Hijacking an IP Camera Stream: SADProtocol Vulnerabilities and Hollywood-Style Exploitation

Dive into a captivating conference talk exploring the real-world feasibility of hijacking IP camera streams, as often depicted in Hollywood movies. Uncover two LAN RCE vulnerabilities in Hikvision's Search Active Devices Protocol (SADP) and SDK server implementation found in several Ezviz products. Follow the speakers' journey through firmware analysis, vulnerability discovery, toolchain building, exploit development, and post-exploitation techniques. Learn how they achieved the movie-like feat of serving arbitrary streams to victims while maintaining other camera functionalities. Gain insights into the complex process of IoT hacking, including bypassing ASLR, in-memory code patching, and manipulating binary execution. Understand the implications for video surveillance system integrity and the security risks posed by these devices. Presented by Octavio Gianatiempo, a Security Researcher at Faraday, and Javier Aguinaga, a self-taught reverse engineer, this 39-minute talk from Ekoparty 2023 bridges the gap between IoT security research and cinematic hacking scenarios.