Cloud IP Camera Cybersecurity Shootout - Ava, Meraki, Rhombus, Verkada
***** ** ******* *** ******** ******** as **** *****-****** **** *********** **-******* offerings. *** ** **** ******* ** just *********?
**** ****** **** *************' ***** ** cameras, ********** ***, ******, *******, *** Verkada.
Executive *******
*** ** *** ***** ******* ****** had ****** ************* **** ******* ****** footprint. ***** **** ****** *** ************ prevented ************ ** ******* ******* *** cameras *** ***** ********.
*******, ******* *** ******* *** ****** to ***** *** ***** ********, ***** are ******* ***** **** ***** ** services ******* ** *** ******. **** ports *** ***** **** ***** ********* were ******.
*** *** *** **** ****** **** SSH ******* ** *******. ***********, ** were **** ** ****** *** ********* shell ** ********* ******** ** **** login. *** ********* *** ******** *** said **** ***** ** ********* **** in * ****** ******.
*******, **** ******* ********** ************* **** our** ****** ************* ************* ***** * **** ******** ******* different *************, *** *********** ****** *** vulnerability ********.
Cloud ******* *************** ******* *** *********** ******
**** **** *** ********* ******* ** the ***** ****** ********, *** * deep **** ** *** *** ******* of **** ********, ****** **** *** run ****-***** ***** (***, ***) ** the ***** ****** ********** *** *********** problems *** *** *** **** ***.
Compared ** *********** ** *******
*********** ** ******* ********* **** ******** default ********** ******** **** *** **** for ***** *********, ****** *********, *** integration ** *****/****, **** ************* **** network *****. **** ** ******* **** with *+ ******* ***** *** ******* services **** (*******'* ************* ********), ***** ********* *** ********* ****** surface.
*******, ***** ** ****** ********* **** a ****** ****** *** ********* (*** UI) ***** ************* * ********** ***** log ******** **** *** ****** *** initialization, *************, *** ***********.
Manufacturer *********
*** ********* ***** ********* *** ************* features *** ******* ** *** ************* tested:
** *** ******** *****, ** ******* a ******* ** *** ******* *********** of **** ************. ************, ** ***** are ******** ********* *** **** ** see ***** ** **** ** **** missed, ******* *****.
***
*** *** *** **** ****** ****** with *** ******* ** *******, ** unnecessary ******** ** ****** *******. *******, Ava's ********* *** ***** *** **** to ** ******** (*** ******* *****), which **** **** ***** ** ******** in * ****** ******.
*** **** ****** ************ *** ************ to *** ***** ***** ***** **** port ***. **** ** ******** ** default, ****** **** ******* ***** **** 554 *** ***** **** *********.
***'* ******* ******* *** *.*, **** no ********** *******, *** *** *** offer *** *.*/*.*. *******, ***'* ***** servers **** ******* *** *.* *** TLS *.*, **** **** ** ********** ciphers.
******
****** **** ****** ************ *** ************ to *** ***** ***** ***** **** ports *****, *** ****. **** ** disabled ** *******, ****** **** ******* opens **** **** *** ***** **** streaming.
****** ******* ******* *** *.* *** did *** ***** *** *.*/*.* ** v1.3. *** ****** *** ***** ******** ciphers, *** ****** ***** ******* **** offered *** *.* *** *** *.*, also **** ** ******** *******.
*******
******* **** ****** ************ *** ************ to *** ***** ***** ***** **** port ***. **** *** ***** ****, but *.*** ********* **** *****. ******** by *******, **** ******* *** ******* is ** **** ****.
*******' ******* ******* *** *.*, **** no ********** *******, *** *** *** offer *** *.*/*.*. *******, *******'* ***** servers **** ******* *** *.* *** TLS *.*, *** **** ** ********** ciphers.
*******
******* ******* *** ****** ************ *** communicate ** *** ***** ***** ***** over **** ***. **** ** ******** by *******, ****** **** ******* ***** port **** *** ***** **** *********.
*******'* ******* ******* *** *.*, *** 1.3 *** *** *** ***** *** 1.0/1.1, *******, *** ******* ***** ******** ciphers.
*** *** **** ******:******* ** ****** ************* ******.
Pinned ************ **********
*** ** *** ***** ******* ****** used ****** *** ************, ******* *** VSaaS ********'* *** *** ************ *** hardcoded **** *** ******, ***** ******** man-in-the-middle ******* ***** ***-********** ************:
**** ******* **** *** ****** **** only ******** *********** **** *** ***** server, ***** ** * **** ******** measure. ** **** ********* **** **** analyzing *** ********* ******* ****** *******.
