Smart cameras become "voyeurism": 100G secretly recorded videos sold for 68 yuan

Smart cameras become "voyeurism": 100G secretly recorded videos sold for 68 yuan
Home camera cracking software and IP addresses are openly sold online, ranging from tens to hundreds of yuan; some secretly recorded videos are sold as pornographic videos for profit; sweeping robots with cameras, monitors for children or pets at home... As more and more smart home devices enter homes, some security loopholes are frequently exposed.

A group owner sent messages to sell IP addresses and scanning and cracking software.
In the hands of some criminals, they can easily invade and control these smart home appliance cameras by cracking software or IP addresses, pointing the lenses at private places such as bedrooms or bathrooms to spy on personal privacy.
Behind the transformation of smart cameras into "voyeuristic devices" lies a black industry that steals and sells personal privacy. In some QQ groups, camera cracking software and camera IP addresses are openly sold for tens to hundreds of yuan.
In addition to peeping, there are also sellers who sell secretly recorded private videos as pornographic videos for profit. The price of 100G of video ranges from 50 yuan to 100 yuan.
Network security experts remind that if the camera must be connected to the Internet, it is best to use unpopular access ports and avoid commonly attacked ports such as 81 and 82. In addition, be sure to change the default account name and password, and never point the camera at the bedroom or bed.

All members in the group were banned from speaking, and only the group owner sent messages to sell scanning and cracking software.
Living room photos leaked and posted online
"Who moved my surveillance camera?"
In a forum of a well-known brand of webcam, many users raised this question. They all found that the webcam installed in their home rotated and moved the viewing angle without any operation.
One netizen posted a message asking for help, saying, "After turning on the home-watching mode, even though no one was home, I turned on the camera and found that it had automatically turned from facing the front door to facing the kitchen."
"I adjusted the position well, I don't know how it moved by itself." Another netizen suspected that the camera was hacked and remotely operated. "How can we feel at ease? The surveillance became a live broadcast in a second?"
Ms. Zhang, who lives in Haidian, also encountered similar doubts. In March last year, she bought a set of surveillance cameras from a well-known brand online and installed them in the living room, bedroom, kitchen and other locations to obtain real-time information about her two-and-a-half-year-old son at home. In mid-April last year, when she was browsing a home furnishing website, she accidentally found a screenshot of her living room posted on the webpage. The angle of the photo was taken from the position of the camera in the living room, and the picture quality and color were the same as the real-time picture on the mobile phone APP.
Ms. Zhang contacted the website and learned that the picture was downloaded from another website. Although the website quickly deleted the photo, Ms. Zhang still felt scared. She was worried that the leak of the picture was related to the cameras installed in her home, so she removed all the cameras and abandoned them.
The concerns of Ms. Zhang and other netizens are not unfounded.
According to media reports, in June this year, Ms. Hu from Hangzhou found that the camera in her home was moving without any operation. She logged into the mobile client and found that the camera, which was only bound to her, was being watched online by two users at the same time.
In early August this year, Ms. Huang from Chongqing also found that the camera installed on the ceiling was rotating by itself when she was using it at home. She checked the background of the computer and found that in addition to her own account, there were other unfamiliar users watching the camera.
At present, there are 40 to 50 million household cameras in my country, and some cameras with poor security have become targets of attacks.
In November this year, the media reported that a Korean brand of smart sweeping robot had a security vulnerability, allowing hackers to remotely control it to move freely in the user's home and spy on personal privacy.

