Difference between revisions of "IOT Security: Pentesting on IP Cameras"
Line 7: | Line 7: | ||
<b>Operating System</b> | <b>Operating System</b> | ||
* Operating system: Kali Linux 2022.2 | * Operating system: Kali Linux 2022.2 | ||
<br> | |||
<b>Hardware</b> | <b>Hardware</b> | ||
* TP-link Kasa Cam Smart Home Camera KC120 | * TP-link Kasa Cam Smart Home Camera KC120 | ||
Encryption: 128-Bit-AES, WPA/WPA2-PSK | Encryption: 128-Bit-AES, WPA/WPA2-PSK | ||
<br> | <br> Storage: Amazon Web Services (AWS) Cloud | ||
Storage: Amazon Web Services (AWS) Cloud | |||
* Ezviz CS-C1C | * Ezviz CS-C1C | ||
Encryption: 64/128-bit WEP, WPA/WPA2, WPA-PSK/WPA2-PSK. | Encryption: 64/128-bit WEP, WPA/WPA2, WPA-PSK/WPA2-PSK. | ||
<br> | |||
Storage: EZVIZ cloud or/and MicroSD | Storage: EZVIZ cloud or/and MicroSD | ||
* Abus PPIC32020 | * Abus PPIC32020 | ||
Encryption: AES 128bit, WPA/WPA2-PSK | Encryption: AES 128bit, WPA/WPA2-PSK | ||
<br> | |||
Storage: SD card | Storage: SD card | ||
<br> | |||
<b>Apps</b> | <b>Apps</b> | ||
* Kasa Smartphone application (IOS or Android) | * Kasa Smartphone application (IOS or Android) |
Revision as of 19:58, 12 June 2022
Summary
This is a documentation on pentesting (information gathering and vulnerability scans) performed on TP-link Kasa Cam Smart Home Camera KC120, Ezviz CS-C1C and Abus PPIC32020.
Requirements
Operating System
- Operating system: Kali Linux 2022.2
Hardware
- TP-link Kasa Cam Smart Home Camera KC120
Encryption: 128-Bit-AES, WPA/WPA2-PSK
Storage: Amazon Web Services (AWS) Cloud
- Ezviz CS-C1C
Encryption: 64/128-bit WEP, WPA/WPA2, WPA-PSK/WPA2-PSK.
Storage: EZVIZ cloud or/and MicroSD
- Abus PPIC32020
Encryption: AES 128bit, WPA/WPA2-PSK
Storage: SD card
Apps
- Kasa Smartphone application (IOS or Android)
- Ezviz Smartphone application (IOS or Android)
- ABUS App2Cam Plus Smartphone application (IOS or Android)
Description
A penetration test can be divided into several stages:
- Planning
Working with a costumer to absolutely outline and report evaluation objectives, scope, and policies of engagement.
- Gathering Information
Collecting and examing key data approximately the software and its infrastructure.
- Discovering Vulnerabilities
Find current vulnerabilities and identify any potential security weaknesses that could allow an outside attacker to gain access to the environment.
- Exploitation
The pentester tries to establish a connection with the target and exploit the vulnerabilities found in the previous phase.
- Reporting
Providing a complete file with deep evaluation and suggestions on the way to mitigate the found vulnerabilities.
Planning
You need to set up the camera at home together with your phone app and allow it to connect with the identical WiFi that your smartphone uses. To find out the IP Address of the camera you need to install scanning tools, that can gain access to devices in your subnet.
Step 1
Enter these commands in the shell
$sudo nmap -O 192.168.8.103