GeoVision Digital Video Surveillance System Directory Traversal Vulnerability

“Cheap DVRs produce poor quality video, period.  There is no free lunch when it comes to surveillance systems.  We replace cheap DVRs all the time.” says Eric Lawton, President and founder of Lawton media Services LLC.
Digital Video Recorders (DVRs) consist of two main types: Embedded DVRs or PC based systems.

Dejan Levaja has reported a vulnerability in GeoVision Digital Video Surveillance System, which can be exploited by malicious people to disclose sensitive information.

The vulnerability is caused due to an input validation error in the included HTTP server when processing GET requests. This can be exploited to read arbitrary files from an affected system via directory traversal attacks.

The vulnerability is reported in version 8.2. Prior versions may also be affected.

Embedded Hardware All-In One DVRs do not use a Windows operating system and contain no software at all on the hard disk(s). All application functions are contained (embedded) in firmware (software encoded on chips). These DVRs look like the VCRs of yesterday, except they do not have the litle door in the front for the VCR tape. Instead they have a CD tray for recording stored video.
These DVRs are also becoming popular in homes for recording TV shows. Most alarm companies and small dealers utilize this type of DVR since it is inexpensive and easy to install – mostly plug & play. The downside is that it’s features are limited (hard to review recorded inages), it’s storage fixed, and it’s picture quality is average (TV resolution).
When comparing embedded DVRs to PC based systems, always look at the viewing and recording specs. Real time viewing and recording of a single camera means that it will view and record what that camera sees at 30 frames per second (fps). Two cameras – 60 fps; three cameras – 90 fps; etc. all the way up to 16 cameras at 480 fps. The vast majority of embedded DVRs do not record at real time, and few view at real time. Why is that important? Do you want to miss something while looking at a jerky image?
Newer embedded DVRs are coming on the market that rival PC based system’s quality, but they cost as much or more right now.

PC based Digital Video Recorders are complete hardware/software computer-based systems incorporating video capture, video multiplexing, point-and-click video recording and playback, crystal-clear video display and remote video access via Internet and/or LAN. PC based DVRs are not simply a collection of computer hardware, however – they represent carefully selected hardware and software components which are proven to work well together in the demanding video processing environment. Software, hardware and firmware settings are carefully optimized to ensure maximum performance without problems. PC based DVRs can support multiple numbers of CCTV security cameras – from 4 to 32.
Microsoft Windows XP or Vista is provided as the operating system on our PC based DVRs. In addition, system restore software is also included on all systems. All software provided includes original CDs and manuals.

So, if picture quality and system flexibility are important to your application, we recommend PC based systems.

German security researcher Lukas Grunwald, who made headlines two years ago for uncovering security vulnerabilities in new electronic passports being adopted by the U.S. and other countries, created RFDump with colleague Boris Wolf in 2004.

Now the two have created RF-Wall (shown on the lower shelf in the picture at right) to help thwart RFID fraud and attacks against e-passports, electronic access cards and payment cards — such as the Mifare Classic card that is used in the London Underground and which security researchers recently cracked.

The device, which Grunwald and Wolf are producing for their new California-based company NeoCatena, is a hybrid firewall and intrusion-detection system that sits between an RFID reader and its back-end system. It’s designed to detect counterfeit and cloned RFID chips and prevent an attacker from injecting malware into a back-end system with a rogue RFID chip. They’ll be debuting the device this week at the RFID Journal Live conference in Las Vegas but gave me a demonstration of it this weekend.

Hacker Designs RFID Security Tool

Rfwall_5 The box can be loaded with virus signatures to detect known types of attacks and uses heuristics to detect other malicious activity, such as generic SQL-injection attacks (such as the one that appears in the screenshot above right). The device can be restricted to read only RFID cards that have specific serial numbers and reject all others. It also can be used to digitally sign chips so that any chips that are altered after being issued are rejected by the RFID reader. The system uses the HMAC algorithm for the digital signature. Grunwald and Wolf hold a patent on the use of HMAC with RFID technology.

Last year Grunwald revealed that he’d been able to sabotage the e-passport readers of two unnamed manufacturers by embedding a buffer overrun exploit in the JPEG2000 file of a cloned passport chip. The JPEG file contains a digital photo of the passport holder.

Recently other researchers cracked the encryption used in Mifare Classic chips that are used in door access systems around the world as well as in the London Underground’s Oyster card.

It’s long been known that RFID readers and chips are insecure, but trying to fix systems that have already been widely deployed has its challenges, particularly since there are a number of different types of chips and readers on the market, which work at different frequencies.

“A lot of people are thinking about on-tag security — putting cryptography on the tag,” Wolf says. “But those tags are limited in their computational power or even if you can get that worked out the more encryption technology you have on the tag, the more expensive it is. We’re saying you don’t have to worry about what’s happening with your tag if you can verify whether there’s data integrity or not.”

Grunwald says they’ve shown the tool to a large pharmaceutical company based in Switzerland that is interested in using it to authenticate drugs and equipment — such as dialysis machines — from counterfeit products. He says an Asian country is also interested in using RF-Wall with its electronic passport system.

During a demonstration for me, Grunwald and Wolf used RFDump to alter the value on a digitally signed transportation card from $10 to $99. On a first pass without RF-Wall in place, the RFID reader accepted the card. After they connected the device, however, the system rejected the tag. The system also rejected a tag that was embedded with SQL injection code.

The screenshot at right shows the backend of an RFID inventory system after malware on a rogue chip has crashed it.

Source and More : http://blog.wired.com

Via  : computerworld.com cracked the encryption used in Mifare Classic chips

The contract has a three-year base period and seven one-year options, exercisable at the discretion of the government. Its ceiling value is $428 million.

Unisys (NYSE:UIS) is an information-technology company based in Blue Bell, Pa. It has been providing RFID technology to the Defense Department since 1994.

Palm Pre Coming to Best Buy

A lot of hype and expectation weighs upon the shoulders of the Palm Pre. So far it’s received very good reviews from the tech press, who are calling it “simply amazing” and “well thought-out and smooth.” Before the Pre, Palm wasn’t doing so hot — in fact, many thought the company wouldn’t survive. And now, many are thinking the Pre is Palm’s last chance.

So, with all this in mind, a Best Buy marketing blitzkrieg might be just the ticket for the latest potential

For the external approach, Ackermann modified a Robotech Bluetooth module, which he placed in an iPhone battery sleeve and connected to the iPhone (serial) connector port at the bottom of the unit. This allowed the the phone to communicate directly with the the module using the Bluetooth serial port profile.

The external Bluetooth module on the left has been placed into an iPhone battery sleeve.

The whole thing works courtesy of Jay “saurik” Freeman’s Veency application. Ackermann used a tiny libvncclient to generate keyboard events, which were then passed to Veency. Veency then provided the keyboard event injection using the iPhone’s private Graphics Services framework.

Bluetoot keyboard

Ars readers may be more excited, though, by his work on a completely internal solution. Here, Ackermann discovered BlueSn0w, part of the iBluetooth project. BlueSn0w (yes, its name is apparently inspired by the iPhone dev team’s yellowsn0w) will scan for discoverable Bluetooth devices. According to this Flickr page, the module seems to enable the Bluetooth UART interface to communicate

Using the internal Bluetooth module will offer a simpler, more elegant solution.

iphone bluetooth

Allowing the iPhone to accept keyboard input from an external Bluetooth keyboard will move the iPhone forward in opening new opportunities for general computing and on-the-go note taking. Taking into account the iPhone’s newly realized video out support, the entire platform looks like it’s at the brink of a transformative revolution.