Step 1 – legal frame
Before I start, lets have a little intermezzo to german law. It says…
§ 202c (1) Whosoever unlawfully obtains data for himself or another that were not intended for him and were especially protected against unauthorised access, if he has circumvented the protection, shall be liable to imprisonment not exceeding three years or a fine.
We notice that one move within a legal frame, when you not break any security mechanisms. So I did…
Step 2 – target specification
To shorten the time of scanning I limited the targets and services I was searching for. I chose:
- ftp
- telnet
- http
A quick whois
on my IP address told me I was in a /17 subnet, so there
were “just” 32768 IPs to scan. To fasten the scan process I took the -T5 option of nmap.
# nmap -T5 -p21,22,80 123.123.123.123/17
Step 3 – connect
When the first open ports were shown I started to connect.
FTP
I don’t know why but even when people doesn’t secure anything in their network… the FTP servers required valid (non-anonymous) credentials. The only successfull authentications I had were with default credentials, so I looked these up in the internet (btw, is the use of default user/password a “special protection against unauthorized access”?).
Whatsoever, I expected much more valid anonymous-logins through FTP, than there actually were. So how about giving telnet a chance...
Telnet
Telnet provided me with more success, even when I had to lookup default logins constantly.
Unfortunately the telnet accesses were only provided by busybox’s shell – so I couln’t keep on exploring without compiling tools or similar.
So I finally switched to:
HTTP
The most interesting stuff I found through HTTP. Mostly there were dreamboxes and routers …
… but also an IP camera...
And even
a homematic smart home system…
Especially the homematic smart home system kind of shocked me… I simply browsed to the IP-address and got automatically logged in… That’s not even scary, it is also dangerous.
Conclusion
I don’t know whether my IP-neighbors are reckless, unaware, followers of security by obscurity or simply stupid but this booty overview is very alarming. Especially a complete house control should not be accessable passwordless through the internet.
Anyways… a big thanks to all my neighbors, for banish my bordom for at least one night.