Cybersecurity Startup VDOO Disclosing 10 Manufacturer Vulnerabilities Starting With Axis And Foscam

Published Jun 20, 2018 13:03 PM

Cybersecurity startup VDOO has uncovered significant vulnerabilities in Axis cameras along with many others not yet disclosed.

In this report, we examine the company and its funding, their vulnerability research, and the value/impact of the vulnerabilities.

Company ********

**** *** *********** ** ****** ** 2017 ** *** ***** [**** ** longer *********], **** ****** [**** ** longer *********], *** **** ***** [**** no ****** *********], *** *** **** strong *********** ** ******* ********. ***** and ***** **-******* ******, ** ******** security ****, ***** *********** ** **** **** ******** ** 2014. ******* ***** ********* **** **** Cyvera *** ***, ** ****.

* ******* **** ** ****'* ******* is ****** ******* ** ***** *******:

**** **** ** ****** *** ******** Authority (**) *** ********* *******.

***********, **** ** ******** ** ****** and ***** *** ****** ************* (*** others) * ************ ******* (~$**,*** ** ******* a ************'* ********) ***** ********* ************* checks ** *** ******* *** ********.

**** **** **** ** ******* (****) a *********** **** ******** *** ******* has **** ******* ** ***** ****** as * ***-********** ******. **** **** to ********* * ******** ******* *** "post-deployment **********", ********** ** ******* *************** they ******** ***** ********** * ******* as ***-**********.

*******

**** ******** *********$** ******* ** ****************,**** ************ *******, *** ***** ********* *********.

**** ***** **** **** **** ** use **** *******:

** ******* *** ************* ****’* *****-**-***-**** Internet ** ****** (***) ******** ********, which ******** ** *********, ***-**-*** ******* that ******** *******, ******** *** ***** security ************ *** ************** ******** ***** on **** ********, *** ******** ******** certification *** * **** ***** ** connected *******.

Axis ************* *******

**** ********* ***** *************** ** *** Axis' ******** **** (******: ** ** 6/27/2018, ******* **** **** ***** ** CVE **********):

***-****-*****,***-****-*****,***-****-*****,***-****-*****,***-****-*****,***-****-*****,***-****-*****

***** *** ** * **** **** since **** *** ****** ** **** administrative ****** ** *** ******. *** process ******** ** ******* ** ****** ** complex, ********* ******** ***** *** ******** knowledge, ****** ******* ****** *************** **** as*****'* ********* ************* ************ ************* *** ****** **** **** ****** strings.

*******, **** **** *********** *** ******, it ** **** * ****** ** time *** ********** *** *** ****** with **** ******** ****** ** ****** scripts ***** ******** ***** *******, ****** these *************** **** ******** *** ***** ** patch.

Impact ** *************

*** *************** ******* * ******** *********** of ***** ** **** *** **** advantage ** ****** ** **** ** adjust *** ****** ******, ***** *** camera's ******** (****** *********, **** ***********, video *******) ** *** *** ****** as * ******** ** ***** ******* on ****** *** *******.

**** ****** ************* ******, ***** ****** them ** **** ************ ****** ** the ******* ******** ***.

**** ***** ***** ************ ** ******** an **** **** ***** ******* ** a ********** ******:

***** ******* ***** ********, *** ******* (by ******* - * ***** **** logo) ******* ** *** *** **** corner ** *** ***** ******:

Foscam *************

** ******** ** *** **** ***************, earlier ** ****, **** **** ********** "***** ***************" ** ****** *********** **** ********* ** ******'* ******** team. ********* ***** ***** ***************, ********* may ***** *** ******* *** ******'* web ******, ****** ********, *** **** over *** ******.

Botnet ****

**** ****** ** ***** ******* **** both *** **** *** ****** *************** may *********** ** **** ** *** devices ** * ****** *** **** for ****** **** *******, ******* ******, or ***** ********. ** ******** ** the ***** ******, ***** ******* *** ***** severe ********** ** *** **** ******** targets ********* ************* *******.

