IP Camera Security Analysis focused on Firmware Reverse Engineering
2019 (English)Independent thesis Basic level (professional degree), 5 credits / 7,5 HE credits
Student thesis
Abstract [en]
This project is focused on the security of IP cameras. The project provides an in-depth approach to conducting firmware reverse engineering as a means of finding potential vulnerabilities that can in turn be used to extract sensitive information (video feed, accounts, passwords and more) from the IP camera or be used as launching point for further attacks into the infrastructure that the IP camera belongs to.
The project looks at 4 different firmware's from 3 manufacturers; the A and B versions of the D-Link DCS-932L Cloud Camera, the TP-Link NC200 300Mbps Cloud Camera and the Tenvis TH692 Outdoor HD camera. During the reverse engineering of the firmware's belonging to previously mentioned devices a vulnerability checklist is applied to the process in order to provide a structured approach while searching through the firmware. Every firmware looked at during this project was based on an old Kernel with the same potential exploitable vulnerability.
Wi-Fi default passwords were found for the D-Link firmware versions along with plenty of information in regarding to the wireless parameters such as DHCP and DNS addresses. Tenvis TH692 contained 2 hard-coded passwords that were cracked within 80 minutes with the use of John the Ripper. TP-Link NC200 contained 1 hard-coded password that was almost instantaneously cracked.
Place, publisher, year, edition, pages
2019. , p. 19
Keywords [en]
IP Cameras, Firmware, Reverse Engineering, VMWare, John the Ripper, Hard-coded Passwords
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
URN: urn:nbn:se:hv:diva-13946Local ID: EXN300OAI: oai:DiVA.org:hv-13946DiVA, id: diva2:1322612
Subject / course
Electrotechnology
Educational program
Nätverksteknik med IT-säkerhet
Supervisors
Examiners
2019-06-112019-06-112019-06-11Bibliographically approved