back to article Surveillance camera hack swaps live feed with spoof video

Corporate teleconferences and other sensitive video feeds traveling over internet are a lot more vulnerable to interception thanks to the release of free software tools that offer penetration testers and attackers a point-and-click interface. At the Defcon hacker conference in Las Vegas, the Viper Lab researchers demonstrated …

COMMENTS

This topic is closed for new posts.
  1. jake Silver badge

    Nothing new.

    We've been doing this since the days of the analog telco switching system. Look up "drop & insert".

    We were doing the same thing in the mid '80s when testing Cisco gear and other peripheral T-carrier hardware that allowed mixed voice & data (early fractional T1 equipment sometimes could read the entire T1 signal if the telco set things up (im)properly, leading to obvious security headaches). Granted, we had to have access to the physical media, but ... oh. Never mind.

  2. Anonymous Coward
    Anonymous Coward

    Maintain capability my ass

    But dude, we were told in all honesty by the man from GCHQ that it was IMPOSSIBLE to intercept the internet and that was why they needed mass surveillance of every connection without warrants or due process.

    "Maintain capability" was the sound-bite he used.

    Now you're telling us that you don't even need control of the router like the ISP has to intercept calls? How can that be?????!!!??

    Surely the head of GCHQ wouldn't lie to us? He's a man of such integrity that they propose giving him unmoderated surveillance power, so he must be some sort of super honest hero type and you must be Darth Laden or something trying to turn us against these heros who want to watch over us...

  3. Anonymous Coward
    Black Helicopters

    So...

    So that's good news for these people:

    http://www.express.co.uk/posts/view/115736/Sin-bins-for-worst-families

    Where's the CCTV icon?

  4. Tom Rowan
    Thumb Up

    Useful.

    Must have this to hand the next time I take a Pearson Vue or Prometric exam... ahem.

    It reminds me of Kevin Bacon in Hollow Man.

  5. Anonymous Coward
    Boffin

    Cool

    But its just an ARP poisoner with some basic video tools slapped on. The real vulnerability here has been around a long time, this is just an old flaw wrapped in a snazy new UI.

    Anyone who has access to your local network can do the same thing with emails, web transactions, or whatever. In fact, I think some hackers recently did the same thing to steal credit card numbers.

  6. Ken Hagan Gold badge

    pwn?

    "We basically pwn the phone."

    That's quoted as direct speech in the original article. Call me naive, but I thought that neologism was strictly a keyboard phenomenon. How did the speaker pronounce "pwn"?

  7. Anonymous Coward
    Grenade

    Was wondering...

    How much trouble I'll get in if/when I play with this app on our corporate network....

  8. Steve Roper
    Go

    @Kevin Hagan

    People pronounce "pwn" differently depending on where you come from. I (and most of my friends) in Australia pronounce it as "poon" with a short "oo" as in "book"; a brief plosive sound. I've also heard it pronounced as "pun", "pown" - "own" with a p tacked onto it, "pawn" as in the chess piece, and "poon" with a longer "oo" as in "soon". The past tense, "pwnt", is pronounced by simply tacking a t onto the end of however you pronounce it. There are several audio examples on urbandictionary.com as well if you look it up. So go and practice saying this nice little vowel-less word, and do your part in the destruction of the English language! :)

  9. Peter2 Silver badge
    Black Helicopters

    Re "Maintain capability my ass" from AC; 09:02 GMT

    You can't "intercept the internet" without comprehensive coverage, and the only practical way of doing this is via the ISP. I know it went right over your head, but tapping into "the internet" by intercepting a cable would only allow you to read traffic over that cable.

    What GHCQ want to do is cover every cable by monitoring them at the ISP, ok?

    The reason they can intercept telephone calls here is because they have access to the network. If you'd read it properly, you would have seen this in the story "Obviously, the tool requires physical access to the network being targeted"

    If the government had physical access to your network, then they would be able to do it as well. However it's simpler, faster and cheaper to put boxes in the ISP's than put one in every single network in the country.

    I do hope your one of the 20% of visitors here that's not actually working in IT.

  10. TeeCee Gold badge
    FAIL

    @Ken Hagan

    "........I thought that neologism was strictly a keyboard phenomenon."

    Really? Exactly what are the 6th century words for "Blunderbuss", "Calculus" and "Turbine" then? All around before there was a keyboard to invent them on.....

  11. Peter Gathercole Silver badge
    Alert

    Old, old, old.

    ARP spoofing has been around as long as ARP and IP has been in use, i.e. a long time. Using it for VoIP and Video-over LAN is new, but merely a new application of an old technique.

    Unfortunately, gratuitous ARP is too useful in device failover scenarios for it to be removed from the standard for all devices. The answer is to make sure that nobody has unauthorised access to the LAN, and of course when we say LAN here, we are talking about the routed segment that runs the same subnet as one of the end-point systems. This is why the technique is not applicable to the Internet as a whole.

  12. hugo tyson
    Badgers

    *that* neologism @TeeCee

    Ah, the absence of decent operator precedence rules in natural language...

    I think he meant (I thought (that neologism) was a keyboard phenomenon)

    rather than (I (thought that) ([all] neologism) was a ...)

    SWIM?

  13. Grease Monkey Silver badge

    Encryption?

    I'm assuming it would be pretty difficult to do this if the video feed was encrypted. And what sort of moron would send security critical video without encrypting it, expecially across a public network?

    Given that then what we have here is yet another case where the vulnerability only exists if you don't do things properly. A lot of supposed vulnerarbilities seem to me to be somewhat like claiming a particular model of car is vulnerable to theft if you leave the keys in the ignition.

  14. Ross 7

    Eh?! Is it 1990 again?

    First things first - networks ain't my thing.

    So, that said, I thought ARP poisoning went out with hubs and perms? So that would require the box to be plugged into the same network segment as the camera (somewhat more difficult than just binding to the network at any given point).

    It's a nice excercise, but hardly ground breaking or particularly worrisome. If people are in your roof space patching your cables then your CCTV isn't top of your "oh dear Lord" list. It just proves the old point about physical security (notably that if you ain;t got it you ain't got *any* security) Nice party trick all the same.

    It'd be nice to see a remote exploit of it - now that would have value...

  15. Anonymous Coward
    Flame

    @Peter2

    > "You can't "intercept the internet" without comprehensive coverage, and the only practical way of doing this is via the ISP. I know it went right over your head, but tapping into "the internet" by intercepting a cable would only allow you to read traffic over that cable."

    Because, you know, the Chinese equipment UK ISP's install for normal control of their networks is not as capable as the same Chinese equipment US ISP's install for normal control, that the FBI use all the time to intercept VoIP calls, [encrypted] video, emails, etc. all day long... just as soon as there is a legal warrant for the particular person involved, and the ISP routes that traffic through the specified box(es) at the monitoring center...

    > "What GHCQ want to do is cover every cable by monitoring them at the ISP, ok?"

    Just like the US does now, with the normal equipment already installed. The US just has to have a warrant, just like the UK does now. The GHCQ just want to be able to do this without having to deal with warrants or judges or "probably cause".

    > "The reason they can intercept telephone calls here is because they have access to the network. If you'd read it properly, you would have seen this in the story "Obviously, the tool requires physical access to the network being targeted""

    You know, like, physically plugging a cable into the Internet... hmmm... If the ISP is able to "intercept" it, then they can route/copy packets to the authorized, legal monitoring center when there is a warrant.

    > "If the government had physical access to your network, then they would be able to do it as well. However it's simpler, faster and cheaper to put boxes in the ISP's than put one in every single network in the country."

    Yeah, put the boxes in the ISP, to bypass the current capability to route this traffic based upon the ISP's subscription information for the person listed on the duly requested and judge approved warrant. After all, warrants and judicial review are so pesky, aren't they? And, its not like the ISP would know which IP address was which address or person at any particular time of day (disregarding time zones, eh)? Oh, what's that?...

    > "I do hope your one of the 20% of visitors here that's not actually working in IT."

    It is obvious you do not work in governmental oversight... I mean, security, IT. If you do, then this is disingenious to even the non-IT readership here. Sorry, but I do. I know current systems have to do this, because its _my_ job if it _doesn't_ do it.

    Anonymous - "I could tell you, but then I'd have to..." That's a quote, not a threat, so no option for you to sue or file complaint, sorry. Sorry, there's someone at the door. I am so used to the stomping of jack boots in unison, it no longer is worth getting excited about anymore. But, I know they like my coffee... :)

  16. Big Al
    Big Brother

    Icon call!

    AC asked: "Where's the CCTV icon?"

    <--- that would be the Big Brother icon...

This topic is closed for new posts.

Other stories you might like