Deauthentication Attack + Physical Security DISCLAIMER: All data and information provided in this article are for informational purposes only. The main goal is to increase security awareness, teach about information security, countermeasures and give readers information on how to implement a safe and functional system. If you plan to use the information for illegal purposes, please leave this website now. A few days ago . Wanting to know how safe the system really was . a friend of mine purchased and installed a new Wifi IP camera at his house he asked me to take a look and try to “hack” it if possible The truth is that the Internet of Things (IoT) is a really hot trend at the moment and . a lot of devices are being distributed into the market, many of which are not that reliable or safe IP cameras are a nice example of such devices that have invaded many households (or even small businesses in some cases) as a smart solution for surveillance and security. Getting to the point now, , not focusing on finding a specific software vulnerability. The two methods I used were a and a So let’s take a closer look at them: I tried to hack the cameras using two generic techniques Deauthentication Attack Physical Security Attack. Deauthentication Attack A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point. With this attack, one can . For more details check out the following links: and disconnect a client from the access point that it is connected to https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack https://www.aircrack-ng.org/~~V:/doku.php?id=deauthentication Sequence diagram for a WiFi deauthentication attack The falls under the category of , meaning you can from before connecting to any of these networks and therefore the need to know the . Deauthentication Attack pre-connection attacks disconnect any device any network without password for the network Having said that, it was possible to disconnect the IP camera from the access point it was connected to ( , as I mentioned earlier, since there wasn’t even the need to connect to the network), making it useless. without having the AP password The camera would on normal occasions detect movement and/or noise and notify the user with an email if something was detected. Instead, during the attack the video feedback of the IP camera app was frozen and no notifications were sent when we triggered the sensors with motion and sound. Below is (for a more detailed analysis on how to perform a deauthentication attack there is a great article on ): the code I used for this simple attack Hacker Noon Deauthenticating specifically the IP camera (only one client) aireplay-ng --deauth [number of deauth packets] -a [AP MAC address] -c [IP camera MAC address] [interface] Ex: aireplay-ng --deauth 1000 -a 11:22:33:44:55:66 -c 00:AA:11:22:33:44 mon0 You can possibly find the MAC address of the IP camera if you know the device’s brand since ( ). You can also try to speculate which is the AP’s MAC address by the name of the SSID. Otherwise, you can use a more wide attack with the code below. the first 6-digits of a MAC address identify the manufacturer https://macvendors.com Deauthenticating all clients in a specific network aireplay-ng --deauth [number of packets] -a [AP MAC address] [interface] Ex: aireplay-ng --deauth 1000 -a 11:22:33:44:55:66 mon0 That wouldn't be the case of course if the camera app was programmed to with the router/device and report a lost connection by sending an email to the user for example. periodically check the connection It is also important to point out, that if the IP camera had a , this attack would not be possible. When using wireless communication we should always keep in mind that the medium is air and air is accessible to all (thus more “hackable”). wired connection and not a wireless one Physical Security Attack Physical security describes security measures that are designed to deny unauthorized access to facilities, equipment and resources and to protect personnel and property from damage or harm (such as espionage, theft, or terrorist attacks). Distribution frame It doesn’t do much if you have top quality security “software-wise”, but . In our case, the box, where the internet-telephone cables terminate, was in front of my friend's house and . It would be very easy for someone to in the cabinet, and thus disabling the IP camera. the physical devices you are trying to secure are not themselves placed somewhere safe local distribution frame unlocked intervene cut the cables remove internet connection Without an Internet connection, the user would be since he wouldn’t get an email notification (like he is supposed to if something is detected), and as soon as someone tried to invade into his house, while the camera would have just stopped working without any warning. under the illusion that everything is secure that his IP camera would alert him Below is an extract of a previous article I wrote, “ ”, : IoT without Internet… how does that affect its functionality? proposing a solution to this issue That is why I am proposing that IoT devices that are connected to the Internet should all include . That feature is . If at the side of the IoT device there is no internet access, of course, there aren’t any means of sending an alert. That is why I am suggesting that (at a rate that will be determined by the severity of the device’s task and need to be online) . a basic feature to notify when internet connectivity is lost from the device at the client side app there should be monitoring of the connection between device and controller app In our previous , the i.e. would have of the home router, the user would have been , thus taking the appropriate measures to (calling the ISP, sending someone to check, etc). IP camera example smartphone app detected the loss of internet connectivity sent a notification resolve the problem Hold down the 👏 to support and help others find this article. Thanks for reading!! Follow me on Twitter @konpap1996
