Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

The IoT space is known for horrid security practices. So, this author decided to do some research into CCTV cameras.

The bulk of this attack comes down to spoofing in the architecture. When a device is camera is registered, it sends the server the details, such as the MAC address and cloud device ID. Now, the source IP is associated with this device ID.

When a client wants to see the video, the server tells the camera about a relay server and connects there to stream the data. This validates sends the username and password that the user provides prior to streaming.

Because of all of this logic, the author was interested in the registration functionality. What if you spoofed the registration under a different cloud camera ID and handled the relaying process? Because of we now control the camera, when a user tries to login, we can steal their credentials and stream their camera.

At this point, the author wanted to be a meme. So, with this far into the process of becoming a camera, they decided to inject video feed into the stream with the spoofed camera. The final video shows him launching this attack to freeze time like in National Treasure. It's pretty awesome!

The camera only requires authentication remotely. If on the same LAN as the camera, port 554 (RTSP) can be used in order to stream the contents of the camera directly.

Overall, this is an interesting attack that is different than pop a shell while still being effective. Business logic issues can be the worst bugs, they just require a deeper understanding of the system being used.