VDOO *************** ** *************

** **** ***********, **** ** ************ critical *********** **************:

  • ****** ******* ********** **** *****: ** not *** *** ********* ** "****"
  • ****** ***** ************: ****** ******** ******** for ******** ***** *******
  • ****** ******** *****: **** ** ****** encryptions ****** ******* ** ******* ******** for **** ** *******

Axis ********

**** ********** ******** ** **** ********** **** ** ******** ******** *** patched ********** ****** *** *************** ** *****, which ******** *** ********* **** ****** models.

More *********** ****** / ******** ******

**** *** **** *** ******, **** will ** ********** **** *************** **** more *************, **** *** *********** ********** periods ***.

**** ***** **** * ******** ****** on *** ************* ** *** ***** surveillance ********, ***** *** **** * common ********* ***** *** **** *************. Cybersecurity ******** **** *** *** ****** significant ******** ********* ****** ** **** of *** ************* **** **** ******** from ******** ***************. ****, ***** *** pricing **** **** *** ****** *** manufacturer, *** **** ** ******* **** are ******** *** *** **** *** approaching *** ******, **** *** **** a ********* **** ******* ********.

Addendum: **** ******** ** *********

***** ** ******** *** ********** ********* to *** ******* ******, ** ******* VDOO * **** ** ********* *** they *********. ***** *** * *** remaining ****** ** ******* **** ** are ***** ** ********** **** **** for *************, *** ** **** **** those ********* ** **** ** ** receive ****.

****: ** ***** **** ***** *** agreements **** ************* *** **** **** not *** *********, ** **** ***** them *** ******* *****.

  • *: **** ** *** ******* / method **** **** ******** ******* *** a ************ ** ******* * *******? Does * ************ **** ***** ******* to ***?  
  • *: "**** **************-**************** ** ******** ** *** ******'* firmware ****, **** ** **** *** require *** ****** ** *** ******** device ** ** *** ****** ****. It **** ******** ** ********* ******** to ***** *** ************ ** ******** implement ********-********* ******** ****** *** ***** security ** ******"
  • *: *** *** ********** *** ***** system ** ******** *** ********/******** ** just ********?
  • *:*** ******** ******* ******* ******-******** ******** requirements, ******** ** *** ******** ***** of *** ******, ***** *** ******** and ******** ********** *** *** ******** risk *******.
  • *:*** *** ******* *************** ** ** camera ******** **** **** **** ****** eliminated ** ***** **********, ** *** they ****** ****** **** *** *********? 
  • *:** *******, ****** *** ******** **’** seen **** ********* **** *** ******’* expect ** *** ** ****. **’** seen **** ** ********* ******* ** well ** ** **** “*********” *** products & ******* ** *** ****** of Safety *** ********.
  • *: ** **** ******* ****** *** these *********** ****** ** **** *********? 
  • *: *** ******** ** ** ** out ** *** *** *** ** commercialize ***** ******** ** * ******* “***********” marketing ******. ** *** * ***** deal ** ******** ** (*) ****** guidance (**** ** ******) - ** fix *** ****** ********, ** **** as (*) **** ******** - ** make **** **** ******** *** ********* attack, **** ** ** ****** ** not **********; *** (*) ******* *********** to *** ******** ****** ** **** as “lessons *******” ** ***** ******* ** better ********* ******** *** *** ******** architecture *** ****** *****.
  • *: *** ***** ***** ******** ********** you *** ********* ********/******* *************** ***** now?
  • *:** **** ******** ********* ******* *******, a ******* ***** ******** *** *************** of ********* ******* **** *** ****** and ******** ****** *** ************ **** the ************ ******* ********. **** ***** these **** ** ******** ***** **** have ****** ****** ** ******** ********** hence, ****** ** ********** “********” ** the ******** *** ******* *** ***** level ** ********.
  • *: *** **** *** ******* ****** manufacturer ******** **** ******* **** *** contact ****? **** *** **** *******/*********?
  • *:** **** ********* ** ******** **** all *** ******* ************* ** **** been ******* **** **** ******* *** realization **** **** *** ** ****** ignore *****-******** *** ** *** **** the ********* ** ** “*******” ** “skeptical”. **** ********* **** **** *** being ***** **** *** **** ** their ********* ********* ***** ********’ ********.
  • *:** ***** ************ ****** ********* ** sign ** *** **** ******* **** VDOO *** **** **** **** *** with **** *** ******? *'* *** for ******* ************* *** *******, *** this ***** * ****** **** *********, unless **** *** ****** *** ***** clients
  • *:***** ** * ***** *********** ******* the ************* ********** *******, ***** ** will ******** ** **** **** ***** manufacturer ***** ** *** ******** **** practice ********** **. * ************* ****** in ***** ******** ********** ***** ************* discovery ** **** * ******** ** what **** ** ********* *** *** set ** ******* & ********, *** with * **** ** ************* *** entire ******** ******* ** *** ************* products. ********, **** * ************ ************* uses *** ********* ******** **** ********, as * *** ******* ******* ****** by *** ************ ******* *** **********, the *********** ************* ********* ** *** analysis ****** *** *** ******* **** not ** ****** **** **, ***** we **** *** ** **** ** access ** *** ******* **. ** the ************ ******* ** ******* *** product, ** **** ******* **** *********** and **** *********, *** ************* ******* will ** ****** ********. ** *** two ***** **** **** *********, ** provided **** **** ***** **** (**. industry **** *********) *** *** ************* to *** ***** ***************, ** **** as ********, ************ **** ***** ********** indeed ******* *** *************** *** ******** they ******* ***** ********'* *****.

