Motorola camera hacked by researchers at Context Information Security

The company gained access to the home network’s Wi-Fi password, obtaining full control of the pan-tilt-zoom controls and redirecting the video feed and movement alerts. The Motorola IP camera, manufactured by Binatone, boasts a wide range of features and offers cloud connectivity through the Hubble service, hosted by Amazon Elastic Compute Cloud. This allows customers to watch and control cameras remotely and receive movement alerts through a free mobile app.

It was found by Context researchers that setting up the camera involved a private Wi-Fi security key, transmitted unencrypted over an open network, with the HTTP Authentication of username ‘camera’ and password ‘000000’. A number of legacy webpages on the camera revealed that the device is based on the same hardware as a legacy baby monitor product.

Investigations revealed that malicious firmware could be installed as it wasn’t secured or checked for validity by the cameras software and that root access to the device and discovering the root password “proved trivial” as it was 123456. Researchers also revealed that access to the home network Wi-Fi password, factory wireless credentials for secure test networks and credentials for the developers’ Gmail, Dropbox and FTP accounts was in plaintext. The device's logs were accessible through the open web interface and contained the AES encryption key for the remote control messages and FTP credentials for video clip storage.