Top 10 IP Camera Vulnerabilities

Dear all,

I am a researcher in cyber security. I'm currently exploring top 10 security issues with Home or NVR based IP cameras.(I 'm using HiK vision NVR with Hik vision IP cameas + other brand cameras)

A quick search on IPVM leads to the Black Hat 2013 video. It mainly uses binary code analysis and clever sysadmin skills.

http://ipvm.com/forums/video-surveillance/topics/network-camera-security

Of course, I learned a few things from the above.
Question - To make a truly Hollywood style attack as the above video claims, how to mask the image with time stamp present ? (the video masks only the image; No time stamp is present in the demo video). That too, time stamp font colour changes when light change detected; how to achieve that?

In my opinion, if the above hack is achieved to the proper effect, it would definitely be one of the top vulnerabilities with IP Cameras.

Thanks and Regards.

Login to read this IPVM discussion.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

*** ** *** ** **** **** *** ** **** **** that *** *** * ***** *** **********, ***** *********** *** all?

* ******* *** ******** *** ********* **** ** ** * researcher. ******.

****** ****! * ****'* **** ** **** ***** *** ******* make ** *** ******! =)

***,

** *** *** ******* *** ** **** ******, ***** *** the **** ****** ***** ** ******** **** **'** ****. **** STILL *** ***** *****/***** *** ***** ***********. ** ****** *** hard *** *** ** **** **** ***** *******, *** *** still ****** **** *** ***** ******* ***** ******* *****.

Question - ** **** * ***** ********* ***** ****** ** *** ***** video ******, *** ** **** *** ***** **** **** ***** present ? (*** ***** ***** **** *** *****; ** **** stamp ** ******* ** *** **** *****). **** ***, **** stamp **** ****** ******* **** ***** ****** ********; *** ** achieve ****?

** ***'** ***** * ******* ****** *** **** * ****** bit ***** *** ****** ********** *** ***** ****** ******* * pre-compiled ******* ******* ******** ****** ******** * ******* ********* ** *** ** * static *****.

*****'* * *** ** **** ***** ****** ******** ****** ****.

** **** ** * **** *******, *** ***** ***************, ********* * ******** ***** *** *** ******, *** ** your ****** ** ***** *** ********* *********** *** **** ****** a *** ******** ******* ** *** ******. ***** ***'** ** it *** ***** *** * ****** .*** ****** ** *** camera **** **** ****** ***** *** ****** **** "****" **** to "**** ****** ****". ** ***** **** ************* **** * static ***** **** *** ****** ** **** ** **********.

*** **** **********, *'* *** **** * ***** **** **** statement:

** ** *******, ** *** ***** **** ** ******** ** the ****** ******, ** ***** ********** ** *** ** *** top *************** **** ** *******.

******-********* ********** **** ** ****** ** **** ** *****-*** ******* with ****** ***'* **** *** *** **** ***'** *****. ***** systems *** **** ****** ** ** **** ** ** *********** that ***** **** ******** ***** ***** ** *** ******* ** spoofing * ****** ****.

******-*** ******* **** ** *** * ***-********* ********* ******* **'* easier ** **** *** ******* ** ****, *** **** ******* sometimes *** ****** ******* ** ** ****** **** ***** ***'* even ****** ** ** *** ******.

******* ** ** **** * ********* *****, *** **** ******** systems *** ** **** ****** ** ***** ******* ****'** *** expecting *** ******* ***** ******* ** *** ******* ***** ******.

...*** ***** ****** ******* * ***-******** ******* ** ***** ****** to ****** ******** * ******* ********* ** *** ** * static *****.

* ***** *** ***** **** ** ********* ** ******* ***** Magick ** ** ******** ******, *****, ****, *** *** *********** (from *** ******* ***** ** ****), ********* *** ******* ******, as **** ** **** ******** *********. ** ******** *** **** filesystem ** ***** ****-**** ** *** ****** *** ********* **** to ***, *.* /*** /*** /*** ***.

***** ***** ** * ***-******** ********** ****** ********** *** *** cameras ****** ************, ****** ***** **** ** ** *** ** well *** *** ******* ********* *** *** **** ************.

**** *** **** ***** ****** ** * ******** ******? * gave ** ****** ** **** ** **** ** * *****-*** wireless ******, ****** *** ******** ***** **** ** **** ********** by ******* **** *** ************* ** **** *** ********** ****.

** ** *******, ** *** ***** **** ** ******** ** the ****** ******, ** ***** ********** ** *** ** *** top *************** **** ** *******.

***** **** *** **** ** *** * *** ****, ** it ******** ****** ** *** ******* *** *** ****** **** to *****. ** **** ********* **'* ******** * ****** *****...

**** *** **** ***** ****** ** * ******** ******?

***, *** ******* ** "********" ** * ***** ******. * installed ** ** ******* ****** **** *** * *** **** resources *** *******.

*********** **** *** ****** ******* *** *** ******* ** ***** time-stamps ** *** ***** ****** *** ***** **** **** *** the ********* *** *********** *** **** *** ******* ** *** camera ***** ** **** *******. ****** ** ********* **** *********** than **.

** * *** ******** ** ****** ** **** ****** *** truly *** ** ******* * *** ** ****** *'* ******** go *** ****** ******** ***** *****. ** **** ** *** image *** ******* ******* **** ***** ** **** ******** (***) than ******* **-*** ***** **** ***-*****. *** **** ******'* **** the ** ********** ******.

* ****** ******** ***** ******* * ****** **** *********** *** cameras ******, *** ********* ** **** **** ****** ** ******* static ****** ***** ****** ****** **** * ******* ******. (****: in *** **** **'* ***** * ******* ** **** ** mjpeg ***** ******, ***** ***'* **** ********* ** * ****** modern *** ****). ***'* **** ** ********** *** ******** ****** at * **** ***** * ******/***** **** *** **** ****** to ***** **********.

***, *** ******* ** "********" ** * ***** ******...

*** ** ***** **** * *** ****** ** ***** ** start * ********** ****** "******* *** *********** ** *****..."

******-*** ******* **** ** *** * ***-********* ********* ******* **'* easier ** **** *** ******* ** ****, *** **** ******* sometimes *** ****** ******* ** ** ****** **** ***** ***'* even ****** ** ** *** ******.

*****, **** ****** *** ******* *** *** ********* *********, *** disagree **** **** ** ****** ** ** ******** *** ****** necessarily ******** *** ****** **** ******* ** ******** *****, ** the ******* ******** *** ** *** ** **** ** *** time, ***** ***** ********* ********. ** ***** ** *** ******* I've ****.

@****, ****** **** *** **** *************. *********, * *** ********* not *** ****** *** ** ***** ***** ***** ***.

@*****: *** **** ****** ***** **** **** *****. *** ** first ******* **, ******* ** ****** ( ***** ** ******* installed ** **** ** ***** ***** *** *** **** ***** it). *** *** ******** ** *** ***** **** ********** *) it ** ******** ***** ******* *) ****** ** *** *** camera, ********* * ***** * **** ** ********** *** ***** stream.

>>******* ** **** ** ***** ***** ******, ***** ***'* **** realistic ** * ****** ****** *** ****

*********** **** ***** ****** *** ****** ******* **** ******* *** LAN ** ****** *******, ******* ** **** ******. *****?

** ********* **** ****, **** **** ******** *** ******** ***** or ******* **** ****** ***. *** ********?

****** ** *** :)

**** *** *** ** ******, *** ***** *** *** ****** has *** ******* ** **** ********* ** ****, *** ***** possibly ** ** *** **** ** ******** *** ********** **** is ********* ** * ********** ************* ***.

*****, ** *** *** **** ** *** ****** ******/***, ***** is ****** ******* *** ***'* **********, ***** ****** ****. *** it ***** **** * *** ** **, *** ***** ** different *** ********* ****...

*******:****** * **** **,*** ***** *******?

*** **** ***'** ********* *** *** ** ******** * ****** attack *****. *** ******* ****, *** *** *** ************* ********** all *** ****** ***** **** * ****** ******. ** ***'** going ** ****/******* ***** ******** **** ***********, *** *** ***** likely **** * *** **** ********** *** ******* ********* *** running ********** ********.

*** ** *** * ******* ** *** ****** ******, ****** sometimes ***** **** **** **** * ******** *** ***** ** to *** *** *** ******* * ******* ** *** **** output. **** ******** *****'* ******, ***** *** *** ************* ************ the **** ****** **** *** ****** ** *** ******.

** ******* ***** *** ******* ** ******* ** *** ***** thread *** **** * ****** *** ** *** *****, ** a ****** ******, ** ******* ** **** ****** **** *** camera. *** ******* ** **** *** ****/*****/****** *** ** *** camera ********. ** ******** **** ***** ** ****** **** ** the ******* ** ** * ****** ** **** **** **** significant **** ********* *** ***** ****** **** **** *** ****. For *** *** *** ******* ** * **** ****** *********, so ** ******* **** ******* *** ******* ** ***** ** more *********.

****, **'* **** ** **** **** **** (****?) **** **** a ***** ** ********, ******* *** ******* ****'* *******. *** NVR **** ** **** **** ******** ****** ****. *** ***'* be **** ** *** *** *******, ****** *** *** *** NVR.