http://www.wired.com/politics/security/news/2007/10/camera_hack
By Ryan Singel
Wired.com
10.01.07
If you've seen a Hollywood caper movie in the last 20 years you know the
old video-camera-spoofing trick. That's where the criminal mastermind
taps into a surveillance camera system and substitutes his own video
stream, leaving hapless security guards watching an endless loop of
absolutely-nothing-happening while the bank robber empties the vault.
Now white-hat hackers have demonstrated a technique that neatly
replicates that old standby.
Amir Azam and Adrian Pastor, researchers at London-based security firm
ProCheckUp [1], discovered that they can redirect what video file is
played back by an AXIS 2100 surveillance camera, a common industrial
security camera that boasts a web interface, allowing guards to monitor
a building from anywhere in the world.
Internet voyeurs have already discovered how to use search engines to
find and view [2] video of surveillance cameras that are ostensibly
private, but this attack seems to be the first that actually lets an
outsider control a camera's playback.
This hack (.pdf) [3] works by combining a few vulnerabilities in how the
camera's accompanying software accepts input -- a type of security hole
known as cross site scripting, or XSS.
In this case, the attacker first sends some malformed information --
which is actually JavaScript -- to the camera's web server, which then
writes that information to the log files. When the camera's
administrator checks the logs, the JavaScript executes, creating a new
user account and e-mailing the attacker that the new account has been
created.
>From there the attacker can simply change the HTML on the camera viewing
page to secretly point the playback screen to another video file -- one
that can even be hosted on another web site.
The snag in this scenario is getting the person who administers the
camera to check the log files, but Azam and Pastor suggest that could be
done by first targeting the camera with a flood of traffic to briefly
impede its service. The camera's administrator would then likely check
the logs to look for error codes, thus inadvertently triggering the
exploit.
The sophisticated switcheroo can be seen in this video [4], where an
Axis 2100 camera's playback is replaced by a small spinning globe (you
must watch closely to see the change).
Web-enabled cameras, such as those sold by Axis, are increasingly
popular for security applications since they can be accessed by the
administrator from any internet connection, which distinguishes them
from more traditional, analog cameras which operate on their own wires
and have fewer features.
The AXIS 2100 is an older model that is no longer supported by the
maker. But Azam and Pastor say the vulnerability points to the kind of
flaws that can show up on any device attached to a computer network, and
that holes in older software may find their way into newer software
since companies routinely reuse code.
A spokesperson for Axis [5] was not immediately available for comment.
[1]
http://procheckup.com/
[2]
http://www.mydigitallife.info/2006/11/27/hack-to-search-and-view-free-live-webcam-with-google-search/
[3]
http://www.procheckup.com/Vulnerability_Axis_2100_research.pdf
[4]
http://www.youtube.com/watch?v=Hd3YzxQTQ1U
[5]
http://www.axis.com/
Received on Sat Mar 02 2024 - 00:57:17 CST