DEF CON 32 - What To Expect When You’re Exploiting: 0Days Baby Monitors & Wi-Fi Cams - Mager, Forte

Поделиться
HTML-код
  • Опубликовано: 16 окт 2024
  • Home surveillance technology is a modern convenience that has been made accessible to the masses through the rise of IoT devices, namely cloud-connected Wi-Fi cameras. From parents monitoring their infants to homeowners watching their entryways, these cameras provide users with access to instant, high definition video from the convenience of a mobile phone, tablet, or PC. However, the affordability of these devices and relative ease of cloud access generally correlates to flawed security, putting users at risk. We set out to explore the attack surface of various Wi-Fi camera models to gain a deeper understanding of how these devices are being exploited. In the end, we devised methods to gain local root access, uncovered user privacy issues, discovered a zero-day vulnerability within a prominent IoT device management platform that allows attackers to gain remote control of millions of cameras worldwide and access sensitive user data, and revealed how these devices may be vulnerable to remote code execution attacks through completely unauthenticated means thanks to an inherently flawed implementation of their underlying peer to peer networking protocol. Along with demonstrating our exploits against live cameras, we will highlight the methods used to obtain our most significant findings and provide guidance on remediating the issues we encountered so these devices can be used safely in your household. We will also invite audience members to probe and attack a camera during our talk and earn a prize in the process!

Комментарии • 6

  • @TheAceTroubleshooter
    @TheAceTroubleshooter 7 часов назад

    There are much worse things to say to a 3 year old than " I love you" when hacking cameras... Lol.. poor guy just wanted someone to love :(

  • @mid-
    @mid- 8 часов назад +2

    UUUUHM

  • @theys6837
    @theys6837 6 часов назад +1

    These are ALL built in vulnerabilities ❗
    They were deliberately baked into the software.
    They are all Chinese brands 🤷‍♂️

  • @TheImpetuousDanny
    @TheImpetuousDanny 7 часов назад

    Uuuhm

  • @NotaBurnerac-iv6pp
    @NotaBurnerac-iv6pp 8 часов назад +2

    very nice talk! thank you! pls less "ah" next time

  • @DanielEdwardsds
    @DanielEdwardsds 7 часов назад

    Mon petit ami a essayé de me surprendre avec un petit déjeuner au lit. C'était sympa jusqu'à ce que je découvre qu'il avait utilisé les derniers grains de café. Ne touchez pas à la réserve de caféine d'une femme💖

