Finding (and exploiting) vulnerabilities on IP Cameras: the Tenda CP3 case study

Consumer IP cameras are now the most widely adopted solution for remote monitoring in various contexts, such as private homes or small offices. While the security of these devices has been scrutinized, most approaches are limited to relatively shallow network-based analyses. In this paper, we discus...

Full description

Saved in:
Bibliographic Details
Published in:arXiv.org 2024-06
Main Authors: Stabili, Dario, Bocchi, Tobia, Valgimigli, Filip, Marchetti, Mirco
Format: Article
Language:English
Subjects:
Cameras
Remote monitoring
Security
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page
container_issue
container_start_page
container_title arXiv.org
container_volume
creator Stabili, Dario
Bocchi, Tobia
Valgimigli, Filip
Marchetti, Mirco
description Consumer IP cameras are now the most widely adopted solution for remote monitoring in various contexts, such as private homes or small offices. While the security of these devices has been scrutinized, most approaches are limited to relatively shallow network-based analyses. In this paper, we discuss a methodology for the security analysis and identification of remotely exploitable vulnerabilities in IP cameras, which includes static and dynamic analyses of executables extracted from IP camera firmware. Compared to existing methodologies, our approach leverages the context of the target device to focus on the identification of malicious invocation sequences that could lead to exploitable vulnerabilities. We demonstrate the application of our methodology by using the Tenda CP3 IP camera as a case study. We identified five novel CVEs, with CVSS scores ranging from 7.5 to 9.8. To partially automate our analysis, we also developed a custom tool based on Ghidra and rhabdomancer.
format article
fullrecord <record><control><sourceid>proquest</sourceid><recordid>TN_cdi_proquest_journals_3072055140</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3072055140</sourcerecordid><originalsourceid>FETCH-proquest_journals_30720551403</originalsourceid><addsrcrecordid>eNqNirEKwjAURYMgWLT_8MBFh0JMGiuuxaJbh-4lmqgpMa19iejfm8EPcDrcc8-EJIzzTbbLGZuRFLGjlLJtwYTgCakr45RxN1hJp0C_B9sbH_caXsE6PcqzsVFohN7BqYZSPqLEPfi7hkY7JaGsOVwkakAf1GdBpldpUac_zsmyOjTlMRvG_hk0-rbrw-ji1XJaMCrEJqf8v-oLvEo9dw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>3072055140</pqid></control><display><type>article</type><title>Finding (and exploiting) vulnerabilities on IP Cameras: the Tenda CP3 case study</title><source>Publicly Available Content Database</source><creator>Stabili, Dario ; Bocchi, Tobia ; Valgimigli, Filip ; Marchetti, Mirco</creator><creatorcontrib>Stabili, Dario ; Bocchi, Tobia ; Valgimigli, Filip ; Marchetti, Mirco</creatorcontrib><description>Consumer IP cameras are now the most widely adopted solution for remote monitoring in various contexts, such as private homes or small offices. While the security of these devices has been scrutinized, most approaches are limited to relatively shallow network-based analyses. In this paper, we discuss a methodology for the security analysis and identification of remotely exploitable vulnerabilities in IP cameras, which includes static and dynamic analyses of executables extracted from IP camera firmware. Compared to existing methodologies, our approach leverages the context of the target device to focus on the identification of malicious invocation sequences that could lead to exploitable vulnerabilities. We demonstrate the application of our methodology by using the Tenda CP3 IP camera as a case study. We identified five novel CVEs, with CVSS scores ranging from 7.5 to 9.8. To partially automate our analysis, we also developed a custom tool based on Ghidra and rhabdomancer.</description><identifier>EISSN: 2331-8422</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Cameras ; Remote monitoring ; Security</subject><ispartof>arXiv.org, 2024-06</ispartof><rights>2024. This work is published under http://creativecommons.org/licenses/by-nc-nd/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.proquest.com/docview/3072055140?pq-origsite=primo$$EHTML$$P50$$Gproquest$$Hfree_for_read</linktohtml><link.rule.ids>780,784,25753,37012,44590</link.rule.ids></links><search><creatorcontrib>Stabili, Dario</creatorcontrib><creatorcontrib>Bocchi, Tobia</creatorcontrib><creatorcontrib>Valgimigli, Filip</creatorcontrib><creatorcontrib>Marchetti, Mirco</creatorcontrib><title>Finding (and exploiting) vulnerabilities on IP Cameras: the Tenda CP3 case study</title><title>arXiv.org</title><description>Consumer IP cameras are now the most widely adopted solution for remote monitoring in various contexts, such as private homes or small offices. While