Finding WEIRD Devices on the Public Internet 

I think those cameras on the billboards are supposed to be public. It's probably so clients can confirm their ads are being shown.

To everyone saying he didn’t hide the IPs, it’s literally on the open internet

At 23:05 the German IP Webcam "Stützerbach - Blick vom Schlossberg" is most likely a "wether cam". So it's a webcam that's actually meant to be publicly accessible to check the weather status. Those are common in Germany and pretty neat if you think about going for a trip to some place but are unsure about the weather conditions.

This isn't only useful to cyber security experts, but also to show people why they shouldn't easily trust anything that connects to the internet, especially things with weak authentication, and even more so with none

At which point did we go from "i just wanna host a Buffy fansite" or "i just wanna share a couple tunes with buddies" to "anything you post publically is going to be relentlessly scraped, vulnerability scanned for profit, and used in the next LLM model whether you like it or not" ?

I once found a camera system on the Internet at someone's house in the middle of nowhere...and somehow ended up moving into the house about a decade later...

Isn't it reassuring that embedded products are generally mature and secure, without firmware vulnerabilities... Oh... Wait...

geoguessr guy needs to find them to email the people that their devices are open

If you're old enough, you remember "IP Cam trolling" because people were lazy with securing their networked devices. Such hijinks were a thing for a while on at least one of the Chans. The main "feature" allowing the troll was that the cameras had a speaker in addition to the mic, allowing the observer to disturb the observed in some manner. RU-vid took videos about those down after some TOS change in the 2010's, even the ones that were more silly than malicious. (The ones I liked is where the guy bugging people eventually tells them to put a password on it at least. So the troll served a basic lesson in network security.) Despite all that, seems some things really never changed much. The "hack" is that things are still exposed to a lot of search engines depending on how the hosting works, so it's just a matter of knowing the keywords to bring them up.

This is incredibly worrying, but it's also important to show how much of your connections are available on the internet, and why securing those connections is so very necessary. Today it's a demonstration, tomorrow it's a legitimate malicious agent.

Fully expected John to be using Shodan lmao

Oh man.... The "S" in IOT stands for "Security"

I really like the fact that viewers can SEE the code (and terminal) that you discuss in your videos! I can always see your code clearly and thanks so much for doing this! Most content creators that I see on RU-vid post their code in small size font where I can hardly see it.

0:06 that's a public webcam of the city of Stützerbach in Austria.

I haven't done this for years! I found a freaky lobby cam once that I never saw anyone enter or exit. It was like one of those creepy alternate world things people talk about. "An Empty World, A Time Traveler, Another Dimension" 🤣

I remember finding something similar back in like 08. There was a site that you could browse public IP's for various cameras in your geographic location. There was a map and you could increase or decrease the range. It was interesting some of the cameras you could access. A few of the colleges in the area were wide open.

I have never watched your channel before but I understand why you have 1.45 million subs, great booming voice coupled with some amazing oration skills added to some great video work, scripting and editing makes you really awesome at what you do. Great video and thank you for the information.

You can do a search for online web cams and come up with thousands of cameras being linked from many sites that have already found them. Their private collection must be amazing.

23:00 Blick vom Schlossberg - View from the castle on the hill. (down to the village, somewhere in Thuringia, Germany)

There's a bunch of cameras that come out with open ports, there was a whole series of HIKvision cameras that are exposed if you only know the IP address in the correct port number

What is the difference between censys and shodan?

Whats the difference between Censys and Shodan?

This video is making my ears ring. I dont know if its something with the audio encoding pre/post upload, but there is something in the really high frequency range, edge of hearing, that im picking up. Almost "feel it" more than hear it. I dont hear it during the RU-vid injected ads, but as soon as the content video comes back I hear it. Maybe look at your audio? really great video. Love seeing people covering things like Shodan and Censys.

Way to represent, Melbourne! First St Vinnies, then billboard monitoring.

Searches are limited to 10 per day unless you create a login.

I was bord one day and found out you can watch some security cameras online depending on the company that provides the service. I watched a store front downtown Toronto (known location) at the end of the day the guy takes the money out of the register to count it then puts it into a popsicle box in the freezers with the other popsicles. would be a good idea if his cameras weren't public.

