ИБ видеокамер Москвы
TRANSCRIPT
![Page 1: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/1.jpg)
SESSION ID:
#RSAC
Denis Legezo
Smart Megalopolises. How Safe and Reliable Is Your Data?
TECH-T09
Global Research and Analytics Team, Kaspersky Lab@Legezo
![Page 2: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/2.jpg)
#RSAC
Megalopolises are changing fast
2
![Page 3: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/3.jpg)
#RSAC
The plan for today
3
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
![Page 4: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/4.jpg)
#RSAC
Why cities need all this stuff?
4
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
![Page 5: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/5.jpg)
#RSAC
Why do cities have be smart?
5
Investments
Staff
Infrastructure
Data centers
Operation center
![Page 6: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/6.jpg)
#RSAC
Raw data for planning
6
![Page 7: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/7.jpg)
#RSAC
…And for traffic management
7
Possible to use for the traffic lights
Counting vehicles number and change timings
Counting pedestrians as well
![Page 8: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/8.jpg)
#RSAC
Radars are the source of such data
8
![Page 9: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/9.jpg)
#RSAC
The first phase
9
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
![Page 10: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/10.jpg)
#RSAC
Appearance is a great help
10
![Page 11: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/11.jpg)
#RSAC
..Any IDs you can get are also
11
MACs
Names
Any IDs
![Page 12: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/12.jpg)
#RSAC
What we are gathering?
12
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
![Page 13: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/13.jpg)
#RSAC
Look, interfaces
13
![Page 14: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/14.jpg)
#RSAC
And a lots of data on-board
14
![Page 15: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/15.jpg)
#RSAC
What's inside the data?
15
Vehicle type
Number of vehicles
Median speed
Station occupancy
![Page 16: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/16.jpg)
#RSAC
The Holy Grail
16
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
![Page 17: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/17.jpg)
#RSAC
Can we add some functions?
17
Through interface
Debugger?
Commands?
What is format?
![Page 18: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/18.jpg)
#RSAC
Format looks like iHex or SREC
18
![Page 19: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/19.jpg)
#RSAC
But for which controller is it?
19
![Page 20: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/20.jpg)
#RSAC
LinkedIn isn't only for HR
20
![Page 21: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/21.jpg)
#RSAC
..but it happens anyway
21
For me in a blackbox mode it looks like dead end
But does it means dead end at all?
Of course not!
![Page 22: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/22.jpg)
#RSAC
Even with the stock firmware..
22
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
![Page 23: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/23.jpg)
#RSAC
Reconnaissance first
23
I started with script + C
Bluetooth tools
adb to get GPS from phone
C code for sending
What to send?
![Page 24: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/24.jpg)
#RSAC
Commands are partly known
24
![Page 25: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/25.jpg)
#RSAC
So we can automate
25
![Page 26: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/26.jpg)
#RSAC
Sensor will answer
26
![Page 27: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/27.jpg)
#RSAC
What about the small DDoS?
27
Driving by, changing settings
Time: all traffic at night
Types: all traffic trucks
![Page 28: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/28.jpg)
#RSAC
Python + PostgreSQL seems better
28
![Page 29: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/29.jpg)
#RSAC
Resolve vendor and address offline
29
![Page 30: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/30.jpg)
#RSAC
What to do further and else?
30
Smart cities: Sensors' role
Reconnaissance: Vendors, locations, etc.
Sensors' functionality: Interfaces and data
Firmware: The Holy Grail of embedded
Automation: Let's send some bytes
Smart cities: Outside sensors
![Page 31: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/31.jpg)
#RSAC
Side effects
31
Gather Wi-Fi data and filter it with Postgres views
MACs can be anonymous
WEP is still alive
![Page 32: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/32.jpg)
#RSAC
Where is always place for fuzzing
32
Where are undocumented commands
![Page 33: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/33.jpg)
#RSAC
So much other stuff
33
![Page 34: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/34.jpg)
#RSAC
...even speeding penalties
34
Smart cities security perimeter if huge
So is the surface of attacks
Different authorities are in charge of the infrastructure
![Page 35: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/35.jpg)
#RSAC
...And tools
35
![Page 36: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/36.jpg)
#RSAC
What to apply?
36
Change appearance and default names
Don't rely only on standard authentication
Cooperate with third-party researches
Think a little bit like malefactor or hire someone who can
I know embedded devices vendors with generous bug bounty program. Respect
Cities also could participate
![Page 37: ИБ видеокамер Москвы](https://reader031.vdocuments.site/reader031/viewer/2022030313/58ed20831a28ab01458b4611/html5/thumbnails/37.jpg)
#RSAC
Summary
37
Smart city infrastructure is visible due to ID
Kudos to vendor, firmware is strong
Automation is possible with change of any settings
Interesting side effects with wireless protocols
Go further!