What are the consequences if an adversary compromises the surveillance cameras of thousands of leading Western organizations and companies? In a world of losing trust in Chinese-made IoT devices, there is less variety left for organizations to choose from. This is even more prevalent when it comes to video surveillance and cameras, in which multiple countries around the world have chosen to ban the use of products made by Dahua and Hikvision in government facilities. This question drove our research, leading us to discover that surveillance platforms can be double-edged swords. We researched Axis Communications, one of the dominant vendors in the field of video surveillance and monitoring, heavily adopted by US government agencies, schools and medical facilities and even Fortune 500 companies around the world. In our talk, we will showcase the comprehensive research we've conducted on the Axis.Remoting communication protocol, identifying critical vulnerabilities allowing attackers to gain preauth RCE on Axis platforms, giving attackers a runway into the organization's internal networks through their surveillance infrastructure. In addition, we've identified a novel method to passively exfiltrate information about each organization that uses this equipment, potentially enabling attackers to pinpoint their attack. Noam Moshe | Vulnerability Researcher, Claroty Team82 Presentation Materials Available at: https://ift.tt/I0frAWY
source https://www.youtube.com/watch?v=7J7UgLwrxdQ
-
Germany recalled its ambassador to Russia for a week of consultations in Berlin following an alleged hacker attack on Chancellor Olaf Scho...
-
Android’s May 2024 security update patches 38 vulnerabilities, including a critical bug in the System component. The post Android Update ...
No comments:
Post a Comment