the security of these devices has been scrutinized, most approaches are limited to relatively shallow network-based analyses. In this paper, we discuss a methodology for the security analysis and identification of remotely exploitable vulnerabilities in IP cameras, which includes static and dynamic analyses of executables extracted from IP camera firmware. Compared to existing methodologies, our approach leverages the context of the target device to focus on the identification of malicious invocation sequences that could lead to exploitable vulnerabilities. We demonstrate the application of our methodology by using the Tenda CP3 IP camera as a case study. We identified five novel CVEs, with CVSS scores ranging from 7.5 to 9.8. To partially automate our analysis, we also developed a custom tool based on Ghidra and rhabdomancer.</description><subject>Cameras</subject><subject>Remote monitoring</subject><subject>Security</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>PIMPY</sourceid><recordid>eNqNirEKwjAURYMgWLT_8MBFh0JMGiuuxaJbh-4lmqgpMa19iejfm8EPcDrcc8-EJIzzTbbLGZuRFLGjlLJtwYTgCakr45RxN1hJp0C_B9sbH_caXsE6PcqzsVFohN7BqYZSPqLEPfi7hkY7JaGsOVwkakAf1GdBpldpUac_zsmyOjTlMRvG_hk0-rbrw-ji1XJaMCrEJqf8v-oLvEo9dw</recordid><startdate>20240624</startdate><enddate>20240624</enddate><creator>Stabili, Dario</creator><creator>Bocchi, Tobia</creator><creator>Valgimigli, Filip</creator><creator>Marchetti, Mirco</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope></search><sort><creationdate>20240624</creationdate><title>Finding (and exploiting) vulnerabilities on IP Cameras: the Tenda CP3 case study</title><author>Stabili, Dario ; Bocchi, Tobia ; Valgimigli, Filip ; Marchetti, Mirco</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-proquest_journals_30720551403</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Cameras</topic><topic>Remote monitoring</topic><topic>Security</topic><toplevel>online_resources</toplevel><creatorcontrib>Stabili, Dario</creatorcontrib><creatorcontrib>Bocchi, Tobia</creatorcontrib><creatorcontrib>Valgimigli, Filip</creatorcontrib><creatorcontrib>Marchetti, Mirco</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science &amp; Engineering Collection</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central</collection><collection>ProQuest Central Essentials</collection><collection>AUTh Library subscriptions: ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering collection</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Stabili, Dario</au><au>Bocchi, Tobia</au><au>Valgimigli, Filip</au><au>Marchetti, Mirco</au><format>book</format><genre>document</genre><ristype>GEN</ristype><atitle>Finding (and exploiting) vulnerabilities on IP Cameras: the Tenda CP3 case study</atitle><jtitle>arXiv.org</jtitle><date>2024-06-24</date><risdate>2024</risdate><eissn>2331-8422</eissn><abstract>Consumer IP cameras are now the most widely adopted solution for remote monitoring in various contexts, such as private homes or small offices. While the security of these devices has been scrutinized, most approaches are limited to relatively shallow network-based analyses. In this paper, we discuss a methodology for the security analysis and identification of remotely exploitable vulnerabilities in IP cameras, which includes static and dynamic analyses of executables extracted from IP camera firmware. Compared to existing methodologies, our approach leverages the context of the target device to focus on the identification of malicious invocation sequences that could lead to exploitable vulnerabilities. We demonstrate the application of our methodology by using the Tenda CP3 IP camera as a case study. We identified five novel CVEs, with CVSS scores ranging from 7.5 to 9.8. To partially automate our analysis, we also developed a custom tool based on Ghidra and rhabdomancer.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier EISSN: 2331-8422
ispartof arXiv.org, 2024-06
issn 2331-8422
language eng
recordid cdi_proquest_journals_3072055140
source Publicly Available Content Database
subjects Cameras
Remote monitoring
Security
title Finding (and exploiting) vulnerabilities on IP Cameras: the Tenda CP3 case study
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-27T09%3A07%3A16IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=document&rft.atitle=Finding%20(and%20exploiting)%20vulnerabilities%20on%20IP%20Cameras:%20the%20Tenda%20CP3%20case%20study&rft.jtitle=arXiv.org&rft.au=Stabili,%20Dario&rft.date=2024-06-24&rft.eissn=2331-8422&rft_id=info:doi/&rft_dat=%3Cproquest%3E3072055140%3C/proquest%3E%3Cgrp_id%3Ecdi_FETCH-proquest_journals_30720551403%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=3072055140&rft_id=info:pmid/&rfr_iscdi=true