Description: Daniel Mende and Pascal Turbing
Almost every recent higher class DSLR camera features multiple and complex access technologies. For example, CANON's new flagship features IP connectivity both wired via 802.3 and wireless via 802.11. All big vendors are pushing these features to the market and advertise them as realtime image transfer to the cloud. We have taken a look at the layer 2 and 3 implementations in the CamOS and the services running upon those. Not only did we discover weak plaintext protocols used in the communication, we've also been able to gain complete control of the camera, including modification of camera settings, file transfer and image live stream. So in the end the "upload to the clouds" feature resulted in an image stealing Man-in-the-Imageflow. We will present the results of our research on cutting edge cameras, exploit the weaknesses in a live demo and release a tool after the presentation.
Daniel Mende is a German security researcher specialized on network protocols and technologies. He's well known for his Layer2 extensions of the SPIKE and Sulley fuzzing frameworks and has presented on protocol security at many occasions including Troopers, Blackhat, CCC, IT Underground and ShmooCon. Usually he releases a new tool when giving a talk.
Pascal Turbing is a network geek, auditor and penetration tester who loves to explore network devices, protocols, applications and to break flawed ones.
For more information, please visit : - https://www.shmoocon.org/
Tags: securitytube , hacking , hackers , information security , convention , computer security , shmoocon13 , shmoocon-2013 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.