 

Comments (33)
U
Undisclosed #1
Jun 20, 2018

** ********* *** ***** ********* ***** cyber ******** **** ***** ***** ***** guys * ****** ****** ** ***** source **** ****** ***. **** ****** way ** **** **** ********** *** commitment **** ** ****** **** ** open ********. 

(5)
(1)
Avatar
Sean Nelson
Jun 20, 2018
Nelly's Security

****** **** * ***** ****. * assume **** *** ****** ** ** the ** ** *** ************* *****. Is ** $**,*** *** ******* ** $50,000 *** *** ********? ** $**,*** for **** *******, **** ** ****** steep. $**,*** ********** ** **** *** products ****** **** ***.

(4)
Avatar
Sean Patton
Jun 20, 2018
IPVM

**** ** ** ******** **** ****, *for *** ******** **** ********************* ** **** ******, ********* ** how **** ********* ********* ** ****/******** are ********. * ***** ******* ************* with ****** *** ******* ******* ***** (video, ****** *******, *********, ***) ***** have ** *** ****.

*****: ********** ** *********, *** ***** estimation *** *starting ***** for pricing to manufacturers.

(1)
(1)
Avatar
Sean Nelson
Jun 20, 2018
Nelly's Security

***, **** ** * **** ***** for * ************. * **** **** gain ******** ** * ***** **** ** a ***** ****. ** **** ** industry ****** **** **** **** ************* can **** ** ** *** ***** products ********* **** ** ******** ******* source.

(5)
Avatar
Sean Patton
Jun 20, 2018
IPVM

*** ** ** ***** ** *************, *****? *****...?

(5)
Avatar
John Bazyk
Jun 20, 2018
Command Corporation • IPVMU Certified

* **** **** *******. 

(1)
MM
Michael Miller
Jun 20, 2018

**’* **** *** ***** ******** ** be *** ******** *** ******** *******.  I **** *** ************ *** **** as * ********.  **** **.

