RE: Odd Pen-test: Security Camera

From: R. DuFresne (dufresne@sysinfo.com)
Date: Thu May 06 2004 - 10:51:41 EDT

• Next message: Steven Trewick: "RE: MBSA scanner"
• Previous message: Javier Fernandez-Sanguino: "Re: MBSA scanner"
• In reply to: Drew Copley: "RE: Odd Pen-test: Security Camera"
• Next in thread: Drew Copley: "RE: Odd Pen-test: Security Camera"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The low end cameras that are not hard wired to the controlling stations
and play wireless are keen to allow snooping of the images in a
"war-viewing" scenario as well.

thanks,

Ron DuFresne

On Wed, 5 May 2004, Drew Copley wrote:

> Make a fuzzer to give it wrong input... go for overflows,
> format issues, etc... but also go for genuine randomness. In the code,
> first try to find any strings in it. There may be
> backdoors left in for maintenance. There should also be a lot
> of clues about its' weaknesses.
>
> See what other features are available within it. Often, embedded
> devices have embedded OS's... and they leave completely unnecessary
> services left running.
>
> Cameras are no good if they can be turned off, so you may want
> to note any such weakness in this manner. Examine the range of
> it, to see if there are blatant blindspots. If it is motion detected,
> certain motions may cause it to malfunction.
>
> They probably wouldn't want that.
>
> If the camera is more low dollar, then it will have minimal
> software on it and everything will be done at the system which
> controls it... which would make your task a lot easier as you
> can just load it up in IDA. Such software is guaranteed to have
> a ton of security holes in it... nobody could afford a large
> enough QA to properly check it and the userbase is likely to
> be small enough to have not found their own issues with it.
>
>
>
> > -----Original Message-----
> > From: Yvan Boily [mailto:yboily@seccuris.com]
> > Sent: Tuesday, May 04, 2004 5:45 PM
> > To: pen-test@securityfocus.com
> > Subject: Odd Pen-test: Security Camera
> >
> >
> > I was recently given an odd project. Given a configured
> > security camera in
> > which the hardware configuration is password protected, break
> > the password
> > and modify the configuration.
> >
> > I am completely unfamiliar with this hardware, but am going
> > to give it a
> > try.
> >
> > The camera is GVI-BCDNIR, which connects to the monitoring
> > station via a
> > V+2001 Multi-4 PCI capture card.
> >
> > The software package is a suite called TotalSecure DVR 2.2
> > from Productive
> > Consultants Inc.
> >
> > I am attempting to disassemle the software to identify the
> > authentication
> > mechanisms as a starting point, but any further suggestions?
> >
> > Yvan Boily
> > Information Security Analyst
> > Seccuris
> >
> >
> > --------------------------------------------------------------
> > ----------------
> > Ethical Hacking at the InfoSec Institute. Mention this ad and
> > get $545 off
> > any course! All of our class sizes are guaranteed to be 10
> > students or less
> > to facilitate one-on-one interaction with one of our expert
> > instructors.
> > Attend a course taught by an expert instructor with years of
> > in-the-field
> > pen testing experience in our state of the art hacking lab.
> > Master the skills
> > of an Ethical Hacker to better assess the security of your
> > organization.
> > Visit us at:
> > http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> > --------------------------------------------------------------
> > -----------------
> >
> >
> >
>
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> -------------------------------------------------------------------------------
>

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart
testing, only testing, and damn good at it too!
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

• Next message: Steven Trewick: "RE: MBSA scanner"
• Previous message: Javier Fernandez-Sanguino: "Re: MBSA scanner"
• In reply to: Drew Copley: "RE: Odd Pen-test: Security Camera"
• Next in thread: Drew Copley: "RE: Odd Pen-test: Security Camera"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:53 EDT