Home > Articles > Security > Network Security

Owning the Wireless Camera (and Its User)

  • Print
  • + Share This
  • 💬 Discuss
In the second part of his series on camera security, security expert Seth Fogie examines the web interface of the AXIS 207W network camera to see what, if any, vulnerabilities might be lurking within the camera itself.
(b)Owning the Camera (and its user) - Title Page

In Part One of this series, we examined the issues related to using a wireless camera for surveillance. In short, we found that you can knock the camera offline several ways, sniff the images being passed over the airwaves if the network is unencrypted, and spoof the web interface of the camera using a man-in-the-middle attack.

While these issues are all serious, it was during this research that we started to examine the web interface of our AXIS 207W network camera to see what, if any, vulnerabilities might be lurking within the camera itself. The following details the results of our security review of this camera.

The AXIS 207W

AXIS has long been in the IP camera field and has numerous offerings. One of these is the AXIS 207W, a wireless IP camera you can set up anywhere there is a wireless network. The website states the following about the camera:

This entry-level network camera is ideal for securing small businesses, home offices and residences over a local area network or the Internet. The built-in microphone enables remote users to not only view, but also listen in on an area and increase the monitoring options.

One of the key features of the camera is that it is built on BusyBox, a popular flavor of Linux found in embedded devices. As a result, the camera contains a Bourne shell-compatible script interpreter program, which means the 207W can be programmed to do many things that are normally outside the scope of an IP camera. For example, people have set up the camera to upload pictures to remote servers if an alarm event is triggered. However, giving the user such power also means a successful attacker can have such power and then leverage the camera against the network, as you will see later in this article.

  • + Share This
  • 🔖 Save To Your Account

Discussions

comments powered by Disqus

Related Resources

There are currently no related titles. Please check back later.