Freyja Burch
Axis dome cameras are a popular choice for surveillance due to their discreet design and advanced features. However, their security has been called into question, with several vulnerabilities discovered in recent years. In 2018, researchers from VDOO found seven vulnerabilities in Axis cameras, three of which could be combined to gain control of the camera without needing login credentials. This discovery highlighted the possibility of cameras being recruited into botnets for broader attacks. In 2022, a cyberattack on Axis Communications disrupted various systems, although no third-party data was compromised. Additionally, in 2021, three vulnerabilities were found in Axis IP camera systems, which could be exploited through social engineering and common hacking methods. While Axis has released patches to address these issues, the incidents raise concerns about the security of their products.
| Characteristics | Values |
|---|---|
| Number of vulnerabilities | 7 |
| Number of critical vulnerabilities | 3 |
| Impacted camera models | Nearly 400 |
| Impacted camera firmware | 6.30.1.3 |
| Impacted camera serial number | ACCC8E74DA9D |
| Default IP address | 192.168.0.90 |
| Vulnerability ID | CVE-2018-10660, CVE-2018-10661, CVE-2018-10662 |
| Attacker capabilities | Access and freeze the video stream, control every function of the camera (e.g. motion detection, direction), and alter the software |
What You'll Learn
Bypass authentication with CVE-2018-10661
To bypass authentication with CVE-2018-10661, you can take advantage of the fact that the module mod_authz_axisgroupfile.so performs the authorization check based on the content of the variable request.filename and completely ignores the variable request.path_info. This means that an attacker can gain access to the request /index.html/technikum.srv because the request is classified as one for the file /usr/html/index.html, which is world-readable and does not require authentication.
To exploit this vulnerability, an attacker can send unauthenticated HTTP requests that reach the .srv functionality. This function handles .srv requests and does not require user credentials. Legitimate requests that reach /bin/ssid's .srv functionality can choose one of several actions by setting the action parameter in the request's query string.
By chaining this vulnerability with CVE-2018-10662, an attacker can fully control the affected camera.
Ejecting the Casio EX-Z1000 Battery: A Step-by-Step Guide
You may want to see also
Gain access without login credentials
Gaining Access to Axis Dome Surveillance Cameras without Login Credentials
Axis dome surveillance cameras are compact cameras with a dome casing that can be used for indoor and outdoor surveillance. While these cameras are designed to be secure, there are ways to gain unauthorized access without login credentials. Here are some methods and techniques that can be used:
Exploiting Vulnerabilities
In 2018, the Israeli startup VDOO discovered seven vulnerabilities in Axis IP cameras, three of which are critical and can be exploited to gain control of the camera without the need for login credentials. These vulnerabilities are identified as CVE-2018–10660, CVE-2018–10661, and CVE-2018–10662. By combining these vulnerabilities, an attacker can bypass the authentication mechanism, gain unauthorized access, and execute arbitrary code with root privileges. This access can be used to fetch the video stream, add the camera to a botnet, or use it as an entry point for lateral movement attacks.
Default Passwords
Axis cameras do not have a default password set by the manufacturer. When the camera is first used or reset, the user is prompted to create an administrator password. However, it is important to note that if the camera is accessed through the VAPIX API before the root password is set, no password is required. This is because the VAPIX protocol assumes that the client application will add proper users and credentials to the device. Therefore, if an attacker gains access to the camera before the initial password setup, they can exploit this to access the camera without any credentials.
Remote Format String Vulnerability
Axis cameras are also vulnerable to a remote format string attack. By exploiting this vulnerability, an attacker can change the root password of the camera, effectively blocking legitimate users. This attack can be performed remotely on publicly accessible cameras or locally by those with physical access to the camera's network. Once the root password is changed, the attacker can easily spy on the video feed and modify camera settings.
Social Engineering and Brute Force Attacks
In addition to technical vulnerabilities, social engineering techniques can be used to gain access to surveillance cameras. This may involve tricking authorized individuals into revealing their login credentials or physically accessing the camera's hardware to extract sensitive information. Brute force attacks, where all possible password combinations are systematically checked, can also be attempted, especially if the camera is protected by a weak or default password.
It is important to note that the methods mentioned above are unethical and illegal. Any attempt to gain unauthorized access to surveillance cameras can have serious legal consequences. This information is provided for educational purposes only, to raise awareness of potential security vulnerabilities and the importance of maintaining secure practices.
Finding the Battery on Your Fujifilm Waterproof Camera
You may want to see also
Use the camera for botnet or network intrusion
Once you have successfully hacked into an Axis dome surveillance camera, you can use the camera for botnet or network intrusion. This can be done by exploiting the vulnerabilities in the camera's software.
The first step is to gain access to the camera by bypassing the authentication mechanism. This can be done by taking advantage of the vulnerability registered as CVE-2018–10661. This vulnerability allows you to access the world-readable file without authentication by making a specific type of request to the camera's web interface.
Once you have access, you can exploit another vulnerability, listed as CVE-2018–10662, which allows you to send any dbus message to the device's bus without restriction. This gives you the ability to change the values of internal parameters and set new values in the configuration file.
By injecting shell commands using the Shell Command Injection vulnerability (CVE-2018–10660), you can gain root privileges and execute any commands you want. From here, you can install malicious features that will enable you to use the camera as an entry point for a lateral movement attack or add it to a botnet.
