Consumer IP cameras are now the most widely adopted solution for remote monitoring in various contexts, such as private homes or small offices. While the security of these devices has been scrutinized, most approaches are limited to relatively shallow network-based analyses. In this paper, we discuss a methodology for the security analysis and identification of remotely exploitable vulnerabilities in IP cameras, which includes static and dynamic analyses of executables extracted from IP camera firmware. Compared to existing methodologies, our approach leverages the context of the target device to focus on the identification of malicious invocation sequences that could lead to exploitable vulnerabilities. We demonstrate the application of our methodology by using the Tenda CP3 IP camera as a case study. We identified five novel CVEs, with CVSS scores ranging from 7.5 to 9.8. To partially automate our analysis, we also developed a custom tool based on Ghidra and rhabdo-mancer.

Finding (and Exploiting) Vulnerabilities on IP Cameras: The Tenda CP3 Case Study / Stabili, D.; Bocchi, T.; Valgimigli, F.; Marchetti, M.. - 14977 LNCS:(2024), pp. 195-210. (Intervento presentato al convegno 19th International Workshop on Security, IWSEC 2024 tenutosi a Kyoto, Japan nel September 17–19, 2024) [10.1007/978-981-97-7737-2_11].

Finding (and Exploiting) Vulnerabilities on IP Cameras: The Tenda CP3 Case Study

Stabili D.
;Valgimigli F.;Marchetti M.
2024

Abstract

Consumer IP cameras are now the most widely adopted solution for remote monitoring in various contexts, such as private homes or small offices. While the security of these devices has been scrutinized, most approaches are limited to relatively shallow network-based analyses. In this paper, we discuss a methodology for the security analysis and identification of remotely exploitable vulnerabilities in IP cameras, which includes static and dynamic analyses of executables extracted from IP camera firmware. Compared to existing methodologies, our approach leverages the context of the target device to focus on the identification of malicious invocation sequences that could lead to exploitable vulnerabilities. We demonstrate the application of our methodology by using the Tenda CP3 IP camera as a case study. We identified five novel CVEs, with CVSS scores ranging from 7.5 to 9.8. To partially automate our analysis, we also developed a custom tool based on Ghidra and rhabdo-mancer.
2024
19th International Workshop on Security, IWSEC 2024
Kyoto, Japan
September 17–19, 2024
WOS:001333120500011
2-s2.0-85205123260
14977 LNCS
195
210
Stabili, D.; Bocchi, T.; Valgimigli, F.; Marchetti, M.
Finding (and Exploiting) Vulnerabilities on IP Cameras: The Tenda CP3 Case Study / Stabili, D.; Bocchi, T.; Valgimigli, F.; Marchetti, M.. - 14977 LNCS:(2024), pp. 195-210. (Intervento presentato al convegno 19th International Workshop on Security, IWSEC 2024 tenutosi a Kyoto, Japan nel September 17–19, 2024) [10.1007/978-981-97-7737-2_11].
File in questo prodotto:
File Dimensione Formato  
2406.15103v2.pdf

Open access

Tipologia: AAM - Versione dell'autore revisionata e accettata per la pubblicazione
Dimensione 5.37 MB
Formato Adobe PDF
Visualizza/Apri
5.37 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

Licenza Creative Commons
I metadati presenti in IRIS UNIMORE sono rilasciati con licenza Creative Commons CC0 1.0 Universal, mentre i file delle pubblicazioni sono rilasciati con licenza Attribuzione 4.0 Internazionale (CC BY 4.0), salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11380/1372231
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 0
social impact