2 of 25

Table of Contents

Overview ………………………………..……….

Tools ………………………………………………………….

Project objective …………………………………

Demonstration steps ………………………….

Mitigation tactics ………………………………..

Slide 3

Slide 4-5

Slide 6

Slide 7-21

Slide 23

3 of 25

Overview

In our presentation we will be exploiting a Internet-Of-Things device. The IOT device will be a personal home surveillance ring camera. Ring cams are inexpensive, motion-activated, security cameras designed for easy installation and maintenance. They work through WIFI so you can view them remotely from anywhere from a phone, tablet, or computer. In this demonstration, we will exploit a vulnerability, show you how we’ve gained access of a network, and see it’s content . This was made possible by using the Gitbash terminal and Wireshark. Lastly, we will share our recommendations for mitigating against this type of attack.

4 of 25

Tools

Wireshark

Wireshark, which is the preferred network packet capture tool, is one of the most beneficial tools for Cybersecurity professionals. Wireshark allows you to capture and view network packets in detail. After they have been disassembled, you can use these packets for offline or in-the-moment analysis. You can carefully examine your network traffic with the aid of this application, filter it, and delve deeper to identify the root of any problems.

5 of 25

Tools

Gitbash

Git Bash is an application for the Windows operating system environment that provides Unix-based shell utilities and the Git command line experience. Git Bash emulates the Git command line experience of Unix-like environments for Windows users.

6 of 25

Project objective

Our goal is to introduce some of the skills we learned at Cybersecurity Bootcamp using tools like Gitbash and Wireshark. Also show the vulnerability of easy access to the security camera, followed up with recommendations.

7 of 25

Hacking a Ring Security Camera step by step instructions and demonstration.

STEP 1: Set a Windows environment variable. To do this, go to your start menu and type “Edit environment variables for your account.” in the search bar. You will then see the following screen.

9 of 25

Step 2:

In the environment variables field option, press new. In the Variable field type SSLKEYLOGFILE. In the Variable field , enter or browse the location of where you store the key log file location. Press OK, then OK again.

10 of 25

Step 3

Next, open up a Gitbash terminal and type the command nano ~/.bashrc

11 of 25

Step 4

This will take you to a script. Once inside, you will need to type, export SSLKEYLOGFILE=~/.ssl-key.log When you have done so, press control + X and then press Y to save the script.

Once you have saved the script, you will need to close the terminal window and open up a new window in the Gitbash Terminal.

12 of 25

Step 5

In the new Gitbash terminal, type echo $SSLKEYLOGFILE. Once you do this, the output should be something similar to the below screenshot

13 of 25

Step 6

Now you will need to check to see if the log populated. In order to see this, you simply need to open a web browser and simply visit any site that has SSL security enabled. Once you have visited the site or sites, check the log file and ensure it looks something like this:

14 of 25

Step 7

Once you’ve confirmed that the logs have generated, be sure to restart any application/browsers that communicate over HTTPS and keep them running in the background. After this is done, open your Wireshark tool and configure per the following:

Edit->Preferences->Protocols->TLS and input the path of the SSLKEYLOGFILE you created earlier in the (PRE)-Master-Secret Log Filename space and press the OK button.

15 of 25

Step 8

While in Wireshark with the packets flowing, filter for HTTP traffic only. You can do this by simply typing http in the filter bar at the top of the screen.

16 of 25

Step 9

At this point, you can either capture current packet or continue to let Wireshark run in the background. Either way, your next step is to right click on a RING camera packet, click Apply as filter option, and hit selected. This will now show you all of the http packets related to the individual cameras on the network we just hacked into.

17 of 25

Step 10

Next you will need to go to File->Export objects->HTTP. This is going to pull in every HTTP related packet that was captured so you will want to click the Content type filter by jpeg option. Once you have the files you want to save, click on them individually and save them to a folder or location that you can come back to later.

18 of 25

NOTE: When saving the files, you will need to add .jpeg at the end of the filename. Otherwise, when you try to open it to view the picture it will not pull up.

20 of 25

Step 11

Lastly, to see the pics from the cameras, simply go to the file location where you saved the packet files and double click the images and they will pull up.

21 of 25

You’ve successfully decrypted http traffic in Wireshark to allow you to view pictures from your home security cameras!!!

22 of 25

MITIGATION TACTICS

protect yourself against attacks

Keep software up to date
Create a strong WiFi password for your networks, including a network specifically for the cameras. Disable SSID Broadcast
Strong passwords for Ring accounts that are not used for any other accounts-- many cameras hacked using credentials found elsewhere. Change that password frequently. (Every 30-90 days)
Enable Two-Factor Authorization for Ring accounts

23 of 25