Hijacking occurs when the security of the server where the video feed collected by the camera is accessed and altered by unauthorized personnel. Hijacking mostly occurs in the transmission of the data over the network. Most of the wireless IP camera connected to the internet are at a high risk of being accessed by intruders and altering the firmware. Since the devices are exposed on the internet, they can easily be attacked by hackers.
There are tutorials on the internet which enable the hackers to set port-forwarding rules in the router. The hackers begin by finding the camera from the search engines such as shodan for a HTTP header. The header must be specific to the web-based interface used by the camera. For companies which have configured their DNS like the Foscam have a hostname assigned to them such as [namespace].myfoscam.org. When the hackers scan the whole hostname, they can identify the Foscam cameras connected to the internet.
Methods of Attacks
Out of every ten cameras on the internet, one can log in with a default administrator username with no password. Most wireless IP cameras are hacked as a result of allowing attackers to have a snapshot of the memory of the device. Memory dump of the device contains the username and passwords of the administrator and other private, sensitive information. Other sensitive information remotely accessed by the attackers are details about the local network and Wifi credentials. Even with the latest firmware version, the vulnerability of the gadget can be manipulated with the access of the user details.
Request Forgery for a Cross-site
It is a method of attacking the devices using an interface which tricks the administrator of the camera to open a link which is specifically crafted. Through CSRF, the internet can the attacker can initiate a secondary administrator to the camera by creating another account.Through this, the attacker will run the device and even change the password.
Brute force
This is an attack carried out to the camera by the hacker to allow them to guess passwords of the administrator logins. Through brute force attack, the attacker extends the passwords trials from the limited 12 attempts.
Firmware attack
When the attacker gains access to the camera, he or she changes the version of the firmware. The new version of the firmware is downloaded from the internet, unpacked, a rogue code is then added to it and finally written back to the device.
Since the firmware is Uclinux based, the which a Linux operating system for devices which are embedded. In technical understanding, wireless IP cameras are connected to the internet as Linux machines. They can make arbitrary run in software such as botnet client or scanner hence the attacker can easily hack the firmware with a hidden identity.
Firmware Modification
This is another form of attack is through modification of the firmware to make it run in a port 80 of the proxy server and not the web interface. This will make the device to firmware to behave differently depending on the way the attacker prefers.
Web Interface Poisoning
In this scenario of attack, the web interface is positioned to load a Javascript code piece which is remotely hosted. Through this, the hacker will compromise browser of the camera administrator when he or she visits or accesses the interface.
No comments:
Post a Comment