Part 2: 6 numbers at random in the middle.The UID value is poorly constructed and can be easily generated using a PoC. If these credentials are not changed, this can leave the device vulnerable to remote viewing. The camera’s UID can be manually added alongside the username and password via the mobile application. One key thing to note here is the visible UID number that can be seen on the sticker, which is the ID of the camera used in the P2P connection. On the packaging there was a silver sticker that stated the username and password was “admin:admin” indicating that the camera has default credentials in place. The process of assessing each device was broken down in terms of what each camera supported or offered by way of functionality:Īny issues discovered in these discrete areas can be seen in the proceeding sections. The configuration used the pfSense firewall/router appliance, a very noisy managed switch and a couple of ethernet cables to achieve this.Ī rooted Nexus 7 tablet was a favourable choice for intercepting/viewing the communication from each camera and mobile application with the help of Burp to proxy this traffic. To facilitate testing unknown devices from a home network, a test bed was built to mimic a normal home network while being isolated and monitored at the same time. With new IoT laws being drafted, this research also shows the types of risks that consumers and businesses are facing and why there is paramount importance for such regulations to be put into place in order to protect consumer security and privacy. Working from home, this research was carried out to understand any recent developments in the IP camera space based on popularity of such devices available from popular online retailers and marketplaces. During the Covid-19 pandemic, the battle to secure and protect businesses as well as consumers changed from the office environment to our homes, but this did not stop us from working on research projects aimed at contributing to the creation of a safer online world.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |