Dumbo *** *******
***********'* ********* *** ***** Guide *** ***** ********* * ******** *********** designed ** *** *******, file ********, *** ******* attached ****** ******** ** Windows ********. ** ** executed ******* ** *** machine ***** *************, ********* from * *** *****. Dumbo ***** ** *** as ******, ***** ***** require ************* ****** ** the ******* ***** *************.
** ********, ********* ** IP ****** **** ** Windows *** ** ** cameras ********* **** *** ports, ****** ******** **** 'Dumbo' ******** ** ******* PCs *** ** ** cameras.
No ** / *** **********
*** ***** ****** ***** no ********* ** ** cameras (** *** ** devices *** **** ******), IoT *******, ***-** ***********, or *** **** ** remote/networked ******, ***********, ** device. ** **** ******* web/USB ******* *** ***********, as ***** ** *** machine ******* *** ********.
Erroneous **** ** *****
*** **** **** ***** poses ** **** ** ******** systems *** *** **** many from ******* ****** ** as * ******.
*** ******** "*********: *** Developed ** ****** ****" ******* ******** **** ***** allows *** *** ** "shut *** ** ******* or *********** ** * building ****** ******* ****** in", * ***** ***** is *** ****** ** anywhere. *************, *** **** fails ** ***** ********** cyber ******** *************** ** IP *******.
*** "******** ** ****** Institute"******* ********:

*** **** ************* ******* ** Intel's ************* **********, ******* ********** [link ** ****** *********], who *** *** *** **** **** keynote ******* ** ******** ******** "CIA *** ******* ******** Cameras ****** **********":

*** **** *** ****** shared ** ********.
**** ****** *** ** the ************ ** *** post, ** ***** ** defend *** *** ************** instead ** ******* *** post:
Lots ** ****** *** **** ** *******
**** *** *** **** ways ** **** ** *******? Certainly. *** ** *** lots ** ****** ****** on *** ********. *** number ** ******* ** unpatched ******** *************** ******** to ****. ** *** example, ******** *** **** ***** cameras can ** ******* ********* by ******** ******** ************* ****** available ******. *** *** *** have **** *** ** does *** ****** ** people *** *** ****** the ******** *** *** a ******.
***** ***** *** **** ways ** **** ******* IP *******, ***** ** no ******** ***** ** one ** ****.
Downside ** ******* ***** ******** *********
* *** ***** ***, cyber ******** *** ****** mentioned ** *** ******** industry, *** *** ** has ****** * ******* topic. ***** *** ******* awareness ** ****, *** downside ** **** **** publications *** ********* **** see **** ** * hot ***** ** ********** on, ******* ** ****** supported ** ********** ****** on ***** ******** ******* topics.
Worse **** *****'* *** ** ********
**** ** ******* **, but ***** ****, *** recent*****'* *** ****** ******** campaign, ***** ** ***** described ** ******, ************ exploit. *****, *** ******** company ****** *****'* *** spent ************ ****** ********** to *** ***** ********* for *********** ********, ************* the **** ** ***** security ******.
Caution ******* ** ***** ******** ******
************ ****** ******** ******* clear ******** ** ***** direct ********** *****, *** manufacturers ******** ***** ******** focus ******* ******* ***** or ******** ******** ** enhanced ******** ****** ** regarded **** ******* ****** relying ** **** ***********.
Comments (20)
Undisclosed Manufacturer #1
"SDM declared "WikiLeaks: CIA Developed IP Camera Hack" wrongly claiming that Dumbo allows the CIA to "shut off IP cameras or microphones in a building before sending agents in", a claim which is not backed up anywhere. Unfortunately, SDM also fails to cover legitimate cyber security vulnerabilities on IP cameras."
Wouldn't it be easier to just cut power to the building, or the entire block?
Create New Topic
Undisclosed End User #4
-=[Insert "Security organisation" here]=-
Create New Topic
Undisclosed #3
Although I agree this does not directly hack IP cameras, it could effectively render them useless, in certain, possibly rare cases.
Brian is correct in stating that the claim that Dumbo is used to
is false.
Actually, the real purpose of Dumbo is to allow agents to remove video/audio evidence of a physical intrusion after agents have gained access, to cover their tracks. That's why it's on a thumb drive; agents carry it to all PCs and run it at the machine.
To that end, Dumbo is a tool to help discover and remove the files that webcams might be creating on the local PC by
iSpy is a program used as an example in the documentation, shown above.
iSpy can record both local webcams and remote IP cams. If an iSpy process was targeted for video corruption because of a local attached webcam, all files being recorded from any iSpy controlled camera, even remote IP cameras. IMHO.
Other VMSes that allow webcams to be recorded might be similarly impacted.
That said, I agree with the premise of this article as to the general misunderstanding and miscommunication of the purposes and intent of Dumbo.
Create New Topic
Undisclosed #3
Wikileaks may actually be the originator of the inaccurate claims, as it says this on its Dumbo home page:
Create New Topic