Network Video Recorders (NVR) are network devices that record and store video from local and remote IP cameras on HDD storage. These NVRs are increasingly used in surveillance systems of homes and businesses. In this presentation, we will analyze the (in)security of NVRs from one of the reputed manufacturers of these devices. The presentation will cover how NVRs work, analysis of NVR firmware and a step-by-step demo of how an attacker could take complete control of these devices. Once an attacker has control of the device, he can monitor videos from all the cameras connected to the device in real time from anywhere via his smartphone.
I will also release a tool to remotely detect and own a vulnerable device in the wild.
Bharat Jogi is a Security Professional with over 5 years of experience which includes research on vulnerabilities, malware, protocol analysis, evolving attack vectors and signature development. He countinues to work for Qualys Inc. where he researches latest vulnerabilities in various products, reverse engineers binaries and malware and develops signatures to identify these threats. He holds a Masters degree in Computer Science from the University of Southern California and has been quoted in NetworkWord, SecurityCurve and other main stream media.