling people to change the login and password. Often those cameras were completely open to the public.
I wonder if anyone out there still managed to archive that content? I miss the garage webcam with "Let It Snow" playing, or the Rick Roll of a U of S.C. classroom. Those kind of had a mood, and the outcomes were good-natured at least.
@@pauljs75 Dwight? ;) I've liked the video from the automated house, in which the guy had the control over not only the cameras, but also the a/c system, the garage's door and other stuff. The heating system being turned on in the middle of the summer was the evilest thing I could imagine to see.
@@januzi2 Was that the one where they spammed the "nuclear launch alert" soundboard thing?
@@pauljs75 The automated house? It was quiet, except for the owner that was being loud about getting "free sauna" treatment.
In this video : the phrase "drill down"
Is there a way to look at your own ip incase anything is leaked?
Look up your up ip.
unless you open ports youre gucci basically
This makes me feel like a genius just for having at least put a password on my TightVNC from the start 😅
(The port for it is no longer open/forwarded to the wild wide open internet since some time ago, instead I set up a VPN so I can connect into the home network and only *then* connect to the VNC; because I found out that TightVNC doesn't encrypt any of the session keystrokes or other traffic *except* for the password... meaning that the actual windows user account password I'd authenticate after connecting using the VNC server password would be sent as plaintext to the computer lol. Now it's at least encrypted until it's through to my VPN at home!)
3:02 conllection
What are some other Shodan like services out there?
And this is why kids you must watch/listen Security Now podcast
We use to have to type to code line into Google search bar then use the links that appears to pick from 👨🏻💻
imagine just doing a video of open camera, and if you find one you can control see if you get the attention of someone on camera.
More plz
Hacking cameras is very easy, as many providers have very old backdoors. For example Hikvision has backdoor from 2017 and it's easy to hack private ip cameras. In ivms u can control people's cameras without their knowledge and if the camera has microphone, you can play voices like cat meows or other songs and make people go crazy searching for sound income. IP cameras are very easy to hack and the only way to protect urself is by setting very strong password. I know example of family in Italy which was searching a cat in their couch for 10 months until they realized, that somebody played cat voices through camera. Most of people don't even know, that most of cameras have microphone built.
I am not sure but isn’t this something like shodan?