Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Serious WiFi security issues discovered in GoPro cameras

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

March 6, 2015

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

It's been revealed late yesterday that hackers can harvest the cleartext SSIDs and passwords of wireless networks accessed by sports cameras made by GoPro.

The GoPro app collects and actually takes down wireless credentials in order that it can be used to log on to and manage the cameras in question.

Security researcher Ilya Chernyakov says that the credentials in question which enable access to the cameras could be mass harvested with a script to easily change a numerical token value within a generated URL.

"All you need to do to access someone else’s Wi-Fi settings is to change that number," said Chernyakov.

"I wrote a small python script that runs on a range of the URLs, extracts the settings from the response and puts them into a csv file," he added.

"There were no complications, nor any noticeable so-called 'shape limiting' for downloading so I was able to create a list of about 1,000 Wi-Fi names and passwords, including my own," he said.

The attacks are limited since hackers can only access the sports cameras. However, Chernyakov says that scripts could be written to check nearby GoPro networks against harvested credentials.

The researcher disclosed those security flaws to U.S. CERT which nudged GoPro into fixing the flaws.

To be sure, tests against a listed link did fail, indicating the direct object reference vulnerability is in fact closed.

"It actually takes quite a bit of time driving around snowboarders and divers, looking for Wi-Fi networks of the GoPro cameras," Chernyakov added.

Whether the waterproof cameras could be used in other extreme situations that could make the harvesting attack more dangerous to GoPro owners isn't known, however.

Source: Ilya Chernyakov.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer