Axis Exploit Allows Changing Camera Root Password Confirmed

Author: John Honovich, Published on Aug 02, 2016

IPVM has confirmed that using the Axis remote format string vulnerability, an attacker can easily change the root password of the camera, taking control of the entire camera and blocking out the legitimate user. This was submitted to IPVM last week.

This is in addition to the already severe unauthorized remote root access that we tested and verified recently.

How To

All that needs to be done is call a script with the replacement password and the password is changed. We believe this is a built-in utility that Axis uses internally and is available to root users such as those exploiting the remote format string vulnerability.

We are not disclosing the name of the script. Though the name is fairly obvious and we suspect many people with deep knowledge of Axis products are already well aware of it, we do not want to publicize that specific.

Impact Significant

The original exploit provides root access but not the web root password. Without that, one cannot log into the camera's web interface nor easily see nor change video / device settings. But once the root password is set by the attacker (with this Axis provided script), they then can easily spy on the video feed, change how the camera is configured, etc. 

This can be exploited remotely for publicly accessible cameras (including via port forwarding and UPnP) but it can also be done locally by rival integrators or manufacturer competitors that have access to a site.

Access Control Impacted Too

Also worth noting that this same procedure works on Axis A1001 access control panels, which is likely even a greater risk given the operational importance of access control vs video.

 

Axis Step Up And Better Notify The Industry

While Axis did some initial publicity of the vulnerability, they have done little since the working exploit was announced. They must know that this password script exists and can be easily called, making the vulnerability far more impactful.

Axis please go out and use your unrivaled marketing muscle to make it clear to every user out there the severity of this exploit and the need to upgrade every camera every where.

5 reports cite this report:

Hacked DVRs Surge To 400,000 on Oct 19, 2016
The global internet is under attack from record breaking botnets. And it is getting worse, Mirai doubled in size in the last month. Shamefully,...
Hacked Dahua Cameras Drive Massive Cyber Attack on Sep 27, 2016
Cyber attacks are accelerating and IP cameras are behind many of them. Worse, last week, a 'massive' attack was carried out using numerous Dahua...
Axis Hosted Video Decade of Failure on Aug 29, 2016
Do you want to 'head up' Axis hosted video offerings? Axis almost never publicly promotes senior positions, but for such an unattractive job they...
Axis Hides Exploit Danger on Aug 09, 2016
Axis is hiding the severity and danger of the 'remote string format' vulnerability. We ask Axis to fully communicate the risks of the released...
Axis Camera Hack Tested on Jul 21, 2016
Full disclosure by the researcher of the Axis critical security vulnerability has been made. But what does this mean? Does it even work? What can...
Comments (10): PRO Members only. Login. or Join.

Related Reports on Access Control

Avigilon Favorability Results on Feb 27, 2017
One of the fastest growing companies has turned into one of the rockiest, as cooling growth, management turnover and a roller coaster stock price...
Glass Doors and Access Control Tutorial on Feb 22, 2017
The biggest challenge for many access control systems are glass doors. Here's what happens when a maglock is improperly installed to an existing...
Customized Access Control Cans (Altronix Trove) on Feb 14, 2017
Access control installs typically require hanging at least two or three different enclosure cans, each holding individual parts.  Open wall space...
Lenel Favorability Results 2017 on Feb 09, 2017
At this point, it is not surprising that Lenel is one of the most disliked security manufacturers. From stories like Lenel Partners Angry, Lenel...
VPNs for Video Surveillance on Feb 07, 2017
Remote access in surveillance networks is a key cyber security and usability issue. With cyber attacks rising, how can users ensure their systems...
Scathing Honeywell Favorability Results on Jan 24, 2017
Honeywell is one of the biggest brands in security, with offerings for intrusion, fire, wire, video surveillance, access control, plus they own one...
Paxton Hosted Access - Disruptive Low Dealer Pricing on Jan 19, 2017
Paxton is entering the hosted access game, with BLU, at a cost that is a fraction of key competitors. The different approach could be very...
Cut in Half, Everfocus Shifts Strategies on Jan 17, 2017
The race to the bottom impact continues. Now, Everfocus, who used to be one of the larger budget providers, is shifting strategies after years of...
Genetec Favorability Results on Jan 16, 2017
In the race to the bottom and flight to 'solutions', Genetec has taken a contrary path. The company remains independent, focusing up market,...
Introduction To Burglar Alarm Systems on Jan 04, 2017
While alarm systems are popular, balancing between the right level of protection, the appropriate components and an acceptable price can be very...

Most Recent Industry Reports

Hikvision Pyronix Releases 'Huge' New Panel on Feb 27, 2017
Hikvision's 2016 acquisition Pyronix has been touting their 'huge' new large system panel. Indeed, the new Euro 280 claims features that are better...
Bosch Favorability Results on Feb 27, 2017
Bosch is one of the most well known brands in the industry and they have combined recently with Sony in video surveillance. But how has Bosch...
ADT CEO: My Daughters Better At Installs Than Most 20 Year Techs on Feb 27, 2017
Times have changed. At the Barnes Buchanan conference, ADT's CEO Tim Whall made an interesting and, surely to some, controversial observation....
Avigilon Favorability Results on Feb 27, 2017
One of the fastest growing companies has turned into one of the rockiest, as cooling growth, management turnover and a roller coaster stock price...
Honeywell Sues Alarm.com For Violating Anti-Trust Laws on Feb 24, 2017
Is Alarm.com about to dominate the smart home software market? That is what Honeywell alleges in its new lawsuit, first reported by...
Axis: "Everything is IP" - False on Feb 24, 2017
Axis is congratulating itself, with executive Fredrick Nilsson declaring: "Now the conversion is all done and everything is IP and analog is...
Advertising Like Avigilon at the ISC West Airport on Feb 24, 2017
Avigilon has grabbed a lot of attention over the last few years advertising at the Las Vegas airport when attendees fly in. But how does that...
Artificial Intelligence Robot Assistant (ACTi) on Feb 23, 2017
Has artificial intelligence come to the video surveillance industry? ACTi has released 'SARA' which it bills as an 'AI assistant that brings...
Cutting Costs 70% Using Milestone With HD Analog on Feb 23, 2017
HD analog and enterprise VMSes are often thought of as being on opposite sides of the spectrum, with HD analog best for small jobs due to its low...
Dahua 4K HD Analog Cameras Announced on Feb 23, 2017
HD analog has been gaining popularity (even if Axis hopes otherwise). Last year, HD analog's max resolution doubled from 1080p to 4MP (see our 4MP...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact