@FFD8FFDB Twitter bot spies on poorly configured cameras

Pierluigi Paganini January 03, 2016

@FFD8FFDB is a Twitter bot that spies on poorly configured cameras tweeting the images captured by the connected devices.

There is an air of mystery when you first notice @FFD8FFDB. However, the next thing you will see is that really gets on to you.

There is a strange Twitter account, @FFD8FFDB, that every few minute tweets pictures taken by cameras alongside to text-written seemingly meaningless.

Going deep into the matter, you can find out that the bot is part of a wider project that browses the Internet searching for poorly configured webcams whose obviously leak data. Once discovered an open webcam, the bot takes screenshots from the feeds and tweets them.

Who is behind the project?

The US developer Derek Arnold designed the bot who said that he created the @FFD8FFDB bot mainly to highlight the importance of the privacy.

“For the last few months, I’ve been running two semi-anonymous projects that use unsecured network cameras. My goal was to present the appearance of these cameras as aesthetic, rather than intrusive; beautiful instead of filthy.” Derek Arnold wrote in a blog post.

Arnold manually selects the webcams to use for his experiment to avoid tweeting images that expose unaware people and their homes. He used some network tools to find them and later select the ones to use for his project.

Airlive cameras flaw 2

“Mostly I wanted to use a somewhat predictable, but unreliable imagery source (unsecured public network cameras) as the basis for some fun with video filtering.” wrote Arnold in an email sent to the Daily Dot.

“I went this route because, while there are many lists of cameras available online my goal wasn’t titillation,” he said. Whenever he comes across cameras broadcasting from people’s homes, he immediately blocks them from the bot’s list of source cameras.

“I tended to lean on cameras that are in outdoors, public or business settings rather than in people’s homes, which was fairly easy since I chose not to scan residential ISP blocks,”

Most of the pictures show empty offices and office building interiors, in a limited number of cases, unaware people is captured while working.

There are a number of tools available online to search for connected devices like webcams, Shodan and Censys are the most popular project that scan for this category of systems allowing an easy search.

Most IoT devices lack security by design or are not properly configured, opening users to cyber attacks. Smart TVssmart meters and Refrigerator are potentially exploitable to target users everywhere. In October 2015, experts from Imperva have discovered that attackers hijack CCTV cameras to launch powerful DDoS attacks exploiting weak credentials and poor configurations of IoT devices

In the blog post, Arnold explained that the @FFD8FFDB project is just one of a couple of project he is carrying on,  the second camera bot he used is a YouTube bot that is stealing video from a list of cameras, mixing the colors down into grayscale.

“My second camera bot is a YouTube bot, stealing video from a smaller list of cameras, mixing the colors down into grayscale. The frame rates of these cameras are variable, as fast as the network can deliver them, with some jitter. The end result is a rough time-lapse, and though each video is roughly a minute, the actual time elapsed varies.” Arnold wrote.

The project conducted by Arnold demonstrates the importance to carefully configure connected devices to protect our privacy.

Pierluigi Paganini

(Security Affairs – @FFD8FFDB, IoT)

you might also like

leave a comment