Reverse-Engineering an IP Camera (2019)
The author replaced an old IP camera with a new P2P camera, concerned about security. They reverse-engineered the camera, discovering its network behavior, connections to servers, and data transmission methods. The author aims to access the camera's Linux system for enhanced control.
Read original articleThe author replaced an old IP camera with a new P2P camera, which connects to a server for remote access. Concerned about security and lack of control, they decided to reverse-engineer the camera. Despite difficulties in identifying the manufacturer, they discovered the camera's setup process and network behavior. The camera connects to various servers, including for firmware updates, and streams data to different IPs. The author aims to access the camera's Linux system to enhance control. They observed network traffic using tools like nmap and Wireshark, revealing connections to unexpected servers like Google and Alibaba. The camera uses UDP ports for data transmission, with potential inefficiencies in data compression. The author plans to explore accessing the camera's operating system in the next part of their analysis.
Related
Pi Gazing is a project to build meteor cameras using Raspberry Pi
A project called Pi Gazing uses Raspberry Pi computers and CCTV cameras to monitor the night sky, tracking objects like shooting stars and satellites. Users can access open-source code and observations on GitHub.
XZ backdoor: Hook analysis
Kaspersky experts analyzed the XZ backdoor in OpenSSH 9.7p1, revealing hidden connections, SSH authentication bypass, and remote code execution capabilities. The backdoor manipulates RSA keys, uses steganography, and executes commands.
Pwning a Brother labelmaker, for fun and interop
The author explores vulnerabilities in a Brother label maker, discovering outdated software and potential exploits like executing arbitrary code. Challenges arise, including unintentional device configuration issues and limited understanding of printer systems.
Reverse Engineering a Smartwatch
Benjamen Lim reverse engineered a smartwatch with geolocating capabilities, repurposing it by reprogramming the firmware through exposed programming pins. The project showcased the value of salvaging electronic devices efficiently.
Samsung's abandoned NX cameras can be brought online with a $20 LTE stick
Samsung NX cameras, abandoned by Samsung, can be revived with a $20 LTE stick. Georg Lukas reverse-engineered Samsung's API for direct picture posting on Wi-Fi-enabled NX models, creating a Wi-Fi hotspot with LTE uplink. Lukas' project aims to rejuvenate outdated cameras, requiring a specific 4G LTE stick with an MSM8916 processor.
- Security concerns with Chinese cameras and their data transmission to Chinese servers.
- Alternative solutions like using Raspberry Pi setups or disabling internet access to avoid data leaks.
- Recommendations for replacement firmware projects and privacy-first camera products.
- Issues with cheap IoT devices and the need for better consumer education on their risks.
- Examples of companies with poor internal security practices, highlighting broader privacy concerns.
Bandwidth to and from China is not that cheap, and you could be running this stream 24x7. The streaming service still works 4 years later even though the company whose name is on the camera has vanished.
So, who is paying the server/bandwidth bill? The camera is too cheap to afford indefinitely providing this service, so you can only presume that you're paying in another way. Probably there is some third party in China that the camera manufacturer makes a deal with. The camera manufacturer may even be getting paid to pick a particular provider.
https://www.ftc.gov/enforcement/refunds/ring-refunds
Tesla's been caught doing similar things. The list goes on.
https://www.reuters.com/technology/tesla-workers-shared-sens...
I was also getting sick of cloud-based 'smart' cameras that ping random servers in China, so we made our own 'dumb' cameras that are fast (Uniview hardware with our firmware inside).
If anyone here is interested, I will happily share more info. Always interested in product feedback.
I think more time needs to be spent looking into these commonly used, cheap IoT devices and educating consumers on the risks of using a poorly secured device on their network.
The upside of these vulnerabilities is that you can run your own code on these! 'Declouding' is great as it can extend the lifetime of these devices and make using them more private.
Why does this continue to surprise people? So much sketchy garbage coming out of China is sold under numerous "brands". Just look at a lot of computer stuff sold on Amazon.
So many security issues and exploits for those things. Hardcoded passwords, backdoors, and loads of exploits for gaining SSH or telnet access on very common models.
As much as I hate the current shift toward camera-remote server setups (and their inevitable subscription fees), I can't imagine expecting your average buyer at Amazon or Walmart to properly configure and lock those things down. At least if it only talks to Amazon or Google or whoever, you won't be able to find it in a port scan and pull an image using admin/admin or whatever.
I tore down an ankya brand device which had some fun features like setting up the wifi password by showing the camera a QR code
There's lots of garbage cameras now of various quality that behave the same way.
What's needed is a replacement firmware and simple flashing technique for the most popular units to appear, so it's not just one hacker getting proper performance that the hardware is capable of.
I was amazed at how easy it is, especially the software experience. The mobile app is easy, the web app is easy, RTSP is easy. If I want to add more camers and set up a server to record (like ZoneMinder) that looks easy too.
https://github.com/Yetangitu/cam
I never allowed these camera's or the included DVR (which I do not use since I use Zoneminder [1]) access to the internet, they are confined on their own subnet which does not allow egress other than to my own networks nor ingress from other sources. That is true for any and all network-connected special-purpose hardware, e.g. the Fronius inverter - made in Austria - does not get to access the internet either. I pay for the hardware and I provide my own service infrastructure, I see no need to pay again with my data.
Lorex cameras aren't banned for personal use in the US, but face restrictions for government agencies due to cybersecurity concerns. If you own a Lorex NVR system:
Update firmware regularly Use strong passwords Limit remote access Consider network segmentation Monitor for unusual activity
No need to discard your system, but stay informed about developments. Alternative options exist if you're concerned.
Related
Pi Gazing is a project to build meteor cameras using Raspberry Pi
A project called Pi Gazing uses Raspberry Pi computers and CCTV cameras to monitor the night sky, tracking objects like shooting stars and satellites. Users can access open-source code and observations on GitHub.
XZ backdoor: Hook analysis
Kaspersky experts analyzed the XZ backdoor in OpenSSH 9.7p1, revealing hidden connections, SSH authentication bypass, and remote code execution capabilities. The backdoor manipulates RSA keys, uses steganography, and executes commands.
Pwning a Brother labelmaker, for fun and interop
The author explores vulnerabilities in a Brother label maker, discovering outdated software and potential exploits like executing arbitrary code. Challenges arise, including unintentional device configuration issues and limited understanding of printer systems.
Reverse Engineering a Smartwatch
Benjamen Lim reverse engineered a smartwatch with geolocating capabilities, repurposing it by reprogramming the firmware through exposed programming pins. The project showcased the value of salvaging electronic devices efficiently.
Samsung's abandoned NX cameras can be brought online with a $20 LTE stick
Samsung NX cameras, abandoned by Samsung, can be revived with a $20 LTE stick. Georg Lukas reverse-engineered Samsung's API for direct picture posting on Wi-Fi-enabled NX models, creating a Wi-Fi hotspot with LTE uplink. Lukas' project aims to rejuvenate outdated cameras, requiring a specific 4G LTE stick with an MSM8916 processor.