Security Camera Hack Conceals Heists Behind Dummy Video: Via Threat Level.

LAS VEGAS — Technology has caught up with Hollywood heist films in a new hack being demonstrated at DefCon Friday, which involves hijacking IP video streams and seamlessly replacing them with new content.

In its simplest form, the hack — conducted with two free tools developed by researchers at Sipera Systems’ Viper Lab — allows someone to intercept and copy video from IP surveillance cameras to spy on the secured premises. But it would also allow the hacker to replace a legitimate video stream with a bogus stream, permitting a thief or corporate spy to enter an office while the security guard sees only a still-image of an empty room on his monitor.

“There are tools that can prevent this outright, but when you don’t have security in place, you can run these types of attacks,” said Jason Ostrom, director of Viper Lab. “Most of the enterprises we see don’t have the security controls in place.”

The intruder would have to gain physical access to a network over which the IP traffic is traveling, but Ostrom says this could conceivably occur through any Ethernet connection in a building, depending on the configuration.

IP video systems are becoming increasingly popular for security, and the attack has ramifications for corporations, museums, casinos and any one else who installs IP video surveillance.

The Dallas Cowboys Stadium recently installed Cisco’s StadiumVision system, which consists of 3,000 IP TVs, each with its own IP address, to deliver targeted advertising, promotions and concert footage to fans. Each of the stadium’s 300 luxury suites will also be able to choose video options from a touch-screen IP phone in the suite. The New York Yankees and Toronto Blue Jays are using the same Cisco system.

Ostrom said depending on how the network is configured, an attacker might be able to plug into the Ethernet jack in one of the Dallas Cowboys Stadium’s luxury boxes and conduct an attack.

Ostrom demonstrated the hack for Threat Level in advance of a talk he’s presenting at the DefCon hacker conference here on Friday. You can see the video at the bottom of this post.

Using an advanced VoIP sniffing tool the lab created called UCSniff, he captured a video stream from a Cisco IP video surveillance system. Once the stream is captured to a laptop, it’s converted to a raw H.264 file and then to an .avi file.

Then using another tool the lab developed called VideoJak Ostrom inserted his own video into the stream by performing an ARP poisoning man-in-the-middle attack.

The original video showing part of an office desk and chair was replaced with a clip from the film The Italian Job. In the second part of the attack, as an arm reached in to steal a water bottle from the chair, Ostrom replaced the live feed with a still shot of the room taken before the thief appeared, and fed it through the system in a continuous loop.

A company that uses sophisticated monitoring software and diligently reads its logs would notice excessive ARP packets crossing the network from a specific Ethernet port as the attacker siphons the legitimate stream and inserts new video. But administrators wouldn’t know what the extra packets indicate — that data is being scooped up and replaced. If the increased traffic raised suspicion, an administrator could simply block the port where it’s originating.

Sipera, which sells hardware to secure Unified Communications networks, conducted security assessments on the UC networks of more than 100 Fortune 500 companies in the banking, credit card processing, health care and financial services industries, and found that only five percent had proper security protections in place, such as enabling the encryption feature on their video systems.

Viper Lab says it will be releasing a new version of VideoJak that will support this attack shortly after DefCon ends.

Editor: Goto the original article for the video.

Read Original Article:(Via Threat Level.)