Presented at
DEF CON 33 (2025),
Aug. 9, 2025, 10 a.m.
(20 minutes).
What are the consequences if an adversary compromises the surveillance cameras of thousands of leading Western organizations and companies? As trust in Chinese-made IoT devices declines, organizations face limited alternatives—especially in video surveillance. Many governments have already banned Dahua and Hikvision products in sensitive facilities, further narrowing their choices. This concern drove our research, revealing that surveillance platforms can be double-edged swords.
We focused on Axis Communications, a major player in video surveillance widely used by U.S. government agencies, schools, medical facilities, and Fortune 500 companies.
In our talk, we will present an in-depth analysis of the Axis.Remoting communication protocol, uncovering critical vulnerabilities that allow attackers to achieve pre-auth RCE on Axis platforms. This access could serve as a gateway into an organization’s internal network via its surveillance infrastructure. Additionally, we identified a novel technique for passive data exfiltration, enabling attackers to map organizations using this equipment—potentially aiding in targeted attacks.
Presenters:
-
Noam Moshe
Noam Moshe is a vulnerability researcher and Team Lead at Claroty Team82. Noam specializes in vulnerability research, web applications pentesting, malware analysis, network forensics and ICS/SCADA security. In addition, Noam presented in well-known Hacking conferences like Blackhat/Defcon, as well as won Master of Pwn at Pwn2Own Miami 2023
Similar Presentations: