14 DAY TRIAL // Security experts are always trying to make other people see that their systems are vulnerable, fact which means they need improvement! This is just another one of those cases - white hatters at ProCheckUp have given a proof of concept in an earlier paper on how easy it is to make a total mockery of Axis 2100 IP cameras. These are quite common and you can see one in the picture to the left.
I guess that you were all curios to find out how or if it was possible for those hackers on TV to actually make a mockery of security cameras. Well, the guys at ProCheckUp discovered that they can redirect what video file is played back by an AXIS 2100 IP camera. The paper on this is very tech savvy and I doubt that simple users could do it.
The strength of the IP camera is actually its own vulnerability - it's part of a network, fact which means it has routing capabilities, it can run commands and sometimes even allow outsiders to upload and run their own applications! I think that some of you may already see where all this is heading towards.
There are several vulnerabilities that can be exploited by malicious users, such System-wide Cross-site Request Forgeries (CSRF) (any admin action can be forged by design) non-persistent Cross-site Scripting (XSS) on 404 error pages, persistent cross-site Scripting (XSS) on the network settings page, persistent cross-site Scripting (XSS) on the video viewing page, persistent cross-site Scripting (XSS) on the logs viewing facility. There are more that could get exploited, but these are just a few that the researchers mentioned. Abusing these could make a security guard watch an endless loop of nothing, while there could be a lot going on!
The method in which these vulnerabilities could get exploited is far too tech-savvy for normal readers, so if you really want to find out more, click on the link I posted above. However, keep in mind that this information is just for your knowledge, and should not be used for malicious purposes. Hacking cameras is illegal and will get you arrested!