(6)
bm
bashis mcw
Jun 20, 2018

********* ****** ****** (***** ****) ** ****** to **** *** ***** ******* *** remarkable * **** ***, **** *** VDOO!

***** **** *** ******** **** ***** for ************, ***'* *** **** ************ get **** ***.

 

(2)
(1)
U
Undisclosed #3
Jun 20, 2018
IPVMU Certified

********* ****** ****** (***** ****) ** easily...

**, *** *** ******* *******?

UI
Undisclosed Integrator #2
Jun 20, 2018

 **** ***** *** ******** ** ***** to *** **** ************* *******?

 

(1)
Avatar
John Scanlan
Jun 20, 2018
IPVM • IPVMU Certified

***: ***, ** ****** **** *** new *************** ***** ** **** ****.

(1)
U
Undisclosed #4
Jun 20, 2018

*** *** **** ******* ******* **** which ** *****, *** ****** ******* against **** ***** ** *** *****.

(1)
U
Undisclosed #3
Jun 20, 2018
IPVMU Certified

*** *** **** ******* ******* **** which ** *****, *** ****** ******* against **** ***** ** *** *****.

********* **’** ****** ***********?

U
Undisclosed #4
Jun 21, 2018

**** ****** ****/***** **** *** ****** welcome ** ****** ***** ******* ** the ******* ****.

*******, *** **** ** ****** **** evolving ********* ****** ** ************* ***** to ******* *** **** ** *****.

*** ***** **** **** ****** **** into *** ***** ** *** ******** seeker.

********* ********-** ***** ** **** *** arrow *** ****** *** ******** *** useless ** ***** *** ********** ***** of ***********.

******** *** ******* **** ** **** the ****** *** *** ******* ****** is *** ** *** ********'* **** interest, ** **** **** *** *******/****.

********* ********** ** ****. ****** *** hunted ***********, ****.

** ** ********** ** *** *** wide **** ******** ***** **** ** real ***** ** ******** ******** ** the *************** **** **** ***** ***********. 

********* ********** *** ******** *********, ******** subversion *** ************ ** **** * back **** ** ***** *****-*** *********.

*** ***** ** ****. 

(4)
UI
Undisclosed Integrator #9
Jun 25, 2018

*** **** ** ************** *******.

(2)
UI
Undisclosed Integrator #9
Jun 25, 2018

** *** ****** **** *** ****.

TH
Terrence Harless
Jun 20, 2018

**** *******, ** ***** ************ ****** companies ** **** ** *** **** ******* will **** *** **** **** **** did **** **** *** ******? *'* all *** ******* ************* *** *******, but **** ***** * ****** **** extortion, ****** **** *** ****** *** their *******.

bm
bashis mcw
Jun 20, 2018

**** ****** ***** **** ** ***, as *** **** ** *** >$**,*** to **** **** ********** ********, **** that *** ******* *** ****?

Avatar
Sean Nelson
Jun 20, 2018
Nelly's Security

** ***** ** **** **** *** using **** *** *********. 

Avatar
Sean Patton
Jun 20, 2018
IPVM

****** *** *** ********, * ******* out ** **** *** * ********.

** *******, * ****** ******* **** would ******* * ******* ** ***-**********, and **** ********** ********, ******* *** consent ** *** ************, ********* **** missed?

(1)
(1)
JH
John Honovich
Jun 20, 2018
IPVM

***** ******* * ******* ** ***-**********, and **** ********** ********, ******* *** consent ** *** ************, ********* **** missed?

*** ******* ** *** ********. ***'* *** I *** *********. * **** ** VDOO *** *** "*** **** ** me." I *** ** *****. * ***** later VDOO ***** **** *** **** ** found ** ******** ***************. *** ******** then **: ** * ****** ** VDOO, **** **** ******** ***** ***************?

