Are You Being Spied On? This Google Hack Can Access Security Cameras At Airports, Schools And Other Places – Alphabet (NASDAQ:GOOG)

/in


In this article, we will explain how anyone — and not just information technology experts — can find and access security cameras, passwords, system logs and other databases that were meant to be secret. 

Before proceeding further, it is important to consider that performing the actions described in this article may or may not be illegal based on your local legislation. This information is being divulged to convey the importance of network security and educate the readers.

What Happened: Scanning networks, which include the internet itself, is one of the most common ways to find vulnerabilities and access data and services that were not meant to be accessible. 

Traditionally it would be done from a command line with a tool like Nmap, but another well-known way to find this kind of weakness is by leveraging Google, a company that kindly scans the whole internet and indexes its findings doing most of the work for us.

See Also: Why Exchanging Financial Information Via Email Is So Risky – And How It’s Gotten Worse

This kind of usage of Alphabet Inc.‘s GOOG GOOGL search engine is usually called “Google Dorking” — dorks, a word describing “a contemptible, socially inept person” and in this case, referring to whoever managed to misconfigure the services you find with this technique. This approach leverages very specific search queries that use Google modifiers to find data that should have been private, but due to misconfiguration is public.

How To Do It: One example is searching for “allintext:username filetype:.env,” which limits our results to only text files with the .env extension and searches for the word “username” in their content. This kind of search tends to find configuration files that contain usernames and passwords of external services such as emails or databases, often very secure and long alphanumerical passwords that would have been quite safe if they were not broadcasted in plain text for the whole world to see.

A much more unsettling example is the search query “intitle:”webcamXP 5″” which tells Google to only return results that contain exactly “webcamXP 5” in their title — this being the default title of the video feed page of a certain family of security…

Source…