A seller said that 10 IPs cost 120 yuan.
Camera IP addresses are sold publicly online
Behind the frequent intrusions into smart cameras is a gradually emerging black industry that steals and sells personal privacy.
A Beijing News reporter searched using keywords on QQ and found several QQ groups for hacking cameras.
The reporter joined one of the "camera hacking" QQ groups. The group introduction showed that it was created on November 11 this year and had 627 members. The group chat was in a state of no communication for all members, and only the group owner and administrator would occasionally send a message saying "@All members need to purchase IP scanning software to record the video, click on my avatar to chat privately."
The scanning software mentioned by the group owner and administrator is the cracking software, which can hack into other people's smart home appliances by cracking IP addresses and remotely control cameras to spy on their privacy. However, not every camera can be cracked.
In addition to cracking software, the administrator also sells cracked IP addresses, which can be used to control the camera by directly entering the IP.
Different software has different prices. A price list sent by administrator Zhang Yun shows that a premium IP is 68 yuan each, a UID (user identity verification) for an opposite bed is 30 yuan each, and the mobile version of the Sky Eye scanning software is 100 yuan, while the computer version is 150 yuan.
Zhang Yun sent a picture of a camera facing the hotel's pink double bed and said that the boutique IP is the camera opposite the bed in the hotel. There are 12 cameras in total, all of which are secretly installed in hidden places.
As for questions such as the hotel name, how to install it, and how long it would take to install, Zhang Yun did not answer any of them.
The UID of the bed opposite was obtained by hacking into the smart home appliance camera of other people's homes. "They are all beds opposite each other, and one is in a female dormitory abroad." Zhang Yun sent several screenshots. The camera's overhead shot shows the entire bedroom at a glance, and in some screenshots, someone is sleeping on the bed.
Zhang Yun said that these UIDs were scanned and cracked through the Sky Eye software. After scanning and cracking hundreds of cameras, he selected 30 so-called "fine" UIDs aimed at bedrooms or beds to sell.
"If you want to see it directly, buy the IP address or UID. If you want to play with it yourself, buy scanning and cracking software," he said.
More sellers use "high-quality IP" as a tool to make money. Wang Fang is the owner of a high-quality wholesale group with 324 members, which was created on October 14 this year. He said that he has "a lot" of high-quality IP.
Wang Fang used "flash photos" to post some private pictures in the group to attract buyers. The "flash photos" can only be viewed for 5 seconds and will be automatically destroyed after the end. Wang Fang said that he did this on the one hand to prevent his peers from stealing the pictures, and on the other hand to prevent being found out and held accountable.
In this group, the price of a cracked camera IP is 20 yuan per piece, and the wholesale price is half the price, but the minimum order is 20. Wang Fang said that some of these cracked IP addresses were cracked by him using software scanning, and some were purchased from others.
Wang Fang bought a "premium" IP for 60 yuan, and then resold it to more people at a price of 10 to 20 yuan each.
The passwords of these IPs were changed to a unified password for easy login. Logging into an account provided by Wang Fang, the reporter noticed that at most 7 people were watching the camera online at the same time.
Wang Fang is already familiar with the business of selling IP. "First, you need to create dozens of high-quality accounts, and then you need to create a small QQ account and create a group to advertise."
"When I'm lucky, I can sell thousands of yuan a day." He said that one time a customer paid 500 yuan at one time and bought a package of more than 50 IP numbers.

The seller successfully cracked the ID and other information of multiple cameras using cracking software.
Hacking the camera can control the viewing angle and monitor
According to the promotion of some online sellers, it only takes more than ten minutes to crack the IP or UID of a smart camera using scanning software.
Online seller Li Jing told the reporter that the so-called "Sky Eye" is just one of many scanning and cracking software, and there are many similar software. The functions of these software are similar, but some software are only for scanning and cracking cameras of a single brand.
Zhao Wu, founder of the cybersecurity company White Hat, explained that the principle of this type of camera scanning and cracking software is very simple, which is to scan the IP address of the camera with a vulnerability and use the vulnerability to obtain the account password.
Sellers are very secretive about the source of the software. Most of these cracked software have "official" groups for software sales on their operating interfaces. Li Jing said that now the management is strict, and the groups of the original software general agents and agents have been blocked.
Another seller said that there are very few new cracked software now, and what is sold are the software that has entered the market in the past. He once knew a studio that made cracked software, but it has now been disbanded.
Li Jing said that some scanning and cracking software can be viewed directly after being cracked successfully, while some need to be used with viewing software. "Using viewing software is clearer and can also record video." He sells a scanning and cracking software and a viewing software in a package for 80 yuan.