(3)
Avatar
Sean Patton
Jun 20, 2018
IPVM

* ***, *** *** **** ******* at *** ***-********* *****. * ******* there ***** ** ******** ** *** manufacturer *** ****** ** **** * new ******* ** * ******** ***** to ******* *** ************* ****.

****, *** ****** ******** ********** ****** worrying ***** ************* ******.

TH
Terrence Harless
Jun 20, 2018

**** ** ***** * *** ****** from, ** **** **** *** **** a *********** **** **** *** ********* ****. For ******* ******** ****, ** **** both **** *** **** *************, **** VDOO *** **** ********* ** **** the *** **** ***'* ***** ******. If **'* *** ******, ***** ** be * ****** ********* ***** **. Show ** $**,*** ** ** **** write ** ******* ***** **** *************.

Avatar
Sean Nelson
Jun 20, 2018
Nelly's Security

** **** *** *** ********* **** pay **** $***, **** ***** ****** crappy *** * **** ******* **** companies ***** ******** **** ****. **** should ***** *** ****** ** ** the *************.

* ***** ****** **** *** ****** companies ********** ***** *** ** ****** attention *** ********* ******** ***** ** smart.

* ***** ********** ** **** ***** the ******* ** *** ************ *** not ******* ** *** ************* ** a ********** ****** ** ****, *** public ****** ********. *** **** **** * think **** ***** **** ** ****** the ************ ** **** **** ******* you *** ***** ** ****** ******** someone **** **** *** *** ****.

(2)
Avatar
Sean Patton
Jun 20, 2018
IPVM

**** ***** *****, ****** *** ********** your *****.

* ***** ********* ** * ****** way ** *** **, ****** **** stop *********** ********** *************** *** ***-******** at **** *****.

UM
Undisclosed Manufacturer #8
Jun 21, 2018

** * ************ ***** ***** ***** cyber ********, *** $*** ** ***** well *****.  ** ***** * ********** to ***** ********. ****, ****/** * vulnerability ** *****, * ***** ****** VDOO ***** **** **** * ***** up *** **** ** ***** ****** full **********.  ** **** **** *** announce *** ***** *** **********, *** the ************ ***** ***** ********** ** cyber.

************* ***** ***** $ ** *********** testing...

(2)
UM
Undisclosed Manufacturer #6
Jun 20, 2018

* ***** ***** **** ***** **** only ******** ********* ** ************* **** an ********* ** ******** ***** * predetermined ****** ** **** ** ******** that *** ******* ******** *** *** disclose *** ***** ****** *** ***-******* period, ******** **** **** ****** *******.

************* ******* ** ********* ****** ** given * ***** **** ** **** disclose.

U
Undisclosed
Jun 21, 2018

**** ** **** *** ********** **** details (***** *** ****** **** ****** out ** *** ***'* **** **** their *****.)

Avatar
Sean Patton
Jun 21, 2018
IPVM

****** ******, * **** ** ****** the **** ** **** ****, *** will ** ******** *** ** *** when ***** ******* **** ******** ** the ***(*).

Avatar
Sean Patton
Jun 28, 2018
IPVM

**** ******** **** ********** ** *** people **** **** *** *** ********* details **** **** *****, ** **** anyone ***** ** ****** ****.

UE
Undisclosed End User #7
Jun 21, 2018

* ***** **** *****/***** **** * great "******" *** ******** *******....

(1)
Avatar
Sean Patton
Jun 24, 2018
IPVM

** ******** ******* *** **** ***** to *** ******.

***** ** ******** *** ********** ********* to *** ******* ******, ** ******* VDOO * **** ** ********* *** they *********. ***** *** * *** remaining ****** ** ******* **** ** are ***** ** ********** **** **** for *************, *** ** **** **** those ********* ** **** ** ** receive ****.

