Toka - A Hacking Platform For Video Surveillance Devices Examined
Israel cyber firm Toka was recently featured in Israeli media for letting "clients hack cameras and change their feeds – just like in Hollywood heist movies."
NSO Group, also Israeli, is known for hacking smartphones, making Toka a similar solution but for IoT.
In this report, IPVM's Cybersecurity Director Bashis—discoverer of dozens of major video surveillance vulnerabilities—analyzes Toka and the technical feasibility of such practices.
Toka declined to comment about its methods, stating it "does not sell to private clients or individuals" and "has never encountered illegal usage of its products."
Executive *******
******* *******, *** ********** ************ ******* unnoticed ** *** *****, ** ******** but ******* *** *********, ********* ****** support ****** **** * ***-****-****-*** ****. Toka ****** **** * *********** ** vulnerabilities ** *** ***** *** ********* from ******, **** ****-****** ******* *********** paying ***** **** ** **** ****** on-site ** **** * ******.
******* ******* **** ******** ***** ***** for *********** ** **** ******* * court *****. **** **** **** ** would "*********** *********" *** ****** ***** its ******* *********, *** *** *** specify (** ** ***** ****) *** it ********* ***** ***** *** **** operation.
Toka **********
************* ******** "********** ********** ******** **** ************* capabilities ** *********** ***** ****** *** crime." **** **** ** ** "************* in *** ****, ******, *** ** Washington, *.*., **," ******* *** ***** co-founders *** ******* *** ****** *** employees *** ***** ** ******,********* ** ********:
**** *** ***** **-********:**** ************* *******, **** **-**** **** **** *** startup ***********, ********* *****, * ******* ****** ******* ****** (IDF) ******* *** ****** ** *** chief ** *** *** ***** ***** and ** *** ****'* ********.
Toka ***** ******** ****** "******," "************"
******* ************************ **** **************** *** ******* ** "***** *****" of "***** *** ******" ********** ** allow "******* ** **-**** **********" ****** "covert **********." **** **** ****** **** ************* *** **** ***** *** '**** VISINT' ******** ** ******** ******* ** "Access ******** *******" *** ******* *******, permitting ****** ******* "************" *** ************:
*** ******** **** **** "*** ******** supports *** *** ***** **** *** camera ******." *******, * ****** ************, such ** *****, *** ******+ ******(*** ***/**********) ** **** ********* ***** be ********** ** * ****** *** doesn't ********** *** *******.
Possible ******* ******* ********
************* * ************* ******,******* Ó **********, **** **'* "********** ** ****" if **** ****** ******* ** **** already-exposed *******, ******* *********, ******* ***** own ********, ** *** ***** *******. IPVM ******** **** ***** *** *** three *******.
VSaaS/VMS ***************
*** ****** ** ***** *** ****, particularly ***** *** ****** ***** ***** able ** *****/******/******** *****, ***** ** through *****/***/***/*** ******* (*** ********** *******.) This ** ************ ** ******** ******** are******** ** **************. *** ****** *** ** ******* VSaaS ***************, ** *** **** ** provided ** ***** *********.
******** ****** ******* ******* ********* ** the ******'* *** ****, ** **** claims, ******** ************* ********* ** *** structure ** **** ****** *** (***** are **** ********** *******). ** * practical *****, ********** **** ********** ***** be *********** *** ******* ****** ****** procedures.
*********/****
*** ********* ****** *****, **** *** also *** *********/****—** ****, * **** job ** ** ******** *** ******* ****************** "********** **** ** ************* ******* such ** ****, *********, ***" ** an *********. **** ******** ******** ******** and *** ******* *****, ********* ** the **** ** ******* ****** *** Line ** ***** (***). *******, ** this ** *** ****-****** **********/************ ************, such ******* *** ****** ** *** for * ***** **-**** *** * day.
***** *** ***** ********, ********* **** many ************ ******* *** ** ********* networks ******* **** ******. *** **** type ** ****-******** ****** ***** *** blink ** ******** * ******* ** dispatch ** ****** **-****.
Already-Exposed *******
********** ******* ***, ** ******, ** great ******** ** ***** **** ****, as ***** ** ** ********** ****** of **** ********* ** *** ********, with **** ***** *************** *** **** likely ******* ***************. ** ** **** to*** **** *** *** ****** *** ******* **********, e.g. **** *** ** ******* ********* cameras ** ************ *********:
***** *** *********** ***** *************** ** Toka's ***** **** **** ******* **** fixed *** *** ***** ****** *****, as **** ******* *** *** **** up ** **** **** *** ****** fixed *******. **** ****** ** *******, as *** ******** *** ***-**-**** (***) but ***** ** ******* *.*.*** ****** *********/***** ********************** **** ***,*** *******.
