Skip to main content
Springer Nature Link
Log in

Finding (and Exploiting) Vulnerabilities on IP Cameras: The Tenda CP3 Case Study

  • Conference paper
  • First Online:
Advances in Information and Computer Security (IWSEC 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14977))

Included in the following conference series:

  • 284 Accesses

Abstract

Consumer IP cameras are now the most widely adopted solution for remote monitoring in various contexts, such as private homes or small offices. While the security of these devices has been scrutinized, most approaches are limited to relatively shallow network-based analyses. In this paper, we discuss a methodology for the security analysis and identification of remotely exploitable vulnerabilities in IP cameras, which includes static and dynamic analyses of executables extracted from IP camera firmware. Compared to existing methodologies, our approach leverages the context of the target device to focus on the identification of malicious invocation sequences that could lead to exploitable vulnerabilities. We demonstrate the application of our methodology by using the Tenda CP3 IP camera as a case study. We identified five novel CVEs, with CVSS scores ranging from 7.5 to 9.8. To partially automate our analysis, we also developed a custom tool based on Ghidra and rhabdomancer.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Chapter © 2019

References

  1. Abdalla, P.A., Varol, C.: Testing IoT security: the case study of an IP camera. In: 2020 8th International Symposium on Digital Forensics and Security (ISDFS), pp. 1–5 (2020). https://doi.org/10.1109/ISDFS49300.2020.9116392

  2. ACES - Automotive, Cyber-Physical, Embedded and Security research laboratory. IWSec 2024 - Scripts and materials. https://github.com/SECloudUNIMORE/ACES/tree/master/IWSec2024. Accessed April 2024

  3. Bathich, P., Malli, M., Hazimeh, H.: Exploiting vulnerabilities of IP cameras: lebanon case study. In: 2021 9th International Symposium on Digital Forensics and Security (ISDFS), pp. 1–6 (2021). https://doi.org/10.1109/ISDFS52919.2021.9486324

  4. Biondi, P., Bognanni, S., Bella, G.: Vulnerability assessment and penetration testing on IP camera. In: 2021 8th International Conference on Internet of Things: Systems, Management and Security (IOTSMS), pp. 1–8 (2021). https://doi.org/10.1109/IOTSMS53705.2021.9704890

  5. COAP: COnstrained Application Procotol. https://datatracker.ietf.org/doc/html/rfc7252. Accessed March 2024

  6. craigz28: Firmwalker. https://github.com/craigz28/firmwalker. Accessed April 2024

  7. Federal Communications Commission: FCC ID Search. https://fccid.io/. Accessed March 2024

  8. Flashrom: Flashrom. https://flashrom.org/. Accessed March 2024

  9. Fyodor: NMAP - Network Mapper. https://nmap.org/. Accessed April 2024

  10. Kalbo, N., Mirsky, Y., Shabtai, A., Elovici, Y.: The security of IP-based video surveillance systems. Sensors 20(17) (2020). https://doi.org/10.3390/s20174806, https://www.mdpi.com/1424-8220/20/17/4806

  11. Li, J., Li, Z., Tyson, G., Xie, G.: Your privilege gives your privacy away: an analysis of a home security camera service. In: IEEE INFOCOM 2020 - IEEE Conference on Computer Communications, pp. 387–396 (2020). https://doi.org/10.1109/INFOCOM41043.2020.9155516

  12. Li, Y., Mandalari, A.M., Straw, I.: Who let the smart toaster hack the house? An investigation into the security vulnerabilities of consumer IoT devices (2023)

    Google Scholar 

  13. Marco Ivaldi: Rhabdomancer. https://github.com/0xdea/ghidra-scripts/blob/main/Rhabdomancer.java. Accessed April 2024

  14. National Security Agency: Ghidra SRE. https://ghidra-sre.org/. Accessed April 2024

  15. ONVIF: Open Network Video Interface Forum. https://www.onvif.org/. Accessed April 2024

  16. Shwartz, O., Mathov, Y., Bohadana, M., Elovici, Y., Oren, Y.: Opening Pandora’s box: effective techniques for reverse engineering IoT devices. In: Eisenbarth, T., Teglia, Y. (eds.) CARDIS 2017. LNCS, vol. 10728, pp. 1–21. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-75208-2_1

    Chapter  Google Scholar 

Download references

Acknowledgments

This work was partially supported by project SERICS (PE00000014) under the MUR National Recovery and Resilience Plan funded by the European Union - NextGenerationEU.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Alma Mater Studiorum - University of Bologna, Bologna, Italy

    Dario Stabili

  2. Department of Engineering “Enzo Ferrari”, University of Modena and Reggio Emilia, Modena, Italy

    Tobia Bocchi, Filip Valgimigli & Mirco Marchetti

Authors
  1. Dario Stabili
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tobia Bocchi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Filip Valgimigli
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mirco Marchetti
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dario Stabili .

Editor information

Editors and Affiliations

  1. NEC and Yokohama National University, Kawasaki, Japan

    Kazuhiko Minematsu

  2. National Defense Academy, Yokosuka, Japan

    Mamoru Mimura

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Stabili, D., Bocchi, T., Valgimigli, F., Marchetti, M. (2024). Finding (and Exploiting) Vulnerabilities on IP Cameras: The Tenda CP3 Case Study. In: Minematsu, K., Mimura, M. (eds) Advances in Information and Computer Security. IWSEC 2024. Lecture Notes in Computer Science, vol 14977. Springer, Singapore. https://doi.org/10.1007/978-981-97-7737-2_11

Download citation

  • DOI: https://doi.org/10.1007/978-981-97-7737-2_11

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-97-7736-5

  • Online ISBN: 978-981-97-7737-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics