So, it seems that after several years of these cameras being on the market it appears there are some very basic security holes. To be honest I am not surprised, these cameras are *very* budget and so given that I was using them to watch over the little one I didn't expose them on the internet but have used a cracking piece of software zoneminder to host and record the video when I want to access it outside of the homestead.
However, in an effort to at least try and make them more secure, I have enabled telnet and inserted the boot script to version 1.1.1.74 of the firmware which was released by Trendnet as a result of the excellent work done by Console Cowboys; you can download the new and improved firmware here. The upgrade procedure released by Trendnet suggests that you need to first install 1.1.0.67 before upgrade which can be found here.
Whilst we are talking about security, if you are concerned about telnet being open, I suggest you turn it off in the startup scripts on USB or SMB. You can then use dropbear to have ssh connectivity if you still want the command line as below:
I have also compiled dropbear with its associated support files (dbclient, dropbearkey and scp); it take a little bit of effort to get this running as you need to copy the libutil.so.0 into the lib directory, generate the keys and add users to the device. As user management is not included in the base busybox provided I have also compiled a more complete version. All these files can found here, I'll add more complete instructions to automate this when I get some time.
However, in an effort to at least try and make them more secure, I have enabled telnet and inserted the boot script to version 1.1.1.74 of the firmware which was released by Trendnet as a result of the excellent work done by Console Cowboys; you can download the new and improved firmware here. The upgrade procedure released by Trendnet suggests that you need to first install 1.1.0.67 before upgrade which can be found here.
Whilst we are talking about security, if you are concerned about telnet being open, I suggest you turn it off in the startup scripts on USB or SMB. You can then use dropbear to have ssh connectivity if you still want the command line as below:
I have also compiled dropbear with its associated support files (dbclient, dropbearkey and scp); it take a little bit of effort to get this running as you need to copy the libutil.so.0 into the lib directory, generate the keys and add users to the device. As user management is not included in the base busybox provided I have also compiled a more complete version. All these files can found here, I'll add more complete instructions to automate this when I get some time.
all these links are now defunct. Are the files still available? I am attempting to figure out how to downgrade the firmware on a TVIP410. I think some of the stuff might be helpful.
ReplyDeleteI think Dropbox changed the file sharing links - I’ll refresh the links tomorrow
ReplyDeleteHi there, I'm also looking for the files, is it possible to refresh the links again? thanks a lot!
ReplyDeleteI don’t even know how I ended up here, but I thought this post was great. Fototapety I do not know who you are but certainly you’re going to a famous blogger if you aren’t already Cheers! white house market
ReplyDeleteJoin the world’s largest community of ethical hackers and start hacking today! Be challenged and earn rewarding bounties. Learn more! https://www.hackerone.com/for-hackers/how-to-start-hacking
ReplyDelete