The price list shows that four categories of goods, including cracked software and high-quality IP, are sold at clearly marked prices.
"It scans and cracks at the same time, and after cracking, you will have the IP, account and password." Li Jing demonstrated to the reporter, input an IP segment and port number, the software starts running, a series of IP numbers keep appearing, followed by "no" or "ok" signs. "OK" means that a camera has been successfully cracked.
After more than 10 minutes, the software scanned more than 200 IP numbers in this IP segment and cracked a total of 9 cameras. The IP addresses, ports, accounts, UIDs, and passwords of these cameras were all displayed on the software.
Click on the IP, and the hacked camera image will appear in the lower left area of ​​the interface. There are four buttons here, up, down, left, and right, which can control the camera's view to move in different directions.
Enter a set of cracked IP, account, and password in the viewing software, and the real-time camera picture will immediately appear. It is a bird's-eye view, showing a living room with two women sitting on the sofa talking about something. Turn on the monitoring function, and you can clearly hear the conversation between the two.
The camera can rotate up and down, left and right, with a "click" sound, giving a clear view of the entire room. It can also adjust the focus and zoom in or out. In the picture, a woman stared at the camera for a while, looking suspicious, but did not take any action.
Li Jing said that the purpose of mass scanning and cracking is to find high-quality IPs, that is, cameras facing beds, bedrooms, and even toilets and bathrooms. After obtaining the so-called "high-quality IPs", they can be sold or used for personal voyeurism. Even if the password of a hacked camera is changed, the cracking software can still crack it again. The cracking software has the function of cracking a single IP.

The seller hacked into a camera in two minutes by scanning the cracking software and obtaining its username and password.
100G secretly recorded video sold for 68 yuan
In addition to scanning IP segments for random cracking, some people also sell the service of cracking a single camera online. It costs 100 yuan to crack a designated camera.
There are also cracking software for specific brands of cameras. "The cracking efficiency is higher." Wang Fang said that he himself uses a cracking software for a certain brand of camera, which is sold for 280 yuan.
Li Jing also sold the reporter another software that is specifically used to crack a certain brand of cameras, all of which are 360° panoramic high-definition cameras.
Li Jing said that almost all brands of cameras on the market can be cracked. He sells a scanning cracking software that has both cracking and viewing functions, which has more than 420 camera brands and thousands of models built-in to choose from.
In addition to home cameras, other smart home products with cameras, such as sweeping robots, have also become targets of hacker attacks. After being hacked, these smart home products become the "eyes and ears" of criminals who spy on privacy, which can not only easily leak private images of users' homes, but also may cause information leakage including bank card passwords, social software accounts, etc.
In addition to satisfying some people's desire to voyeur, hacked cameras can also be used to secretly record videos and spread as pornographic videos for profit.
Zhang Yun said that he would record and edit the "wonderful" parts he captured with his camera, with a total of 300G. This has also become another "selling point" for him, with 100G of content sold for 68 yuan, and there are discounts for large purchases.
The screenshots he sent showed that the videos were stored in dozens of folders by month, with the earliest video being from March 2016.
The reporter interviewed more than 20 black market sellers of camera hacking, and almost all of them had a large number of private videos recorded by hacking cameras for sale.
The seller with the most claimed to have 30T of edited videos, all stored in a network disk, and sent screenshots of the files to the reporter.
The prices of private videos sold by different sellers vary, with the price of 100G of video ranging from 50 yuan to 100 yuan.
Many places have cracked down on home camera intrusion cases
Li Jing has a formal job related to programming. In his spare time, he resells various Internet black and gray products. He has sold QQ numbers and pornographic live broadcast software, and can earn several thousand yuan a month.
He said that selling camera cracking software was very profitable six months ago. The software that now sells for 80 yuan was sold for 188 yuan at that time without bargaining. "There were fewer sellers and more buyers at that time."
"It used to be called camera hacking, but later QQ blocked this keyword and also closed many groups," said Li Jing.
The reporter noticed that the "official" sales group of each scanning and cracking software is displayed on the operation interface, but now these group numbers no longer exist. With the disappearance of these "official" groups, the agents and sales in the past have gone underground and are doing business more secretly.
Since the beginning of this year, police in Beijing, Zhejiang and other places have successively cracked cases of hackers illegally invading residents' home cameras. In July, Beijing police cracked a case of spreading home camera cracking software online and arrested 24 people involved in the case. The suspects said that they illegally obtained a certain brand of camera cracking software, used hacking methods to crack the IP of the network camera, and then sold it in the QQ group.
In early August, Lishui police in Zhejiang Province successfully cracked down on the first criminal gang in Zhejiang Province that spread home camera hacking and intrusion software online. Nearly 10,000 home camera IPs have been hacked and intruded, involving Yunnan, Jiangxi, Zhejiang and other places.
According to the "Public Security Administration Punishment Law", those who peek, take secret photos, eavesdrop, or spread the privacy of others shall be detained for not more than five days or fined not more than 500 yuan; if the circumstances are serious, they shall be detained for not less than five days but not more than ten days, and may be fined not more than 500 yuan.
Zhang Xinnian, a lawyer at Beijing Jingshi Law Firm, believes that hackers who crack private surveillance IPs without authorization or provide software to help others crack private surveillance IPs and spy on others' privacy are suspected of illegally obtaining computer information system data and illegally controlling computer information systems. If the circumstances are serious, they will be sentenced to fixed-term imprisonment of less than three years or criminal detention, and/or a fine. In addition, selling pornographic video information publicly online is also suspected of producing, copying, publishing, selling, and disseminating obscene materials for profit.

