![]() ![]() We also suggest you consider alternatives such as VPNs, which provide stronger security, though more setup effort. Nevertheless, we suggest you carefully evaluate the potential risks involved with the P2P functionality before enabling it. Reolink has released a new version of the firmware, which according to them, mitigates the issues discussed in this post. Once finished, we could reproduce the audio/video content in cleartext. We proceeded to determine the remaining header fields to properly reconstruct the stream as seen by the client. This suggested that a secure encryption of the payload might be missing altogether. The other obvious element that stood out was the presence of some cleartext “keywords” such as 01dcH264. ![]() The first noticeable variation for the packets carrying audio/video data, is the specific header magic, namely 0x2a87cf10. We requested audio/video streams from the client to generate traffic for later analysis. CVE-2020-25169 – P2P video/audio lack of encryption and stream reconstructionĬWE-319: Cleartext Transmission of Sensitive Information reconstruction The P2P client is now authenticated with the NVR, and can start requesting audio/video streams. After we booted an NVR with UID enabled, we inspected the network traffic and immediately realized that the P2P feature was operating, as several UDP packets were exchanged with the host .īefore replying to the P2P client, the NVR receives a notification of the upcoming client connection from the Reolink server through the cmap tag, which operates similarly to the dmap one that presented earlier. As explained in the support section of the Reolink website, 3 the term “UID” is used instead of P2P in the device user interface. #Reolink client install not working full#Reolink CCTV Camera P2P Overviewīeginning with a full set of Reolink CCTV cameras and the matching NVR, we began investigating whether P2P functionality was present in first place. Second, we want to shed some light on the security level of P2P implementations and share our findings with the security community at large. First, we want to protect industrial operators who might be unwittingly running P2P functionality in cameras on their OT networks or at their facilities. Our research goals are typically twofold. This realization led us to investigate the situation further. By examining some devices we had in our lab, it became clear that the privacy and security implications of using a camera’s “P2P” feature are not clearly explained to users. What concerned us the most about Marrapese’s brilliant work was the sheer number of end users affected by the problems identified, and the lack of official documentation describing how P2P functionality works. By exploiting these vulnerabilities, an attacker is able to intercept the audio/video stream at will. In August 2020, security researcher Paul Marrapese 1 published extensive research 2 detailing security issues affecting the P2P implementations of some vendors. ![]() However, the typical scenario involves an internet-reachable node which acts as a mediator between the client that wants to access the audio/video stream, and the device that serves the data. The technical details vary between vendors and third-party providers of this functionality. Rather than have a user explicitly configure a firewall to let a client reach the device with the video data, “P2P” establishes a connection through a set technique commonly defined by the umbrella term “hole punching”. The video data is available from the cameras or accessed through NVRs. Peer-to-Peer (P2P), in the context of security cameras, refers to functionality that allows a client to access audio/video streams transparently through the internet. Peer-to-Peer Functionality in IoT Security Cameras and Its Security Implications Data Sheets, Brochures & Learning Guides. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |