Recently, there have been a number of stories about hidden cameras found in Airbnb rentals [1][2]. Of course, these cameras are likely not limited to vacation rentals, and there have also been reports about cameras installed in hotels [3]. When considering defenses for any threat, it is important to keep in mind the adversary. In this case, I am assuming that the owner of the apartment you are renting is not a sophisticated network engineer but pretty much buying cheap off the shelf cameras and connecting them to the local network. You typically end up with your normal "home network" in an Airbnb. A single wireless router/access point connected to a consumer DSL or cable modem. The guest has access to the wireless network but usually does not have access to the admin console of the router. The very first thing you can do is a simple visual inspection of the rooms. Is anything out of place? Cameras often need power. Are there any devices that have power running to them that usually do not? Are any devices out of place. Popular devices used to hide cameras:
Do a quick search on Amazon for "hidden camera" to get a decent list of possible devices you may encounter. Not all of them require power cords. Some run on batteries. Next, it may be a good idea to check the local network for odd devices. Most of these cameras will allow remote access via WiFi. As a very first step, see what networks are available (in addition to the one provided by the host). But this scan is likely going to show dozens of neighbor networks, and I do not recommend trying to connect to networks you are not authorized to connect. Watch for any networks with a surprisingly good signal. Once you are connected to the host's Wifi network, it is time to launch a quick Nmap scan. Most of these spy cameras offer a web server. So a simple scan like:
is a good start. Here are some of the innocent devices you may find:
For any devices found, connect to them to see if you can identify them. If nothing is found, or if you find devices that do not respond on any of the ports above: run a more exhaustive scan. You will not find devices segmented into a different VLAN, or that are properly firewalled on to respond. If you want, you can be more intrusive. Reboot the router (unplug/plug it back in) and collect ARP messages with tcpdump to see if you missed any devices. Finally, try to figure out the public IP address of the network you are on ( https://dshield.org/api/myip ) and either run a port scan from the outside to see if you find any odd open ports, or look it up in Shodan to see if Shodan found cameras on this IP in the past (but you likely will have a dynamic IP address). If you do have access to the router's admin console, you may want to check if it has a list of connected devices or additional networks it is offering, which may be used for these devices. Some home routers have two SSIDs, one typically used for "Guest" access, with a second SSID used for a more protected subnet. Cameras could be connected to this second network. More advanced techniques:
The same techniques can apply to a normal hotel as well. But hotel networks tend to be more complex, so a Nmap scan is likely to lead to ambiguous results. Hotels for example often have cameras in hallways and other public areas (hopefully your Nmap scan will not find them). [1] https://nakedsecurity.sophos.com/2019/04/09/airbnb-says-sorry-after-man-detects-hidden-camera-with-network-scan/ --- |
Johannes 4042 Posts ISC Handler Apr 11th 2019 |
||||
Thread locked Subscribe |
Apr 11th 2019 1 year ago |
||||
To scan the wireless network in hotels and airBnB's I use Fing. It runs on iPhone and Android and the free version is adequate for this. I does does a quick scan of the connected wireless network revealing any devices it can find. fing.com/
|
Rick 317 Posts ISC Handler |
||||
Quote |
Apr 11th 2019 1 year ago |
||||
Rf jammer of many frequencies will work always. Just jam Bluetooth 2.4 ish 3g 4g 5.8 and others, isn't it just a simple circuit some antennas and an amplifier circuit?
|
jACKtheRipper 63 Posts |
||||
Quote |
Apr 24th 2019 1 year ago |
||||
So one of the local providers is bundling their home automation in with whatever service to try and compete with the only internet you would want in town...symmetrical giganet for like 55 a month... Cable and att is a joke honestly, but since they are giving all this away automation, they don't set up go figure, and they all default to channel 1 and literally each person has 4-5 bssid associated just causing mad noise.. Look...
https://i.imgur.com/wcjDtWM.png This is why there are botnets and people hacking the iot, because big companies push things like this, do t set it up, don't contemplate the shitty wifi that is the result of all this background in needed traffic Yeah switch from channel one but what happens when it's on all of them. Plus i noticed some of the rebranded iot home kits from Lowes home depot etc, use the old channel from those portable phones, which I think is still 2.4 or 900 or something... That airodump image is wild though |
jACKtheRipper 63 Posts |
||||
Quote |
Apr 24th 2019 1 year ago |
Sign Up for Free or Log In to start participating in the conversation!