It is important to note that these vulnerabilities were discovered in 2018 and may have been patched since then. However, the experiment demonstrates that even prestigious vendors like Axis can have software vulnerabilities, and it underscores the importance of actively enabling IT security features and following best practices to protect against such attacks.
Understanding Camera Playback Mode: A Beginner's Guide
You may want to see also
Patch Axis camera firmware
Axis Communications, a manufacturer of network video cameras, has released new firmware that addresses a recently disclosed vulnerability. This vulnerability could allow a remote attacker to take control of the camera without any previous access to the camera or its credentials. Axis has released firmware patches for affected models and recommends that users install them as soon as possible.
To patch your Axis camera's firmware, follow these steps:
- Visit the Axis Support website at https://www.axis.com/support/firmware.
- Find the correct firmware for your specific camera model. Make sure to download the latest version available.
- Download the firmware file to your computer.
- Log in to your Axis camera's web interface. You can usually access this by entering the camera's IP address into a web browser.
- Navigate to the firmware update section of your camera's web interface. This may be located under a "Maintenance" or "System" menu.
- Upload the firmware file you downloaded and follow the on-screen instructions to install the update.
- Wait for the update to complete. Do not turn off the camera or interrupt the update process.
- Once the update is finished, your camera will automatically restart with the new firmware.
It is important to keep your camera's firmware up to date to ensure the best possible security and performance. Regularly check the Axis Support website for new firmware releases and install any updates as soon as they become available. Additionally, consider enabling automatic updates if your camera model supports this feature.
By keeping your Axis camera's firmware patched and up to date, you can help protect your device from potential security threats and ensure its reliable operation.
Flying with Fully Charged Camera Batteries: Safe or Not?
You may want to see also
Use alternative camera brands
Axis Communications is a leading brand in the security industry, offering advanced technology and innovative features for effective and reliable surveillance solutions. Their dome cameras are compact, discreet, and suitable for both indoor and outdoor use. However, if you are considering alternative camera brands, there are several options available that can fulfill your surveillance needs. Here are some of the best alternative brands to Axis Communications:
Bosch
Bosch is a well-known brand in the security camera industry and was ranked as the 4th most popular CCTV brand worldwide, in the United States, and in Europe, according to IPICA ratings for 2021. Bosch security cameras offer similar features to Axis cameras, including basic physical design, software, and performance in various environments. One advantage of Bosch cameras is that their software makes local site setup more straightforward. Additionally, their Flexidome cameras are popular due to their ease of adjustment. Bosch cameras are typically lower in cost compared to Axis products, making them a more affordable alternative without compromising on quality.
Hanwha Techwin
Hanwha Techwin is another top global brand, ranked 8th globally, 2nd in the United States, and 4th in Europe by IPICA. They have worked with Nvidia to develop advanced surveillance solutions and are known for their high-tech security cameras and wisenet software. Hanwha Techwin products are often technologically advanced or on par with Axis cameras, especially when it comes to 4K security cameras and reactive video analytics. However, one drawback is that their products may require more customer support, making them less suitable for small businesses or those with limited IT support.
Vivotek
Vivotek is ranked 8th worldwide and 7th in Europe by IPICA in 2021 and is considered one of the top brands for CCTV. While Vivotek may not have the same maximum visual prowess as Axis cameras, they offer more affordable options that still work at a commercial scale. Additionally, Vivotek provides free VMS support per product, whereas Axis charges $100 per IP security camera. Vivotek's WDR enhanced and WDR pro technologies also improve camera performance in varying light levels, enhancing visual clarity. Their night vision technology has continuously improved with each new generation of products, making it a highly sought-after feature.
These alternative brands offer competitive features, performance, and pricing compared to Axis Communications. When choosing a surveillance camera system, it is essential to consider your specific needs, budget, and the features that are most important to you.
Strategies for Requesting Community Service for a Camera Ticket
You may want to see also
Frequently asked questions
Axis dome cameras have had various vulnerabilities over the years, including cross-site scripting, authorisation bypass, and shell command injection issues. These vulnerabilities can allow attackers to execute arbitrary code, gain unauthorised access, and perform various malicious actions.
To protect your Axis dome camera, ensure that you regularly update the firmware to the latest version, which often includes security patches for known vulnerabilities. Additionally, follow standard cybersecurity practices, such as using strong and unique passwords, and restricting physical access to the camera.
If an attacker gains control of an Axis dome camera, they can manipulate the video stream, change camera settings, and use the camera for malicious purposes, such as incorporating it into a botnet or using it as an entry point for lateral movement attacks.
Yes, there are various online resources, such as exploit databases and hacking guides, that provide technical details, proof-of-concept codes, and step-by-step instructions for exploiting vulnerabilities in Axis dome cameras. These resources are often created by security researchers to demonstrate the impact of the vulnerabilities and encourage users to update their systems.
Discussing the vulnerabilities and potential exploitation of surveillance cameras can raise ethical concerns. It is important to approach this topic with the intention of improving security and raising awareness among users. Hacking into someone else's camera system without authorisation is illegal and unethical. The information provided here is for educational purposes, to help users understand the risks and take appropriate protective measures.