  • *: **** ** *** ******* / method **** **** ******** ******* *** a ************ ** ******* * *******? Does * ************ **** ***** ******* to ***?
  • *: "**** **************-**************** ** ******** ** *** ******'* firmware ****, **** ** **** *** require *** ****** ** *** ******** device ** ** *** ****** ****. It **** ******** ** ********* ******** to ***** *** ************ ** ******** implement ********-********* ******** ****** *** ***** security ** ******"
  • *: *** *** ********** *** ***** system ** ******** *** ********/******** ** just ********?
  • *:*** ******** ******* ******* ******-******** ******** requirements, ******** ** *** ******** ***** of *** ******, ***** *** ******** and ******** ********** *** *** ******** risk *******.
  • *:*** *** ******* *************** ** ** camera ******** **** **** **** ****** eliminated ** ***** **********, ** *** they ****** ****** **** *** *********?
  • *:** *******, ****** *** ******** **’** seen **** ********* **** *** ******’* expect ** *** ** ****. **’** seen **** ** ********* ******* ** well ** ** **** “*********” *** products & ******* ** *** ****** of ****** *** ********.
  • *: ** **** ******* ****** *** these *********** ****** ** **** *********?
  • *: *** ******** ** ** ** out ** *** *** *** ** commercialize ***** ******** ** * ******* “traditional” ********* ******. ** *** * great **** ** ******** ** (*) vendor ******** (**** ** ******) - to *** *** ****** ********, ** well ** (*) **** ******** - to **** **** **** ******** *** potential ******, **** ** ** ****** is *** **********; *** (*) ******* instruction ** *** ******** ****** ** well ** “******* *******” ** ***** vendors ** ****** ********* ******** *** fix ******** ************ *** ****** *****.
  • *: *** ***** ***** ******** ********** you *** ********* ********/******* *************** ***** now?
  • *:** **** ******** ********* ******* *******, a ******* ***** ******** *** *************** of ********* ******* **** *** ****** and ******** ****** *** ************ **** the ************ ******* ********. **** ***** these **** ** ******** ***** **** have ****** ****** ** ******** ********** hence, ****** ** ********** “********” ** the ******** *** ******* *** ***** level ** ********.
  • *: *** **** *** ******* ****** manufacturer ******** **** ******* **** *** contact ****? **** *** **** *******/*********?
  • *:** **** ********* ** ******** **** all *** ******* ************* ** **** been ******* **** **** ******* *** realization **** **** *** ** ****** ignore *****-******** *** ** *** **** the ********* ** ** “*******” ** “skeptical”. **** ********* **** **** *** being ***** **** *** **** ** their ********* ********* ***** ********’ ********.
  • *:** ***** ************ ****** ********* ** sign ** *** **** ******* **** VDOO *** **** **** **** *** with **** *** ******? *'* *** for ******* ************* *** *******, *** this ***** * ****** **** *********, unless **** *** ****** *** ***** clients
  • *:***** ** * ***** *********** ******* the ************* ********** *******, ***** ** will ******** ** **** **** ***** manufacturer ***** ** *** ******** **** practice ********** **. * ************* ****** in ***** ******** ********** ***** ************* discovery ** **** * ******** ** what **** ** ********* *** *** set ** ******* & ********, *** with * **** ** ************* *** entire ******** ******* ** *** ************* products. ********, **** * ************ ************* uses *** ********* ******** **** ********, as * *** ******* ******* ****** by *** ************ ******* *** **********, the *********** ************* ********* ** *** analysis ****** *** *** ******* **** not ** ****** **** **, ***** we **** *** ** **** ** access ** *** ******* **. ** the ************ ******* ** ******* *** product, ** **** ******* **** *********** and **** *********, *** ************* ******* will ** ****** ********. ** *** two ***** **** **** *********, ** provided **** **** ***** **** (**. industry **** *********) *** *** ************* to *** ***** ***************, ** **** as ********, ************ **** ***** ********** indeed ******* *** *************** *** ******** they ******* ***** ********'* *****.
JH
John Honovich
Aug 07, 2018
IPVM
(1)