Presented at
DEF CON 32 (2024),
Aug. 10, 2024, 4:30 p.m.
(45 minutes).
With the development of artificial intelligence and image processing technology, the video industry such as CCTV is developing greatly. However, CCTV video may infringe on an individual's privacy, and personal information may be leaked due to hacking or illegal video collection. As such, Surveillance System's Security issues are also increasing, the importance of the video surveillance industry is becoming more prominent.
In order to prevent hacking or illegal video collection, research on camera security is being conducted. However, there is a lack of awareness of NVR (Network Video Recorder), a device that actually watches videos recorded by cameras, and research on this is also insufficient.
We selected Hikvision and Dahua, which have a high NVR market share, as target vendors, and also selected Synology's NVR-related package, Surveillance Station, as targets. Before proceeding with vulnerability analysis, several problems occurred during the file system extraction process, but U-Boot mitigation was successfully bypassed through various methods. Afterwards, various types of vulnerabilities were discovered through analysis, and OEM verification was also conducted to increase impact. We present exploit scenarios for surveillance devices through vulnerability linkage and present supply chain security issues in the Surveillance System.
1. [link](https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEF%20CON%2024%20-%20Brad-Dixon-Pin2Pwn-How-to-Root-An-Embedded-Linux-Box-With-A-Sewing-Needle-UPDATED.pdf)
2. [link](https://www.mdpi.com/1424-8220/20/17/4806)
3. [link](https://www.sciencedirect.com/science/article/pii/B978032390054600009X)
4. [link](https://arxiv.org/pdf/2202.06597)
5. [link](https://arxiv.org/abs/1904.08653)
6. [link](https://arxiv.org/pdf/1812.02361)
7. [link](https://www.researchgate.net/publication/317714199_Security_Requirements_Analysis_on_IP_Camera_via_Threat_Modeling_and_Common_Criteria)
8. [link](https://www.researchgate.net/profile/Kyounggon-Kim/publication/346494741_Derivation_of_Security_Requirements_of_Smart_TV_Based_on_STRIDE_Threat_Modeling/links/5fc50fc24585152e9be40802/Derivation-of-Security-Requirements-of-Smart-TV-Based-on-STRIDE-Threat-Modeling.pdf)
9. [link](https://scholarworks.bwise.kr/cau/handle/2019.sw.cau/25949)
10. [link](https://dl.acm.org/doi/10.1145/2995289.2995290)
11. [link](https://www.mdpi.com/2076-3417/11/12/5571)
12. [link](https://arxiv.org/abs/2302.04900)
13. [link](https://kth.diva-portal.org/smash/get/diva2:1697718/FULLTEXT01.pdf)
14. [link](https://dl.acm.org/doi/10.1145/3232829.3232832)
15. [link](https://www.sciencedirect.com/science/article/pii/S0045790622004529)
16. [link](https://www.researchgate.net/publication/334396073_Vulnerability_Analysis_of_IP_Cameras_Using_ARP_Poisoning)
Presenters:
-
Myeonghun Pak
- Researcher at KITRI
Myeonghun Pak is currently a university student and is working on offensive research. He enjoys analyzing embedded vulnerabilities.
-
Chanin Kim
- Offensive Researcher at S2W Inc
Chanin Kim has previously conducted offensive research and has experience discovering vulnerabilities in various places, including Windows, Rust, and OpenVPN. Chan In-Kim is also currently working as an Offensive Researcher at S2W Inc in Korea and is conducting various offensive research.
-
Myeongjin Shin
- Student at Chonnam National University
Myeongjin Shin is currently a student at Chonnam National University and belong to SRC lab. He is interested in vulnerability analysis and research.
Similar Presentations: