Search results

The flaws in this article are not as severe as the new results found in my recent paper ([Paper] Spying on the Spy: Security Analysis of Hidden Cameras). I have been working (along with my university) to raise these concerns to news agencies as they are currently unaware of how bad these attacks...

If you have one, throw it out. If you don't have one, don't buy one. It is possible to enumerate (or brute-force) serials. You aren't necessarily safe because you haven't posted it anywhere. By enumerating serials, its possible to spawn up a botnet of all online devices. If it's connected to the...

The specific modules in question provide no option to disable p2p. However, if disconnected from the internet, anyone on the LAN could still bypass the auth and gain full access. This includes shell, live stream and full downloading of the filesystem.

The vulnerabilities allow me to bypass your firewall and access any device in your LAN. I could listen to unencrypted comms, control your printer, access local file servers, control your smart home etc. I made a demo that allowed me to control my HomeKit setup remotely. These things are...

Thank you! I will be presenting it in August at NSS 2023: 17th International Conference on Network and System Security (NSS-SocialSec 2023).

I just published a paper exposing serial-number based flaws in p2p devices. You can perform remote code execution on a target device with the mere knowledge of the serial. You can see the post here: [Paper] Spying on the Spy: Security Analysis of Hidden Cameras

Sorry for the bump, but for anyone interested, I have just written a paper exposing significant security flaws in these specific modules. You can see the post here: [Paper] Spying on the Spy: Security Analysis of Hidden Cameras Sam

After investigating a collection of generic Chinese hidden camera modules, I identified several critical vulnerabilities that enable attackers to gain full control over a target device from anywhere in the world. The problem is that these modules are components in various devices sold online (on...