RE: Odd Pen-test: Security Camera

From: Drew Copley (dcopley@eeye.com)
Date: Wed May 05 2004 - 13:27:50 EDT


Make a fuzzer to give it wrong input... go for overflows,
format issues, etc... but also go for genuine randomness. In the code,
first try to find any strings in it. There may be
backdoors left in for maintenance. There should also be a lot
of clues about its' weaknesses.

See what other features are available within it. Often, embedded
devices have embedded OS's... and they leave completely unnecessary
services left running.

Cameras are no good if they can be turned off, so you may want
to note any such weakness in this manner. Examine the range of
it, to see if there are blatant blindspots. If it is motion detected,
certain motions may cause it to malfunction.

They probably wouldn't want that.

If the camera is more low dollar, then it will have minimal
software on it and everything will be done at the system which
controls it... which would make your task a lot easier as you
can just load it up in IDA. Such software is guaranteed to have
a ton of security holes in it... nobody could afford a large
enough QA to properly check it and the userbase is likely to
be small enough to have not found their own issues with it.

> -----Original Message-----
> From: Yvan Boily [mailto:yboily@seccuris.com]
> Sent: Tuesday, May 04, 2004 5:45 PM
> To: pen-test@securityfocus.com
> Subject: Odd Pen-test: Security Camera
>
>
> I was recently given an odd project. Given a configured
> security camera in
> which the hardware configuration is password protected, break
> the password
> and modify the configuration.
>
> I am completely unfamiliar with this hardware, but am going
> to give it a
> try.
>
> The camera is GVI-BCDNIR, which connects to the monitoring
> station via a
> V+2001 Multi-4 PCI capture card.
>
> The software package is a suite called TotalSecure DVR 2.2
> from Productive
> Consultants Inc.
>
> I am attempting to disassemle the software to identify the
> authentication
> mechanisms as a starting point, but any further suggestions?
>
> Yvan Boily
> Information Security Analyst
> Seccuris
>
>
> --------------------------------------------------------------
> ----------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and
> get $545 off
> any course! All of our class sizes are guaranteed to be 10
> students or less
> to facilitate one-on-one interaction with one of our expert
> instructors.
> Attend a course taught by an expert instructor with years of
> in-the-field
> pen testing experience in our state of the art hacking lab.
> Master the skills
> of an Ethical Hacker to better assess the security of your
> organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------
> -----------------
>
>
>

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:53 EDT