Difference between revisions of "IOT Security: Pentesting on IP Cameras"

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search
Line 7: Line 7:
<b>Operating System</b>
<b>Operating System</b>
* Kali Linux 2022.2
* Kali Linux 2022.2
<br>
<b>Hardware</b>
<b>Hardware</b>
* TP-link Kasa Cam Smart Home Camera KC120
* TP-link Kasa Cam Smart Home Camera KC120

Revision as of 09:12, 13 June 2022

Summary

This is a documentation on pentesting (information gathering and vulnerability scans) performed on TP-link Kasa Cam Smart Home Camera KC120, Ezviz CS-C1C and Abus PPIC32020.

Requirements

Operating System

  • Kali Linux 2022.2

Hardware

  • TP-link Kasa Cam Smart Home Camera KC120

Encryption: 128-Bit-AES, WPA/WPA2-PSK
Storage: Amazon Web Services (AWS) Cloud

  • Ezviz CS-C1C

Encryption: 64/128-bit WEP, WPA/WPA2, WPA-PSK/WPA2-PSK
Storage: EZVIZ cloud or/and MicroSD

  • Abus PPIC32020

Encryption: AES 128bit, WPA/WPA2-PSK
Storage: MicroSD


Apps

  • Kasa Smartphone application (IOS or Android)
  • Ezviz Smartphone application (IOS or Android)
  • ABUS App2Cam Plus Smartphone application (IOS or Android)

Description

A penetration test can be divided into several stages:

  • Planning

Working with a costumer to absolutely outline and report evaluation objectives, scope, and policies of engagement.

  • Gathering Information

Collecting and examing key data approximately the software and its infrastructure.

  • Discovering Vulnerabilities

Find current vulnerabilities and identify any potential security weaknesses that could allow an outside attacker to gain access to the environment.

  • Exploitation

The pentester tries to establish a connection with the target and exploit the vulnerabilities found in the previous phase.

  • Reporting

Providing a complete documentation with deep evaluation and suggestions on the way to mitigate the found vulnerabilities.

Planning

You need to set up the camera at home together with your phone app and allow it to connect with the identical WiFi that your smartphone uses. To find out the IP Address of the camera you need to install scanning tools, that can gain access to devices in your subnet.

Scanning

Target Specification 

$sudo nmap 192.168.8.103        Scan a single IP

Enables OS detection, version detection, script scanning, and traceroute 

$sudo nmap -sV -A 192.168.8.103

Scan TCP/UDP Ports 

$sudo nmap 192.168.8.103 -sT    TCP connect port scan (Default without root privilege)
$sudo nmap 192.168.8.103 -sU    UDP port scan

Host Discovery and Port Scan 

$sudo nmap 192.168.8.1/24 -sn         Disable port scanning. Host discovery only.
$sudo nmap 192.168.8.1-254 -Pn        Disable host discovery. Port scan only. (If the host is down)

Port Specification 

$sudo nmap 192.168.8.103 -p-          Port scan all ports

OS Detection 

$sudo nmap 192.168.8.103 -O          Remote OS detection using TCP/IP

Step 2

Used Hardware

References

Retrieved from "https://wiki.elvis.science/index.php?title=IOT_Security:_Pentesting_on_IP_Cameras&oldid=9856"