The segment about the BrightSign players was particularly interesting to me. I JUST had an issue with a client who had someone upload some "non approved" content to their BrightSign player. It was just so relevant this recent issue made me laugh!

I giggled when I saw the "Try one of these examples" and the first example shown was "Russian hosts running RDP or FTP". 🤣

I'm more curious on the shirt/cloth John is wearing. It looks so shiny and cool looking.

Thanks for sharing! I can see how easily you can go down the rabbit hole to find Alice.

Brilliant! love the way you present with such energy! Cheers!

John Hammond is the Barney of cybersecurity.

Imagine looking at active cameras and randomly seeing someone through their webcam.. that would.. not be good.

Well, that is something that is left there forever.

3:01 Interesting queries, hope there aren't any Internet exposed industrial systems.

Remember looking at all this kind of stuff back before GUI, just using command line or crude level text and being blown away at how much was on the open internet.

This is gold for sure. I'm sold.

My good friend does that with the 3D printers. He has them on a remote switch and he will run them while he is at work, so he can check on them remotely and if therer is an issue he can shut it down remotely.

What a fabulous video! I'm going to consider Censys for further analysis and exploration. It seems fun, interesting and helpful-thanks a lot! ❤

The billboard companies are playing 4D chess tricking us into viewing their ads for free

If you do not configure it willingly, devices in your LAN are not accessible from the WAN. The most problematic devices are these, connected to a cloud, because you have no control over the interfaces. If the cloud is compromised, all devices are as well. If you use webcams, buy them from big brands like DLink, Panasonic, Mobotics, Hikvision.... Think twice where you want to place a webcam as well. Not in the bedroom etc...

I'm actually surprised these devices let you use their app without setting a password

I literally did this today with Finn. The synchronicity is real

This site was part of a question in my CEH cert exam.

Also you find the camera via streetview, then contact the company. Then they remove the camera and few days later they make it public again :facepalm

VNC Resolver is something very similar to this which posts random snapshots on fedi

Big Tech meets Big Ick - I love it!!

25:53 gute Preise, gute Besserung 😂 (That's the slogan from the company ratiopharm)

There's a pretty cool song to play through the ip cameras: The Police - Every Breath You Take. It's the ultimate stalker's theme. Edit: Remember John, do not feed the monkeys.

Once saw one of these videos of an old guy asleep on his sofa, think the camera was inside a TV. You're better off covering anything thats got a camera if you don't want others being able to see you. I have tape covering the camera on my laptop for the same reason. If you've got any webcams also unplug them when not using them. There are thousands of links online and through google that give access to all these cameras.

They called me crazy but i knew i had to install a cctv and not a crappy smart camera

7:33 I think it is off because it is nighttime.

Webcam surfing is so fun, found someones grow tent once had a dozen plants in beautiful late flower lol

there are a lot of publicly accessable webcames in germany that just sit on houses and show you the enviornment

I use it to check traffic, but the public cameras are pretty slow since everybody is using it

Love your content! And question what keyboard you are using?😂

It's always fun going through that site

Not to be confused with Shodan, which is a search engine, but for devices all over the Internet

This seems like a service that enables far more ill deeds than benevolent.

So, that’s why I see that going on my website 1 times every week, it’s just scanning for changes!

a lot of stuff i looked up actually had a login page after the 200 so... kudos to them.

What the heck I saw this yesterday before I saw this video The worst thing I found is that I found the airport camera you can control like making sounds and turning on leds

I clicked on this thinking it was a paymoneywubby video and he used some filter to make himself more handsome for the thumbnail again. My next thought was “damn even the filter has a hard time making him look good”.

Is there a way to look at your own ip incase anything is leaked?

"I feel a little bit odd doing just the United States , I'll pivot to Canada" LMAO

Takes me back 20-30 years ago 😊😊

Ive found multiple cameras from inside home with people just doing their thing on shodan, creepy af, also found controllable cameras through out some landmarks in rome.

