While port 443 is used for secure HTTPS traffic, which is encrypted and doesn't present the same kind of interception risk, any port exposing an insecure HTTP port over the local network is an invitation for an attacker to snoop around for more information on the connected device. While you must know the password of a Wi-Fi network to scan for these ports, you can access them over the Wi-Fi network to inspect the web application they host. If you see a port 80, 81, 8080, or 8081, this very likely means there is an insecure HTTP website being hosted on that port. When scanning devices with Wireshark, there are a few ports you're very likely to see open on devices like routers, security cameras, and other Wi-Fi enabled IoT devices. Because most businesses or homes with a camera have a monitor set up to view the camera, this can be a real concern for users with weak passwords or others sharing the network. If this is the case, anyone else who knows the Wi-Fi password can see exactly what the target is watching on the security camera. On security cameras, this problem is made much worse if the camera also hosts an insecure webpage where the owner can watch video play directly from the camera. Don't Miss: Disable Security Cams on Any Wireless Network with Aireplay-Ng.Even worse, some of these devices are designed to be exposed directly to the internet rather than just the internal network. As a result, it's common to see these devices appear on Nmap searches with insecure ports open. Convenience is often more important, so details like ensuring the administration page for a device is secure may seem like an afterthought to some developers. One thing internet-of-things devices typically have in common is a lack of focus on security. This means anyone with the network password can see traffic to and from the camera, allowing a hacker to intercept security camera footage if anyone is watching the camera's HTTP viewing page. It's common for IoT devices like Wi-Fi security cameras to host a website for controlling or configuring the camera that uses HTTP instead of the more secure HTTPS.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |