Seth Fogle has an interesting write-up about the hackability of Axis cameras, in this case the 207W. I can personally confirm that the 206M also falls for the exact same exploits, which likely means the entire 206/207 line is at risk and perhaps even the 205 (which I haven’t been able to confirm, but they share much the same if not exactly the same platform if memory serves me correctly).
As I also have an Axis 2120, I was originally led to the above by a great CNet article highlighting the fact that many government agencies and other organizations still make use of the 2100 model which, like my 2120, has long since been discontinued (and can be often found on the aftermarket still, on sites such as eBay). Axis said in the article they were working to patch the model, but a check on their site tonight still displayed the last available firmware as 2.43—last updated in 2004.
Since I’m not insane enough to expose the 2120 to the Internet at-large, I’m not all that worried. However, what these two generations of cameras share is a weak system open to XSS attacks and a lack of security foresight to use encryption to protect the system from backdoor exploitation. Then again, it’s not as if everyone who buys them even knows the basics of configuring them, rendering advanced attacks unnecessary to begin with.
As it stands right now, it would appear that Big Brother-esque camera systems are potentially far less secure than the governments implementing them might think. Very, very interesting findings indeed.
