Nowadays, people buy SoHo IP cameras and install them at home, at the office and at shops to feel safer.
Our research, covering six brands and 28 different models of SoHo IP surveillance cameras in which we have discovered almost 20 vulnerabilities will show that, far from increasing security, this kind of devices may become an enemy of their owners.
In our talk we are going to present the lessons learned during our research activities detailing ways to identify IP cameras on local and public networks, how to gain remote full access to the web interface by exploiting different types of vulnerabilities identified during the research (including manufacturer's backdoor accounts, command injection, authentication bypass, etc.), how to backdoor a firmware to conduct further attacks through compromised cameras, and even how to hijack the live video stream the camera is broadcasting.
Also, during the presentation we will show some demos.