Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hush Smart Baby Monitor Exploit

Published byEmma Fleury Modified over 5 years ago

Similar presentations

Presentation on theme: "Hush Smart Baby Monitor Exploit"— Presentation transcript:

1 Hush Smart Baby Monitor Exploit
Ross Heenan Abertay University - Division of Cyber Security

2 Hush Smart Baby Monitor
The Hush Smart Baby Monitor is an IP camera that allow connection locally and remotely to monitor Security Concerns & Threats to devices include existing and emerging one concerning new technologies Vulnerability in device that allows an attacker to gain unauthorised access, control of device and to further escalate exploit Ability to Locally and remotely exploit Overview of exploit will be provided (PoC) Exploit execution process

3 Overview Prerequistes Windows 7 or Linux machine
Hush Smart Baby Monitor Nmap scanner Wireshark Apktool or Java Decompilers Steps required to carry out exploit Enumeration of target device Enumeration of target accompanying software Exploitation of vulnerability Escalation of exploit

4 Enumeration Target device enumeration
First step was to connect the camera to network and discover the devices network identity (IP and MAC addresses) nmap -sn * Returned an unknown manufacturer device with IP address Port Scanning of discovered host nmap x -p Showed TCP port open

5 Software Analysis Management application (Android and iOS)
Analysis of Hush Viewer v1.4. Analysis of source code? Apktool, Java Decompilers Decompiling of apk application file apktool d NameOfApk –o OutputDir apktool d Hushviewer.apk -o Decompiled

6 Source code analysis Files extracted from decompiling apk are source
Structure can be analysed for clues Searching source code Grep, vim, nano, text editors(gedit, notepad++), scripts Searchwords User, password, pwd, http, ftp, ssh…. /net/reecam/ipc Example Internal.java ( or .smali files) grep user internal\$9.smali videostream.cgi get_wifi_scan_results.cgi get_misc.cgi get_log.cgi

7 Testing vulnerability
Network identity discovered from nmap scans IP address: Open Port: 14987 Entered in browser presents Hush Monitor log in page Details found to test authentication Username: Hush17689 Password: 4bnxKRaM25 int

8 Testing vulnerability
Wireshark Test behaviour of device and application network behaviour Log in while capturing Analyse Capture GET request shows passed in plain text over http Successful access to interface

9 Escalation of vulnerability
Access to all areas of admin panel Device Status, Live Video, Device Management Device Management Section User Settings, Network, Wireless, DDNS, Mail, FTP, Alarm etc…. DDNS Service Settings Remote Access

10 Escalation of vulnerability
DDNS Service Settings Remote Access DDNS User Name Serial of device

11 Escalation of vulnerability
Camera can be accessed externally via DDNS using Possibility to brute force remote access Random generation of two set of numbers One 4 digit within a range One 3 digit within a range One Character Append numbers either side of character Access to many cameras using hardcoded credentials to access admin panel!!!

12 Escalation of vulnerability
Spying Locking out user Malicious modification (FTP, Mail, Alarm) Corruption (Factory reset, modifying firmware)

13 http://2868h153. seecamera. info:14987/videostream. cgi

14 Compromising other devices
Devices can be generic Same hardware Manufacturer Software Insecure coding practices Hardware access (UART)

Download ppt "Hush Smart Baby Monitor Exploit"

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
PowerPoint presentation of first 25 pages of instructional manual Edith Fabiyi Essentials of Internet Access.

PowerPoint presentation of first 25 pages of instructional manual Edith Fabiyi Essentials of Internet Access.
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Enterprise Network Security Accessing the WAN Lecture week 4.

Enterprise Network Security Accessing the WAN Lecture week 4.
Network Security With nmap By *** *****. Installing nmap netlab-2# cd /usr/ports/security/nmap netlab-2# make install all.

Network Security With nmap By *** *****. Installing nmap netlab-2# cd /usr/ports/security/nmap netlab-2# make install all.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
April WebEx Intel ® Active Management Technology (AMT) LANDesk Provisioning LANDesk Server Manager.

April WebEx Intel ® Active Management Technology (AMT) LANDesk Provisioning LANDesk Server Manager.
FTP File Transfer Protocol. Introduction transfer file to/from remote host client/server model  client: side that initiates transfer (either to/from.

FTP File Transfer Protocol. Introduction transfer file to/from remote host client/server model  client: side that initiates transfer (either to/from.
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.

RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.
ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.

ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.
Software Security Testing Vinay Srinivasan cell: +91 9823104620.

Software Security Testing Vinay Srinivasan cell:

Similar presentations

Ads by Google