Следующие
Автовоспроизведение
DEF CON 32 - Where’s the Money-Defeating ATM Disk Encryption - Matt Burch38:34DEF CON 32 - Where’s the Money-Defeating ATM Disk Encryption - Matt Burch
DEF CON 32 - Where’s the Money-Defeating ATM Disk Encryption - Matt BurchDEFCONConference
Просмотров 1,7 тыс.
MP3 CDs: a hybrid "format" that never existed, yet was surprisingly common34:18MP3 CDs: a hybrid "format" that never existed, yet was surprisingly common
MP3 CDs: a hybrid "format" that never existed, yet was surprisingly commonTechnology Connections
Просмотров 455 тыс.
DEF CON 32 -Your Smartcard is Dumb A Brief History of Hacking Access Control Systems - Chad Shortman53:22DEF CON 32 -Your Smartcard is Dumb A Brief History of Hacking Access Control Systems - Chad Shortman
DEF CON 32 -Your Smartcard is Dumb A Brief History of Hacking Access Control Systems - Chad ShortmanDEFCONConference
Просмотров 298
Help10:05Help
Helpjacksepticeye
Просмотров 2 млн
First Class on World’s Only 7 Star Sleeper Train27:07First Class on World’s Only 7 Star Sleeper Train
First Class on World’s Only 7 Star Sleeper TrainTrek Trendy
Просмотров 722 тыс.
GLIZZYGVNG, YOVNGCHIMI - REAL DEMON (Official Video)06:53GLIZZYGVNG, YOVNGCHIMI - REAL DEMON (Official Video)
GLIZZYGVNG, YOVNGCHIMI - REAL DEMON (Official Video)GLIZZY GVNG INC
Просмотров 837 тыс.
I Tried the Lunchly's21:06I Tried the Lunchly's
I Tried the Lunchly'sAugustTheDuck
Просмотров 657 тыс.
My NBN Fibre Upgrade Experience | Dirt Report18:52My NBN Fibre Upgrade Experience | Dirt Report
My NBN Fibre Upgrade Experience | Dirt ReportTech Man Pat
Просмотров 10 тыс.
Hacking the Hackers: The Art of Compromising C2 Servers with Vangelis Stykas34:39Hacking the Hackers: The Art of Compromising C2 Servers with Vangelis Stykas
Hacking the Hackers: The Art of Compromising C2 Servers with Vangelis StykasThe Security Repo
Просмотров 3,6 тыс.
The Race to Harness Quantum Computing's Mind-Bending Power | The Future With Hannah Fry24:02The Race to Harness Quantum Computing's Mind-Bending Power | The Future With Hannah Fry
The Race to Harness Quantum Computing's Mind-Bending Power | The Future With Hannah FryBloomberg Originals
Просмотров 2 млн
Young People Try Windows XP14:19Young People Try Windows XP
Young People Try Windows XPLinus Tech Tips
Просмотров 873 тыс.
SQLc is the perfect tool for those who don't like ORMs28:11SQLc is the perfect tool for those who don't like ORMs
SQLc is the perfect tool for those who don't like ORMsDreams of Code
Просмотров 61 тыс.
Discovering Backdoor in Chinese Router Firmware Update Server - Hacking the Totolink WiFi Router14:16Discovering Backdoor in Chinese Router Firmware Update Server - Hacking the Totolink WiFi Router
Discovering Backdoor in Chinese Router Firmware Update Server - Hacking the Totolink WiFi RouterMatt Brown
Просмотров 24 тыс.
DEF CON 32 - Why are you still using my server for your internet access - Thomas Boejstrup Johansen39:10DEF CON 32 - Why are you still using my server for your internet access - Thomas Boejstrup Johansen
DEF CON 32 - Why are you still using my server for your internet access - Thomas Boejstrup JohansenDEFCONConference
Просмотров 360
researcher accidentally finds 0-day affecting his entire internet service provider29:02researcher accidentally finds 0-day affecting his entire internet service provider
researcher accidentally finds 0-day affecting his entire internet service providerLow Level
Просмотров 816 тыс.
DEF CON 32 - On Your Ocean's 11 Team, I'm the AI Guy (technically Girl) - Harriet Farlow37:41DEF CON 32 - On Your Ocean's 11 Team, I'm the AI Guy (technically Girl) - Harriet Farlow
DEF CON 32 - On Your Ocean's 11 Team, I'm the AI Guy (technically Girl) - Harriet FarlowDEFCONConference
Просмотров 1,6 тыс.
Курский спектакль подходит к концу20:13Курский спектакль подходит к концу
Курский спектакль подходит к концуАнатолий Шарий
Просмотров 1,6 млн
Собираю Маню к осени ✨00:48Собираю Маню к осени ✨
Собираю Маню к осени ✨Анджилиша
Просмотров 976 тыс.
KIA K5: Гуталиновый масложор (160 ткм)30:35KIA K5: Гуталиновый масложор (160 ткм)
KIA K5: Гуталиновый масложор (160 ткм)KPOWERtuning
Просмотров 175 тыс.
Бывшая Кахи #непосредственнокаха00:20Бывшая Кахи #непосредственнокаха
Бывшая Кахи #непосредственнокахаК-Media
Просмотров 323 тыс.
ХОТЕЛА НАЧАТЬ ЖИТЬ ЗАНОВО НО УЗНАВ О СВОЁМ ДИАГНОЗЕ И ЗАПЛАКАЛА.22:58ХОТЕЛА НАЧАТЬ ЖИТЬ ЗАНОВО НО УЗНАВ О СВОЁМ ДИАГНОЗЕ И ЗАПЛАКАЛА.
ХОТЕЛА НАЧАТЬ ЖИТЬ ЗАНОВО НО УЗНАВ О СВОЁМ ДИАГНОЗЕ И ЗАПЛАКАЛА.ВАСЯ НА СЕНЕ
Просмотров 562 тыс.
НАКЛОНЯЮЩИЙСЯ ПОЛ! КТО ПОСЛЕДНИЙ УПАДЕТ в БАССЕЙН?52:00НАКЛОНЯЮЩИЙСЯ ПОЛ! КТО ПОСЛЕДНИЙ УПАДЕТ в БАССЕЙН?
НАКЛОНЯЮЩИЙСЯ ПОЛ! КТО ПОСЛЕДНИЙ УПАДЕТ в БАССЕЙН?Дюшес
Просмотров 635 тыс.
Детектор лжи: есть ли у меня ПАРЕНЬ? Милана Некрасова13:46Детектор лжи: есть ли у меня ПАРЕНЬ? Милана Некрасова
Детектор лжи: есть ли у меня ПАРЕНЬ? Милана НекрасоваМилана Некрасова
Просмотров 171 тыс.
Mübariz İbrahimovun atası vəfat etdi00:14Mübariz İbrahimovun atası vəfat etdi
Mübariz İbrahimovun atası vəfat etdiİCTİMAİ TV
Просмотров 114 тыс.