Black Hat 2013 - Exploiting Network Surveillance Cameras Like a Hollywood Hacker

@FarazMazhar 5 years ago

Makes D-Link joke. laughs nervously realize I also have D-Link products

@DeeWeext 8 years ago

The speakers should always repeat the questions asked.

@olfmombach260 7 years ago

This is better than comedy.

@renakunisaki 7 years ago

Some of these are so blatant, you have to wonder if they're on purpose. Oops, the one script we forgot to password-protect happens to have a trivial root command injection exploit...

@katrinal353 6 years ago

Every single time that I worry that technology is moving too fast for us security types, there's a million dollar company to prove me wrong. Every, single, goddamn time. I love it.

@freedfighter96 9 years ago

I barely know how to script, but I actually understood a good amount of that. This guy is great :D

@thefudderation444 4 years ago

Six years later, and this shit is still happening... CVE-2019-15498

@pgibsonorg 4 years ago

He failed to guard his corona now there’s an outbreak.

@YaBoiiiNikki 8 years ago

Simplicity is key: Want to be safe? Just get a camera physically connected to a hard drive. Almost 10x cheaper and definitely more secure.

@killslay 7 years ago

is that podium comically large or is he comically small

@hgbugalou 5 years ago

This is why I drop all traffic to and from my IP cameras at my edge firewall. If I want to view them remotely I will VPN into my network. It's old school but I don't trust any hardware running embedded Linux on my network. To many companies have no idea what they are doing code wise and these cameras are essentially computers to be abused.

@aeonlong8303 9 years ago

Very good presentation. The presenter is also very good with public speaking, and knew this subject very well. Also was experienced with good audience eye contact, and body language. As a former instructor/trainer myself, public speaking is not for everyone. Interesting subject, I didn't understand a lot about the coding and software values, but nonetheless it was fun/scarey to listen to what can be done. Job well done.

@lostcause7072 4 years ago

Get this man a glass of water.

@H33t3Speaks 9 years ago

For anybody wondering whether or not the byte code is x86, it is ARM. (now things make sense lol)

@themanyone 9 years ago

This guy hacks into security cameras for fun. It looks simple, but it took some brain power to figure out. Although some of these exploits are patched by now, hardly anybody updates their firmware, and someone could conceivably download new firmware and find more of these exploits in a debugger, without even having to buy the camera.

@paulx2777 8 years ago

Moral of the story: don't put your surveillance system on the Internet. And if that is impossible for you, put it behind a firewall that has been beefed up to eliminate such exploits (I'm not sure this is even realistically possible, but I'm just suggesting a possible way to deal with insecure devices of which we have no shortage).

@JasonSpiffy 9 years ago

This is great! Scary but great. Ive read about several companies doing half assed jobs doing these kinds of things. This man just showed how easy it is (for the people with the technical skill).

@msven 10 years ago

Thanks for the post. I love watching Craig's stuff. Very well explained and makes me actually want to look through firmware

@alexgittemeier9306 5 years ago

I love the Bob Evans product placement of the podium

@mandisaplaylist 4 years ago

13:28 Well, they use "high security" as one of their marketing points. Additionally, their main business focus is networking infrastructure hardware. So this networked camera insecurity fiasco is pretty relevant and pretty embarrassing for them even when "they are not a camera company".