If your internet-connected camera works over an app called XMEye Cloud, then you might want to consider turning the device off.
New security research is warning that possibly millions of video surveillance cameras from a Chinese manufacturer have been secured with weak default login credentials, making them easy to hack.
On Tuesday, the security firm SEC Consult published a blog post on the potential threat. The manufacturer, Xiongmai Technology, is a supplier of internet-connected cameras that can let you view the video feed over an application called XMEye Cloud. Simply open the app on a smartphone, add your camera, and you can begin viewing the recorded footage online.
The only problem is that Xiongmai secured all the cameras with the default username 'admin.' No password is needed. According to SEC Consult's research, you can also access a camera's video feed with the username 'default,' and then the password 'tluafed.'
'Users are not required to set a secure password in the initial setup phase, so it is likely that a large number of devices are accessible via these default credentials,' SEC Consult researcher Stefan Viehbock wrote in the blog post.
Hacking STEM bridges the gap between hands-on learning and digital technology with full and ready-to-teach lesson plans. Highlighting the application of 21st century skills such as electrical engineering, software engineering, mechanical engineering, and data science in classrooms, Hacking STEM.
The good news is that knowing the default login credential isn't enough to access a random person's camera over the XMEye app; you also have to know the device's 'cloud ID,' which is a 16 character-long string. However, Viehbock discovered it wasn't hard to guess a correct cloud ID. Each one is derived from the camera's MAC address, a serial number all internet-connected devices have.
'The MAC address is not a good source of randomness. It has a well-defined structure,' he wrote. As a result, a hacker could exploit this feature to plug in character sequences into the XMEye's app to find valid cloud ID addresses.
During our research we came across a Xiongmai user manual that contained screenshots with lots of #xmeye cloud IDs. One provided access to a NVR with default credentials at a Xiongmai factory! https://t.co/7NOfZxcqVxpic.twitter.com/n7hsZsUSxy
— SEC Consult (@sec_consult) October 9, 2018
To understand the scale of the problem, SEC Consult developed a scanner to search the open internet for the cloud IDs and estimates that at least 9 million Xiongmai-manufactured products are online. By accessing the camera devices, a bad actor can not only view whatever footage they record, but also potentially infect them with malware to create a botnet — or an army of enslaved computers. This could be done by designing a malicious firmware update and tricking the cameras to download it via the XMEye's developer API.
SEC Consult submitted its research to US cyber authorities, which issued an advisory on Tuesday, warning the public about the threat. Camera owners can consider changing the default password, but to truly stay safe SEC Consult is advising consumers to stop using Xiongmai-manufactuered cameras altogether.
The security firm said its spent the last seven months trying to push the Chinese supplier to fix the vulnerabilities. However, according to SEC Consult, Xiongmai has still not issued a patch.
Download circuit wizard 2 free. Xiongmai did not immediately respond to a request for comment, but the company has a history of failing to take IT security seriously. The company's products were previously ensnared in the Mirai botnet back in 2016 over their weak default usernames and passwords, which made them easy to infect with malware.
According to SEC Consult, Xiongmai is the supplier to dozens of lesser-known camera brands, some of which are sold by Home Depot, Walmart and Amazon. You can find the brand names in the security firm's blog post, but cameras, DVRs, and network video recorders that feature XMEye app connectivity were likely built by the Chinese supplier.
Serendipitous. That's the word that springs to mind when I think of The Lords of Midnight. There was no reason why I should have encountered it at a rather young age. I can't see it having been sold in Toys R Us or my local indie gaming store. By the time I owned a Commodore 64, the system was dying a slow death and shops only really stocked budget offerings from Ocean or Codemasters. As an eight or nine year old, I didn't care that I had a dated system though. I had games to play! That's all that mattered.
The acquisition of The Lords of Midnight only came about through pure dumb luck. I was subscribed to a Commodore 64 magazine (Commodore Force, I think, rather than the superior Format) and there was a mix-up with the subscription. In a rather impressive demonstration of good customer service, the company sent me a box full of Commodore 64 games as an apology. One of those games was The Lords of Midnight - a title that would continue to defeat me, even all these years later.
Essentially, it's a strategy game. You start out with four characters roaming a land that feels like something straight out of Lord of the Rings. There's the classic battle against good and evil but there are different ways to succeed, too. Playing out like an RPG, you can focus on young Morkin as he attempts to destroy the Ice Crown, the source of the evil Doomdark's power, on his own. Alternatively, you can treat things as a wargame, recruiting other lords and armies to defeat Doomdark with some good old-fashioned superior firepower.
Up to 28 characters can be recruited with a remarkable 4,000 independent locations to explore on the map along with 32,000 separate views. It's reasonably vast by today's standards, but given it's over 30 years old, it was a phenomenal achievement for the time. It took some rather impressive coding, thanks to the limitations of BASIC and the fact that the Spectrum and Commodore 64 depended entirely on cassette tape - something that will sound baffling to people not of that era but seemed normal back then. Even so, I came across the game in the early 1990s and it felt like nothing I'd experienced before. It still feels that way.
