To make it more difficult to hack the device, the manufacturer should set a unique Telnet code/password for each device that is provided to the user in the camera package upon purchase. Weak Telnet credentials allow an attacker to easily gain shell access into the device. For our test account, we used the credentials as the username and " test1234" as the password.Īnyone with access to the camera owner's computer could open this XML file to find the credentials for logging into the system, then obtain/delete any camera recordings as they wish.
#Svat camera hack password#
The XML file had an interesting element "User" containing the email address we used to log in and a seemingly random string for its Password value. This meant that there was some sort of session tracking or caching involved somewhere that allows us to use the program without needing to authenticate after the first time.ĭigging into the installation directory, we discovered a suspicious XML file in the program directory at C:\Program Files\IP Camera\Config\_config.xml. While playing with the program, we realised that we did not have to authenticate again after the first instance of logging in even if we closed the program or restarted the computer. After installing the program on my computer, I had to log in using the same credentials that were set up previously on the mobile app.
#Svat camera hack software#
Moving on from the device and corporate infrastructure, we decided to have a look at the desktop software provided to us. Testing Device Software - Insecure storage of user credentials This is more than enough targets for a resourceful attacker to possibly bring down company infrastructure or obtain sensitive customer/staff information. This device and similar ones branded as TechView are currently still being sold actively by large retailers such as Jaycar and on marketplace websites like Gumtree and Ebay.įrom this list you can already see a few possibly important services: You are able to remotely view security footage and receive alerts from your mobile or computer by pairing with the device.
The smart camera worked like most security cameras on the market, making recordings when movement is detected. The device we assessed was the Techview WiFi IP security camera. I want to share technical details of how we hacked the device and discuss how one may remediate the issues. Their fear is not unfounded, as the 2018 Pyeongchang Winter Olympics in South Korea was the target of a cyberattack that is suspected to be carried out by Russian intelligence in response to the banning of Russian athletes due to a doping scandal.Įven though it has been several years since the research, this info still remains relevant. The Japanese government even have plans to hack their citizen's IoT devices, in preparation for the 2020 Tokyo Olympics due to fear that these devices may be abused to attack the Olympic Game's IT infrastructure. One recent example was the Mirai botnet, which was largely composed of IoT devices and was powerful enough to take down Netflix, Twitter, Spotify, CCN, PayPal and more for a brief period of time. A list like this is commonly used by hackers in IoT botnet operations, where they take control over thousands of vulnerable devices for the purpose of carrying out denial-of-service attacks and other malicious activity. A month into 2020 and there has already been a leak of 500,000+ passwords for IoT devices, home router and servers. Security within smart devices continues to be non-existent in 2020. Our security findings fall into several items of the OWASP IoT Top 10 (2018) list. With only several days of work, we were able to gain shell access to the device, identify connected corporate infrastructure and find security flaws with the device software.
Several years ago, I had the opportunity to carry out security research with a small team on an Internet of Things (IoT) device, as part of a wireless security course at the University of New South Wales.
0 kommentar(er)