After being hacked, the camera can display the room’s image in real time and can also record and monitor.
Zhao Wu, founder of the cybersecurity company White Hat, has long been concerned about the black market of cameras. He said that the situation of hacking personal cameras to spy on people and sell private videos for profit has only appeared in the past three years, which is related to the popularity of personal cameras. Now many people install network cameras to monitor children, the elderly or pets at home, or use them as home security tools. However, a large number of cameras have security vulnerabilities that are easily hacked.
In the first half of this year, Zhao Wu's team submitted a report to the regulatory authorities, pointing out that many cameras have security vulnerabilities that are easy to be attacked. Some manufacturers even reserved backdoors that can be remotely controlled during the production of cameras.
In addition to the need for manufacturers to continue to improve, Zhao Wu believes that ordinary users should also pay attention to some usage habits to prevent privacy leaks: unless necessary, never connect the camera to the Internet; if it must be connected to the Internet, use unpopular access ports and avoid commonly attacked ports such as 81 and 82.
"You must change the default account name and password." Zhao Wu said that if conditions permit, the camera firmware should be updated in a timely manner, and "never point the camera at the bedroom or bed."

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.

<<:  GAC Ayan series models are dressed in "epic new skins", the king's new attitude carries the whole audience

>>:  BYD reveals that many of its employees were involved in corruption: privately opening casinos, accepting bribes, and many people were arrested

Recommend

A collection of 50 medical beauty marketing cases and market research reports

A collection of 50 medical beauty marketing cases...

How do these five industries seize the dividends of Zhihu's advertising channel?

Which industries and companies have already condu...

Message signing and encryption/decryption - Developer Q&A

Q Why do we need to launch the message encryption...

34 questions and answers on Xiaohongshu operation

Have you encountered the problems that Xiaohongsh...

The 10 hottest growth strategies of 2019

There are two obvious trends in 2019: as the traf...

A man was fined 5,000 yuan for slapping a cucumber? Is this unfair?

Who doesn’t want to eat some refreshing and pleas...

Will the next iPhone be changed to cater to China?

If we say that in the Steve Jobs era, it was diff...

The past and present of the "Angel Pill" Aspirin

Bayer is a global pharmaceutical company. The inf...

Event Operation from Entry to Advanced: Program Design

The previous article talked about the preparatory...

Invite celebrity KOLs, what is Xiaohongshu’s operation strategy?

I heard that after the Empress in "Story of ...