:: Best gaming keyboards 2019: Digital Foundry's picks
Presented via a first-person perspective, you negotiate various bleak snowy landscapes, discovering castles, copses, towers, and many monsters. Every session can be very different as Doomdark's armies don't always follow the same pattern. Somehow, I was patient enough to simply enjoy the fact that I was never going to get very far.
Mutant Egregor Reality Hacking Wargame download free, software Pc
The Lords of Midnight is cruel, you see. If Luxor, father of Morkin, dies, you lose control of everyone bar Morkin. Luxor can survive a huge battle between armies then be taken out by a couple of rabid wolves. As combat is a simple matter of walking towards the enemies and waiting to see how things play out, it's all rather random, and the game can sometimes thwart your best efforts in no time at all. Then there's the Ice Fear - an evil magic that Doomdark could aim at certain areas of the map, frightening your people and even turning them to his cause. All wonderfully random and more than a bit mean. Presumably, this was all meant to be a harsh lesson in how life isn't always fair. To think I'd have already waited 15 minutes for my Commodore 64 to load the game before suffering such a wretched fate.
Mike Singleton, the creator of the game, explained in an Edge interview in 2000 that he anticipated it taking a month or two until someone managed to complete it, given the vastness and challenge of what he had made. A plan was set by original publisher, Beyond Software: the first person to finish the game would have their adventure turned into a book. In reality, however, in less than two weeks, someone had sent in a winning scene-by-scene printout, and somehow the prize was eventually forgotten about. (
As Singleton pointed out at the time, it took him 'nine solid hours to gain a military victory against Doomdark', and that was with the benefit of all the maps and data possible. The sheer fact that players were so keen to complete this tough and unique game was a perfect example of just how beguiling it really was.
Even now, there's little else remotely like it. I can dip into it and still enjoy feeling like everything is against me and that I'm part of this huge wargame. While its graphics may look dated, its sense of scale still feels vast, happily backed up by its varied gameplay. Many years later, it captures the imagination of all who play it, as seen across the internet. https://entrancementchange344.weebly.com/blog/free-rar-342-32-bit-console-version-programs.
A cursory look around online reveals so much more than just a few brief memories. There are the little things like my grudging realisation that my copy of the original game didn't come with a map, and that now it's possible to download image files of each square of the map lovingly laid out to give you a fighting chance. I can only begin to imagine how helpful this would have been back in the day. Do you know how hard it is to bumble around a treacherous in-game land as a child, while having no real clue where you're going? Now, with the wonders of the internet, there are many maps out there.
More importantly, there's a new way to play, courtesy of Chris Wild. A long time fan of the game, thanks to his brother introducing him to it, Chris went further than most enthusiasts. Back in 1990, upon acquiring a Spectrum +3, he delved into coding with the intention of writing his own game. Soon, that turned into hacking existing games like The Lords of Midnight, so that he could put them onto a +3 drive. In time, that turned into him converting it to run on a DOS based PC. It's a complicated sounding process that's detailed on his blog, but suffice to say, over the course of many years, it's led to The Lords of Midnight finally making its way to PC, Mac, iOS, and Android. A 30+ year game capturing the attention of a whole new generation!
Much of this was thanks to Chris Wild's devotion to the cause, gaining permission from Mike Singleton beforehand and receiving his blessing to go ahead with such ports. Such was the high quality of the PC port, Wild found himself in the unusual position of being asked for permission from Singleton himself to have the DOS versions of the The Lords of Midnight and its sequel, Doomdark's Revenge, placed on CD alongside The Citadel - the final sequel for this captivating series of games.
But what of the latest conversion of The Lords of Midnight? Well, it's delightful. Within seconds of loading it up on my laptop, it felt like I was that young child again, utterly bewildered by so many options and that risk of sudden death. Aix 7 1 gpfs base downloads. Chris may have informed me that completing it is pretty easy (quick recruitment is key, it seems) but I'm somewhat foolishly dimwitted with the game. Perhaps it's down to my dogged determination to play it the old fashioned way - blindly and without a map. The latest conversion includes an in-game map but, hey, why make life easier for yourself? That's not my way at all.
Mutant Egregor Reality Hacking Wargame download free, software Free
I suspect really it comes down to one thing - I quite like not actually seeing the end of the game. It's comforting to have this unusual certainty in life. I've spent so much of my life dipping into The Lords of Midnight on various formats that it's nice to have this Everest of mine. I spent most of my youth not being able to complete the games I owned and that feels right and proper. I like just playing the early stages of beloved favourites and then not actually getting anywhere - as curiously masochistic as that may sound.
Mutant Egregor Reality Hacking Wargame Download free. software download
Whether I ever complete it or not, I'm in awe of the effect of The Lords of Midnight. There's a novel set for release in the future, courtesy of Drew Wagar, with Mike Singleton's original novella still available through the Lords of Midnight website. It's the kind of level of quiet fame that few other games of this age have. It's clearly something to be treasured, much like my own childhood memories, and a wonderful tribute to Mike Singleton, who passed away in 2012.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2020
Categories |