Conducting a vulnerability assessment of an IP camera

Sammanfattning: We conduct a vulnerability assessment of an IP camera to investigate its susceptibility to common malicious attacks and their eventual consequences. We use the UK government ’Code of Practice’-goals for IoT devices to guide us and facilitate a more efficient assessment.The assessment is split up into two main parts: reverse engineering and reconnaissance of the device, and the actual vulnerability assessment. We take an exploratory approach and extrapolate from the results of our initial analysis to examine areas that could be prone to vulnerabilities. Compared to previous works, this study presents a more extensive coverage, examining 8 of the total 13 ’Code of Practice’-goals.A total of 11 vulnerabilities were discovered, where 5 of them were assigned ’very high’ severity. The vulnerabilities are explained in a clear, stepby-step manner with including examples to give the reader an understanding of their impact and consequences. Furthermore, we propose solutions on how to mitigate and patch found vulnerabilities.We conclude that the coverage of our assessment can be increased, that using the ’Code of Practice’-goals contributed to the efficiency of the task, and we provide further evidence that the area of IoT security in its current state is inadequate.