What IoT camera could I buy with vulnerabilities to test?

crib

crib

n3wb
Dec 20, 2024
3
2
United Kingdom
Hi guys

For my university disseration, my focus is IoT security. I plan to purchase a camera and perform a penetration test on it, and create a report based on the findings. A lot of the cameras that I've looked for (that have already discovered vulnerabilities) have already been patched. Does anyone have any recommendations or suggestions for cameras that have vulnerabilities on them that I could perform a test on it.

Cheers for the help!
 
  • Like
Reactions: mat200
Most here will say all of them have vulnerabilities.

It is why most of us don't allow them to have access to the internet, regardless of who makes it.

A camera you saw that recently had a firmware update for a vulnerability likely still has other vulnerabilities not discovered yet and at some point may or may not get an update (depends on if the camera is End of Life (EOL).

If a camera can touch the internet, it can be hacked as they don't get the daily/weekly updates that say Windows or antivirus gets.

So either find an EOL camera that wouldn't have had any recent firmware updates or some no name camera off Amazon.

But even if you went with a Hikvision or Dahua, if you are intent enough you can probably find a vulnerability not known yet or not fixed yet.
 
  • Like
Reactions: crib and mat200
crib said:
Hi guys

For my university disseration, my focus is IoT security. I plan to purchase a camera and perform a penetration test on it, and create a report based on the findings. A lot of the cameras that I've looked for (that have already discovered vulnerabilities) have already been patched. Does anyone have any recommendations or suggestions for cameras that have vulnerabilities on them that I could perform a test on it.

Cheers for the help!
Click to expand...

Welcome @crib

Sounds great !

PhD ?
Masters ?
Undergrad ?

is this to be newly discovered IoT holes ?

focus on business or home users ?

Are you using custom tools for scanning or standard tools ?
 
mat200 said:
Welcome @crib

Sounds great !

PhD ?
Masters ?
Undergrad ?

is this to be newly discovered IoT holes ?

focus on business or home users ?

Are you using custom tools for scanning or standard tools ?
Click to expand...

Undergraduate!

If I do find anything new, that's a plus but I would prefer something with known vulnerabilities, just so i'm sure that i can write about something. My focus is home users, a smaller cheap camera with a potential for open ports. I would probably use nmap, amongst other tools for scanning.
 
  • Like
Reactions: mat200
One of the earlier methods to find vulnerabilities was to unpack and disassemble a device's firmware, analyse the operation, and manually look for weaknesses in how it's been constructed.
That's much more difficult now though, as the firmware of the major suppliers has been progressively hardened against reverse engineering.
I suppose what might be interesting would be to search the publicly available registers of found vulnerabilities, pick one, get a sample of the suspected firmware, and analyse the underlying weakness.
Unless you're talking about no-name Chinese cameras, scanning for open ports by itself won't yield much of interest. The vulnerabilities have often been in the logic of implementation of how interactions with those ports have operated.
 
  • Like
Reactions: looney2ns and mat200
crib said:
Undergraduate!

If I do find anything new, that's a plus but I would prefer something with known vulnerabilities, just so i'm sure that i can write about something. My focus is home users, a smaller cheap camera with a potential for open ports. I would probably use nmap, amongst other tools for scanning.
Click to expand...

search for some youtube / other videos on ip security camera vulns ..

example try "owasp appsec conference videos" "defcon conference videos"

in the past I have seen some really good videos on the topic
 
  • Like
Reactions: alastairstevenson
I would look for cheap security cameras in the UK .. for example in the USA this should be a good one to play with :

1734727160749.png
 
  • Haha
Reactions: alastairstevenson
  • Like
Reactions: fergenheimer and alastairstevenson
mat200 said:
Hey @crib

Check out the channel I posted here
mat200

Thread 'US Government to BanTP-Link Devices - Live Hacking of a Chinese WiFi Router : Matt Brown'

US Government to BanTP-Link Devices - Live Hacking of a Chinese WiFi Router :
Matt Brown

  • Wow
  • Like


Matt Brown does a number of good videos ..
Click to expand...

Would doing hardware hacking require a lot more equipment?

wittaj said:
In that case any cheap no-name camera on Amazon that requires connection to their cloud, that is where I would start.
Click to expand...
I'll give this a shot mate, cheers!
 
You must log in or register to reply here.
Top Bottom