当前位置:首页 > 报告详情

彻底改变摄像头监控的视角.pdf

上传人: 竿*** 编号:981906 2025-11-29 68页 4.63MB

1、Turning Camera Surveillance on its AxisNoam Moshe Claroty Research,Claroty Team82$whoamiNoam MosheVulnerability researcher&Team Lead at Claroty Team82-mostly breaking IoT clouds.Master of Pwn Pwn2Own ICS 2023.I want to hack Big Company Inc.But how?Searched for exposed services Found an interesting s

2、ervice What is axis.remoting protocol?Axis Cameras IP Camera OS is Axis OS(Custom Linux)Download firmware from Axis website Managed via web interfaceConfiguration,camera feed.Most companies have more than 1 cameraAxis Camera Station/Device Manager Manages Axis cameras Discovery,config,firmwaresAxis

3、Camera StationAxis Camera Station/Device Manager Live feed view and video recording Axis Camera StationHow its used Axis Secure Remote Access(not Axis.Remoting)Pro:Does not require exposing services to the internetCon:pay-per-traffic-can be expensive On-Prem installation(uses Axis.Remoting)Pro:Free

4、to useCon:Need to expose services to the internetOn-Prem vs.Cloud versionsAxis Camera Station Tons of orgs choose on-premConnect to their servers remotely To stay secure-Axis implemented secure protocolFully encrypted and authenticated binary protocolWhat about remote access?Axis Camera StationOn-Pr

5、em ConnectionWANAxis Camera Station ClientsBig Company Inc.On-Prem ConnectionWANBig Company Inc.Axis Camera Station ClientsAttackerOn-Prem ConnectionWANBig Company Inc.Axis Camera Station ClientsAttackerServer controls cameras6,000+servers around the world!WANGov AgencyAttackerUniversityBig Company

6、Inc.Lets Deep Dive!Axis Camera Station/Device Manager Windows.NET applicationsClient and server Uses Axis.Remoting protocolWrapped in mTLS Requires authenticationWindows Host/Domain CredentialsLets Unwrap the protocol!MiTM the Connection with mTLSMiTMAxis Camera StationAxis Camera Station Clients Us

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,以下是全文关键点的概括: 1. **Axis Camera Station 协议分析**:文章深入分析了Axis Camera Station的Axis.Remoting协议,发现其存在安全漏洞,包括参数反序列化漏洞(CVE-2025-30023)和NTLMSSP认证漏洞(CVE-2025-30024)。 2. **攻击方法**:攻击者可以通过中间人攻击(MiTM)来拦截连接,利用NTLMSSP漏洞进行认证,然后注入反序列化攻击载荷,最终在服务器上执行代码。 3. **远程访问与漏洞利用**:文章讨论了Axis Camera Station的远程访问机制,包括On-Prem和Cloud版本,并展示了如何利用HTTP协议中的漏洞进行预认证远程代码执行(RCE)。 4. **暴露设备**:通过互联网扫描服务(如Shodan和Censys)发现约6,500个暴露的设备,其中约4,000个位于美国。 5. **漏洞修复**:作者报告了所有这些漏洞给Axis Solutions,该公司迅速响应并修复了所有漏洞。 6. **Axis Solutions 的响应**:作者赞扬了Axis Solutions的专业性和快速响应,表示他们在10分钟内收到了回复,并积极修复了所有问题。
"Axis协议漏洞揭秘" "如何攻破Axis摄像头?" "揭秘Axis Remoting协议风险"
客服
商务合作
小程序
服务号
折叠