Security cameras used to be analog devices feeding back into a room full of tiny screens and commercial grade VCRs. As technology moved forward, IP cameras began to proliferate. Early models simply presented a video stream and configuration page to the local network. Modern models aimed at the home market differ however. More often than not, configuration is through a strange smartphone app, and video is accessed through third-party servers. It’s all a bit oblique, and so [Alex] decided to take a look under the hood.
The exploration begins externally, with [Alex] capturing data sent to and from the camera with Wireshark. Straight away, red flags are raised. For as yet unknown reasons, the camera attempts to resolve Google, Facebook and Alibaba servers over DNS. Disassembly then follows, revealing that a serial terminal with root access is available. [Alex] uses this to probe around, uncovering the firmware update script and a way to decrypt said updates.
The work thus is a great example of how to approach hacking a given device from first principles. The overall goal is to find a way to gain complete control over the camera, reprogramming it to serve up video as [Alex] wishes, rather than to a distant third party server. It’s not the first time we’ve seen an IP camera hacked, and we doubt it will be the last. If you’ve got one cracked, be sure to let us know.
Reverse Engineering A Modern IP Camera
Source: HackADay