**** *** ***************
'****-***' *************** *** ***** *******/********* ** manufacturers *** **** ****** ****** ** hackers. **** *************** *** **** ******; it *** **** **** ** ****** and **** ****, *** ** ***** an ********** ****** ** **** ** find *************** **** *** ** **** for ************.
** ***** ** ************ ** ***** that *** ****-*** *************** ***** ** found ******, ******** **** ********* ***. **** likely, **** *************** *** ********* **** companies ************** ******** **** ******* ********* ******** researchers.********* **** ****** *** ****-*** *************** to *** **** ***** ***** *** product.
Requires ****** *******
* ******** **** ****'* ***** ********* require ********** ******* *** **** **********, as ********(*) *** **** ******** ******** regarding *************/********/
Legal *****
******* **** ****** ******* ** **** countries ** *******, *.*. *** ** Computer ***** *** ***** **********"************* ******[***] * ********* ******** ******* authorization" *** **** ******* "******** **********" activities ** *** ***********.
*** *******, ******** **************** ** *** ** ********** ** Justice**** ********** ** ****** ******** ***** and ***** (** ** * ***** in ******), **** ***** *** ********** to ****** **** ***** (** ** 20 ***** ** ******), *** ********** identity ***** (********* ******* ** ****** in ****** *********** ** ***** ***********).
**** ***** **** *** *** ******* to * **** ** ********* ***** risks. **** ** ****'* ******* *** not ** *** ******* ******, ** the ** *** **** ********* ********* such ********* ********** ******* ***** ****** even *** *** *********** *** ************ agencies.
Toka ********
**** ********* **** **** *** *********** of *** ******** *******. **** ******** to ******* ** ******** *******, *** provided **** * ********* **** ** "*** ***** *********** ******* ***** ** its ********, ** ** ***, **** would *********** ********* **** ********" ****** it "**** *** **** ** ******* clients ** ***********":
**** ******** *** ***********, ******** ********, defense, *** ************ ******** **** ******** and * ******** ** ***, **********, and ******** ***** ************** *** **********. Toka *** ******* ** **** ********, intelligence, *** *** *********** ******** *** tools **** ******** **** *** ******* to ********, *******, *** ****** ****** the *********** **** ******* ** **** people, ******, *** *********** ****.
**** ** ****** ** ******** *** our ********* ***. ** *** *** that **** **** ***** ** *** U.S. *** *** ******* ******. ***** no ************* **** *** ******* **** our ******** ** ********* ** ******** sanctioned ** *** *.*. ****. ** Treasury ** ********** ** *** ******* Defense ****** ******* ****** — ******** our ********* ********* ** ******** ** fewer **** ***-***** ** *** ********* in *** *****.Toka **** *** **** ** ******* ******* ** ***********.
** *** ** ****, **** ******** a ********, ****** ****** *** ******** process **** ** ****** ** ************* indices ** **********, **** ** ***, and ***** ********* *** ***** ** outside ******** **** ********* *** ********* expertise ** ****-********** *********.
**** ** ********* ** *** ******* Ministry ** *******, *** ** ****, is ********** **** ********** *** ********’ security **********. *****Toka *** ***** *********** ******* ***** of its products, if it did, Toka ***** *********** ********* that contract. [emphasis added]
**** ********* *** ***** *** **** can ****** **** *** ******** *** used *******, *** *******, ******* **** requires ***** ** * ***** ***** for **** *********.
** ** ***** ****, **** *** not ******* ** *** ******-**. ** they **, ** **** ******.
**, * ***** ***** **** ** is ******** *** ** *** ****, but * ******* **** ** ****-*** and ******* ***** ******* ** *********** exploit.
*** **** ******** ******** ** ** run **** * ** ********* ** the ******* ** ** *** *** itself?
****** ** *** ****** ****** ** what ******, *** ** *** ***** vulnerable ******* ** *** *******, *********/**** access, *********** ******* *******, ** ****** types **** ** ******* ****** ********.
********* **** *** **** * ******** ******* *******: ******** *******
*****Toka *** ***** *********** ******* ***** of its products, if it did, Toka ***** *********** ********* that contract.
*** ***** (*** ***** *******) **** exactly *** **** ***** ** **** documentary.
******, ***** *** ***** **** ** order *** ***** ***** ** ***** to ** ********* **** *** *********** targets **** ******** ****** ** *** BIOS ** *** ****... *** ***, say,** ********* **** ** *** ***********?