****** ******* **** ** *** ******* we ******* ** *********** **** *** cameras ***** * ***-********** *********** *** are ********:
Self-Signed *** ************ ******
** ***** **** * *** ** the * ********* **** ****-****** ************. Ava *** ******* **** *** *** types, **** **** ****, ***** ****** and ******* **** ** **** **** 384 ****.
***
***'* ****-****** *********** ** ****** **** its ******** ****, *****, ***** ** changed **** ** ****, *** ** valid *** ** *****. **** ** uncommonly ****, ****** *** **** ** small ******* ** ** ****-****** *** is *** *** *** ** ****** connection:
******
****** ** ****-****** ** ***** ****** and ** ***** *** * ****. Meraki **** ** ** *** **** with *** ****, ***** ** * very ****** *** (********** ** *** **** ****), ****** ** ** *** ********* by *** *** ********, *** ******** more *** **********:
*******
******* *** *** **** ******** **** a *********** ****** ** ********, ***** for * ****. ******** ** * widely **** *** ******* *********** ********, it ** **** *********** *** ********* ** ********* ****** *************** ** ***** ************:
*******
******* ** ******, ******* **** ****-****** certificates **** ** ***:
Local ********* ***** ******** ****
** ***** *** **** ****** *** of **** ***** ********* ***** ************** was *** ***** *** **** *********. Each ****** ******** ***** ********* ******** differently, *** *** ******* ********* *** similar
***
***** ********* **** ***** ***** ** done **** **** *** ******.* (*********). STUN ** * ******** *** *********** ports *** *********, *** ** *** generally ********, *** *** *** **** by ***** ******* ****** ** *** shootout.
***** **** *******:
**** *** **** ******** (*** *******) is ****, *** ***** **** (******** ********* ***** ********) ** ******* *** *** *******, which *** ** **** *** ******* communication/commands *** *** *********:
*** **** ****** ***** ********** ********* from ***** ******* ***** *****/******** **** the ***** *****:
******
****** ***** ********* ***** *** ****** detail *** **********:
*******
******* ****** ******** ***** ** ****** URLs, ********* * **** *** ******* "clip":
*** ***** ********** ******* ********* ********, streaming *** ***** *** ***** ** the ****** *** **:
Ava *** ********* ***** ******
*** *** *** **** ***** ****** tested **** ******* ***. ** ***** that *** ****** ******* ******** **** appending **** ** *** *****. **** no ******** **** **** ******** ** the *****, *** *** ****** **** run * ***** ****** '******', ***** is *** ***** ***** *****:
** **** **** ** ****** *** 'vshell' ** ********* * ******* *******. This **** *** ***** **** **** IP *******, ** ************* ******* ******** this ** *********** ** ** *** the ******* ***** **** **** ********* commands ** *** *****:
*** ********* **** ********, *** **** they **** ** ******* ** ** a ****** *******:
***, *** *** ****** "******" *** interface ********* ****** ****** ***** ******. This ** * ***** ******** *** can **** ** ******** ** ****** "shell" **** *** ******. **** ****** is ********* ** *** ******** ********* secure ***-****** ********, *** ** ***** on * ******** ****, ** *** planning ** "******* ***** ****** **** SSH" ** * ****** ******* ****** specifically ******* *** * ********.
SSL *** **.* *** **.* **** ******
** ***** **** *** **.* *** TLS **.* **** *** **** ********* offered ** ***** ** ******* ** the ********, ****** *** ** ****** shootout ***** ****** ******** ************* ********** deprecated *****.*/**.*.
**** *** **.* *** *** **.* are ******* *** ****** *********, ****** TLS **.* ****** * ****** ********* and **** ****** *******.
*** ****** *****.*:
******* ****** *****.*:
****** ****** *****.*, *** **** ********* CBC *******:
******* *** *.* / *.*, ******** Ciphers *******:
Automatic ******** ******* ********
** ***** **** ********* ******** ******* were ******** *** *** *************, **** most ******** *******. *** *** *** shortest **** ******* ******* ** ~* days ****** ******** *******.
******** *** *** ******* ******, *** revealed *** *** ** *** *** firmware. ** **** **** ** ******** the ******** ***** *** *** *** the ******** *** *** *********.
IPVM **** ***** ************* *******
**** **** * ***** ****** ** isolate, ******* *** ******* ******* ******* a ***** *** ******* ******, *** cloud ******, *** **** ********'* *****-****** servers.
** **** * ***** *** ******* running **** ***** ****** ** **** all ****** ******* ******* *****, ***** ************ **** *** ***** server *** *** ****** ** ********* HTTP (*****). ** ******** *** ******** and ******** ******* ** *** *** client ** ***** ****.
Cameras ******
- *** ****-*-**-**
- ****** ****
- ******* ****
- ******* ***, *****
*** ***** ***** ** **** **** the ***** ****** ** ***** *****? A *** *** *******... ****** ******** features.