Scans for Ichano AtHome IP Cameras, (Mon, Jun 23rd) SANS Internet Storm Center, InfoCON: green

June 23, 2025

Ichano&#39&#x3b;s “AtHome Camera” is a bit of a different approach to home surveillance cameras [1]. Instead of a hardware camera solution, this product is a software solution that turns existing devices like computers and tablets into webcams. The software implements features we know from similar IP camera devices. It enabled streaming of images and remote access to features like motion detection and alerting. 

athome camera logoIchano’s “AtHome Camera” is a bit of a different approach to home surveillance cameras [1]. Instead of a hardware camera solution, this product is a software solution that turns existing devices like computers and tablets into webcams. The software implements features we know from similar IP camera devices. It enabled streaming of images and remote access to features like motion detection and alerting.

Back in 2017, a hard-coded username and password vulnerability was identified in the product (CVE-2017-17761) [2]. It is kind of odd that it took so long for this username to show up in scans against our honeypots, but I noticed it on June 18th. The password attempted is “123”, as outlined in CVE-2017-17761. It is not clear if this issue was ever fixed by Ichano.

IP addresses scanning for this username and password combination are also scanning for other typical “IoT” default usernames and passwords, with usernames like “root”, “admin”, “gast”, “gpon” and others.

Some of the IP addresses actively scanning:

104.155.29.102,  Google Cloud, US
110.233.163.181, Biglobe, Japan
110.233.163.180, Biglobe, Japan
123.210.143.28,  Telstra, Australia 
139.135.69.203,  DITO TELECOMMUNITY, Philippines
153.237.47.226,  Open Computer Network, Japan
178.242.192.55,  TURKCELL, Turkey
185.248.13.240,  ATLANTISNET, Turkey
220.107.154.153  Open Computer Network, Japan
 

Nothing specifically special or exciting about these IPs as far as I can tell.

 

[1] https://www.ichano.com/
[2] https://www.exploit-db.com/exploits/44048


Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. 

Read More

Share

In The News

Tech Jacks
Derrick Jackson is a IT Security Professional with over 10 years of experience in Cybersecurity, Risk, & Compliance and over 15 Years of Experience in Enterprise Information Technology

Leave A Reply


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.