Imagine that you've purchased your small a cheap ip security camera to feel just a little better with your own physical security. Now imagine that the people who designed that camera know nothing about secure programming, security or programming at all. Imagine that your precious camera can be hijacked into a botnet with only two HTTP packets.
This presentation details two severe zero-day vulnerabilities that we've discovered (CVE-2017-5674-5) in a commonly available, white-label IP camera sold by many vendors (we ordered 40 models of cameras from 40 different merchants). Exploiting these vulnerabilities would have allowed us to get a root shell on hundreds of thousands of devices with just two HTTP packets (per device of course). While IoT hacking isn’t new, this presentation will give you a good example of what security on embedded devices looks like in today’s Mirai botnet world and how painfully easy it is to find severely alarming vulnerabilities on such devices.
I’ll walk through all the steps in our research, from hardware hacking to firmware dumping to just plain ol’ reversing. I’ll demo the exploits and explain, step by step, where the developers went wrong, what could have been done to avoid this situation and why this problem is so severe. I will even demo how these exploits can be taken a step further to compromise the entire network. There will be root shells, there will be exploits, there will be tears.