Saved in:
Bibliographic Details
Main Authors: Stabili, Dario, Bocchi, Tobia, Valgimigli, Filip, Marchetti, Mirco
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2406.15103
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866908760604147712
author Stabili, Dario
Bocchi, Tobia
Valgimigli, Filip
Marchetti, Mirco
author_facet Stabili, Dario
Bocchi, Tobia
Valgimigli, Filip
Marchetti, Mirco
contents Consumer IP cameras are now the most widely adopted solution for remote monitoring in various contexts, such as private homes or small offices. While the security of these devices has been scrutinized, most approaches are limited to relatively shallow network-based analyses. In this paper, we discuss a methodology for the security analysis and identification of remotely exploitable vulnerabilities in IP cameras, which includes static and dynamic analyses of executables extracted from IP camera firmware. Compared to existing methodologies, our approach leverages the context of the target device to focus on the identification of malicious invocation sequences that could lead to exploitable vulnerabilities. We demonstrate the application of our methodology by using the Tenda CP3 IP camera as a case study. We identified five novel CVEs, with CVSS scores ranging from 7.5 to 9.8. To partially automate our analysis, we also developed a custom tool based on Ghidra and rhabdomancer.
format Preprint
id arxiv_https___arxiv_org_abs_2406_15103
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Finding (and exploiting) vulnerabilities on IP Cameras: the Tenda CP3 case study
Stabili, Dario
Bocchi, Tobia
Valgimigli, Filip
Marchetti, Mirco
Cryptography and Security
Consumer IP cameras are now the most widely adopted solution for remote monitoring in various contexts, such as private homes or small offices. While the security of these devices has been scrutinized, most approaches are limited to relatively shallow network-based analyses. In this paper, we discuss a methodology for the security analysis and identification of remotely exploitable vulnerabilities in IP cameras, which includes static and dynamic analyses of executables extracted from IP camera firmware. Compared to existing methodologies, our approach leverages the context of the target device to focus on the identification of malicious invocation sequences that could lead to exploitable vulnerabilities. We demonstrate the application of our methodology by using the Tenda CP3 IP camera as a case study. We identified five novel CVEs, with CVSS scores ranging from 7.5 to 9.8. To partially automate our analysis, we also developed a custom tool based on Ghidra and rhabdomancer.
title Finding (and exploiting) vulnerabilities on IP Cameras: the Tenda CP3 case study
topic Cryptography and Security
url https://arxiv.org/abs/2406.15103