Cyber Security Demonstrations using Penetration Testing on Wi-Fi Cameras / Cybersäkerhetsdemonstrationer genom penetrationstestning av Wi-Fi-kameror

Gustafsson, Hanna, Kvist, Hanna

January 2022

Cyber security is a rapidly changing area that contributes to people increasingly being exposed to Internet of Things (IoT). The risks of using IoT do not get enough attention from the users, nor does the supplier of the devices take full responsibility for security. There is a lack of comprehensive standards for secure products and without proper security measures, organizations using IoT are at risk of greater damage. There is a need of educating a diverse range of individuals within the area of cyber security, to reduce the risks of being a future victim. This thesis aims to increase the awareness and knowledge regarding current cyber security threats, by developing educational demonstrations. Two Wi-Fi cameras were penetration tested from an isolated network, where successful experiments showed that it was possible to remotely access the video stream of one camera, and extract the entire content of the SD card, without any requirements of user credentials. It was also shown that motion detection and privacy mode were possible to remotely enable and disable. Successful experiments also showed that a DoS attack could be carried out, by remotely rebooting one of the cameras. Additionally, a qualitative study was conducted, resulting in valuable criteria that a cyber security demonstration should fulfill. The vulnerabilities in both cameras were utilized developing five Proof of Concept demonstrations, presenting attack scenarios of i.a. an attacker breaking in without detection, espionage and blackmail. These demonstrations could be used in education to increase awareness of cyber security.

Cyber Security

Education

Demonstration

Wi-Fi Camera

Vulnerability

IoT

Penetration Testing

Computer and Information Sciences

Data- och informationsvetenskap

Security analysis of a modern smart camera / Säkerhetsanalys av en smart kamera

Johannesson, Simon, Pettersson, Victor

January 2022

IoT devices have historically lacked in the security standards but at the same time it is a continuously growing market it is important that the security analyzes continue in order to evaluate the development of the security in the IoT industry. This research is a security analysis of the Deltaco SH-IPC05 WIFI Camera, it is an inexpensive device that can be accessed through a mobile application from anywhere on the internet via the cloud. It follows the Practical and Agile Threat Research for IoT (PatrIoT) methodology and is delimited to network traffic and the software of the device. Due to legal limitations the cloud is not included in the analysis and the hardware security is not included due to time constraints. The device was found to use default credentials for its Open Network Video Interface Forum (ONVIF) service, but it is easy for a user to change the default password from the mobile application if the user can guess what the default password is, and the service is not enabled by default. Three DoS attacks were identified to be effective, two of which caused the device to crash and reboot and the third one prevented the camera from responding until the attack ended. One of the attacks that consistently crashed the camera, could keep crashing the camera repeatedly thus keeping it offline. When analyzing the network traffic, it was possible to consistently detect the packets that notified users of motion or sound detection by looking for specific TCP packet sizes and ports. Although some issues were found the device appeared to be generally secure with encrypted network traffic and minimally exposed services. / Bland IoT-enheter har säkerheten historiskt sett ofta varit eftersatt men det är samtidigt en ständigt växande marknad, därför är det viktigt att säkerhetsanalyserna fortsätter för att utvärdera utvecklingen av säkerheten inom IoT industrin. Denna rapport är resultatet av en säkerhetsanalys av Deltaco SH-IPC05 WIFI Camera, det är en billig enhet som kan nås genom en mobilapplikation via molnet. Den följer metodiken för Practical and Agile Threat Research for IoT (PatrIoT) och är avgränsad till nätverkstrafik och enhetens programvara. På grund av juridiska begränsningar ingår det inte att analysera molnet och hårdvara ingår inte på grund av tidsbrist. Enheten visade sig använda standardlösenord för sin ONVIF-tjänst men tjänsten måste aktiveras av användaren och det är möjligt att ändra lösenordet via mobilapplikationen om användaren kan gissa sig till standardlösenordet. Enheten var mottaglig för tre olika DoS-attacker. Två av dem fick kameran att krasha och starta om varav en av dem kunde återupprepas för att hålla enheten offline så länge som önskades. Det var möjligt att identifiera de paket som skickades från kameran när den skulle notifiera användare om upptäckta rörelser eller ljud. Även om vissa problem hittades verkade enheten vara säker i allmänhet med krypterad nätverkstrafik och minimalt exponerade tjänster.

Internet of Things

Security

Pentesting

PatrIoT

Wi-Fi Camera

Sakernas internet

Säkerhet

Penetrationstest

PatrIot

Wi-Fi-Kamera

Computer and Information Sciences

Data- och informationsvetenskap