One of those billboards is literally 5 minutes from my house. What are the chances.

John - you should have included your caveat at the start to make it clear that even the non-malicious intent activity in this video may be illegal in certain countries and that viewers should ensure they are aware of their local laws before following the activity you show. The computer misuse act in the U.K. for example makes it illegal to access any computer system without authorisation. It doesn’t matter if it is “open on the internet” if the owner of the device has not authorised your access, then simply accessing it is illegal. There is limited protection in certain circumstances but someone just casually following what you say to access (say) random web cams, could put someone on the wrong side of the law.

It's crazy what you can find on the internet.

This is a problem, censys scans all ports on all IP address's every few hours. there are quite a few doing the same mostly from the USA and China. the load on the internet we pay for must be massive.

Glad to of seen this and find out my ip is all good and no open service, port exposed to the public

I want to see that cat drawing in a signage

Imagine watching this video and then your own 3D printer camera pops up there.. *woops*.. luckily mine is off atm. ;)

I am not sure but isn’t this something like shodan?

5:12 cellco partnership is Verizon Wireless. Not entirely sure WHY they use Cellco instead of VZW but they do.

John just found something, that my grandpa showed me as a kid (no joke) LMAO. The funniest thing is that most of these cameras actually are publicly available. Like not only because of this site, but rather they are intended to be public.

16:42 his task bar briefly appears. Showing proton vpn, brave as well as the time 11:57 lol.

When i was taking my course in CEH, our instructor (big dude, with a big beard, and full sleeves) poked some Chinese routers that were open to the Internet. Illegal? I dunno. Funny. Hell yes

the best part is when you can move them :)

You should connect to new refrigerators and see what food people have.

I have one client who have mail server on shared hosting (the same IP is for more email domains) that I don't have access (I only have access to cPanel of his domain). I just want to know what other email domains are on that IP address because my client have problems: his IP gets to blacklist very often and then they can't send emails to some partners. His company is clear I know for sure. Some other company that have email domain on the same IP are making problems and I need to know who else is on that IP so that I can contact them and ask them to check their security or maybe someone is sending malicious emails. They are all in my country, maybe in the same town. But I don't want to call hosting company before I check this by myself.

God if I what's playing a drinking game for every time I heard "drill down into" I'd be dead 😂

So like, a Shodan clone

y’all remember that one site that would take u to a random persons public webcam?🤣

That's why you dont open ports and use VPNs to tunnel into your home local network 😅

for more info , the endpoints of the misconfigured cameras for example AXIS, are full of RFI and LFI.

this is cool. like the overpass turbo of the Internet. awesome

Imagine how many businesses and homes have installed cheap H.264 / H.265 DVR CCTV systems from China and now imagine why can be so easily compromised? 🤔😉

I am an ethical hacker and I don't search for no auth TTY interfaces because HOW DO YOU RESIST NOT TOUCHING IT :D

Basically a 27 minute ad and he doesn't really show much

The amount of conflicting opinions down here on comments is insane.

lol you made the stars of the repo skyrocket

imagine just doing a video of open camera, and if you find one you can control see if you get the attention of someone on camera.

And this is why kids you must watch/listen Security Now podcast

Feels kinda disingenuous to act so shocked and appalled at being able to check out hospital cameras and spying on people/homes when you're clearly well-read on these sorts of topics. Not only that, but the fact that you left those sections in instead of leaving them on the cutting room floor reeks of "This video was sponsored so I need to convince people to go check out this site by showing them it can be used for morally ambiguous acts". Frankly I would've rathered you either said it outright or not touched on it at all instead of the somewhat cowardly way you tiptoed around the blaring images of "YOU CAN USE THIS TO SPY ON PEOPLE" you were showing us.

At 6:00, "how much of this can I show?" while displaying a whois registration record?! LOL... If there are varying degrees of public information, these records would rate as "extremely public," right behind "list of actors in a given movie."

Don’t they deliver films to theaters digitally now-a-days 😅

@ 4:08 Hold Ctrl then scroll your mouse wheel up or down to quickly zoom the page in or out. -

Censys, we port-scan the internet so you don't have.