Meltdown and Spectre
- Thread starter remy9
- Start date
The cameras are likely vulnerable (I think they run ARM CPUs??). However it is not really a risk, since I believe for an attacker to make any use of the vulnerabilities they would need to already be running their own code on the camera.
yeah my understanding of the exploit is limited.. but something along the lines of, if a PC visits a malicious website, a carefully crafted I-frame piece of data sent back to the device said device will dump contents of kernel memory to said attacker.. revealing passwords, encryption keys god knows what.. probably what you had for breakfast this morning. 
How this can affect Ip cams in any way IDK, but was also wondering if it could be used for some useful purposes
of firmware hacking?
How this can affect Ip cams in any way IDK, but was also wondering if it could be used for some useful purposes
of firmware hacking?
I'd say these vulnerabilities are unlikely to be of much use to someone trying to build hacked firmware. As I understand it the purpose of these methods are to view protected memory, but how much good is that, really, when you have the ability to decrypt the firmware package and look at everything that way?
Usually when you hack a firmware you are building one.
mat200
IPCT Contributor
- Joined
- Jan 17, 2017
- Messages
- 14,062
- Reaction score
- 23,434
Hi Remy9,
There's still a lock down on some of that information.
In general though, you should expect that someone with the knowledge and time can break into your IP cameras.
Remember, the NSA knew of vulnerabilities for YEARS before they became public and companies attempted to fix them.
mat200
IPCT Contributor
- Joined
- Jan 17, 2017
- Messages
- 14,062
- Reaction score
- 23,434
LOL, yep... well a few in the financial IT / info sec were a bit pissed at some of that... ( mostly hoping that their vendors would have known to fix some of the easier exploits )The NSA knew and didnt tell us? That doesnt sound right.
towster
n3wb
- Joined
- Nov 19, 2017
- Messages
- 24
- Reaction score
- 0
bp2008 is correct. Unless someone is running a binary on the camera itself it would be unaffected. To take it a step further these vulnerabilities are more critical in systems where multiple things are being run as the attack allows the attacker to access memory regions that do not belong to the binary that is implementing the attack. With respect to a camera there is nothing in memory that would possibly be of interest except possibly your configuration.
The hack has nothing to do with an iframe on a malicious website but even if somehow there was a malicious binary run that way it would be attacking your desktop/laptop itself. Not the camera.
The hack has nothing to do with an iframe on a malicious website but even if somehow there was a malicious binary run that way it would be attacking your desktop/laptop itself. Not the camera.
Interesting, So the security of firmware on a device such as IP cams are not affected by these exploits. So no firmware
patches to fix possible security holes.. I'm surprised a bit, what with all the myriad of holes that have popped up in the Ip cam world, that they are unaffected..
patches to fix possible security holes.. I'm surprised a bit, what with all the myriad of holes that have popped up in the Ip cam world, that they are unaffected..
alastairstevenson
Staff member
That's exactly right, and the high-value exploit targets will be the multiple large and small VMs handling sensitive data that run on a single hardware host platform, bare metal or OS-based..
The confidence that these can be isolated sufficiently to achieve certain high levels of security accreditation has been seriously dented.
While this is true, most hacks are related to an attacker exploiting a hole in your system to run his code—so the risk is the same it’s always been and there’s just another avenue for exploit code to get its work done. Yes, your 150USD IP camera is not a high value target, but once this becomes “script kiddie” simple, and it’s practically there, your camera will continue to be owned to mine Bitcoin or whatnot just like it is today.