神刀安全网

Tearing Down an IP Camera

So you bring home a shiny new gadget. You plug it into your network, turn it on, and it does… well, whatever it wants. Hopefully, it does what you expect and no more, but there is no guarantee: it could be sending your network traffic to the NSA, MI5 or just the highest bidder. [Jelmer] decided to find out what a new IP camera did, and how easy it was to find out by taking a good poke around inside .

In his write-up of this teardown, he describes how he used Wireshark to see who the camera was talking to over the Interwebs, and how he was able to get root access to the device itself (spoilers: the root password was 1234546). He did this by using the serial interface of the Ralink RT3050 that is the brains of the camera to get in, which provided a nice console when he asked politely. A bit of poking around found the password file, which was all too easily decrypted with John the ripper .

This is basic stuff, but if you’ve never opened up an embedded Linux device and gotten root on it, you absolutely should. And now you’ve got a nicely written lesson in how to do it. Go poke around inside the things you own!

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » Tearing Down an IP Camera

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
分享按钮