No authentication is necessary for viewing and downloading the recordings. Because there is no local access, this also applies even if the user and the camera are in the same network. If necessary, the year-month combination contained in the URL can simply be tried out. In this, the storage location is not apparent to users of the app, as there is no corresponding message. In our test, the available recordings were determined via api.
|Date Added:||5 February 2009|
|File Size:||44.43 Mb|
|Operating Systems:||Windows NT/2000/XP/2003/2003/7/8/10 MacOS 10/X|
|Price:||Free* [*Free Regsitration Required]|
Leave a Reply Cancel reply Your email address will not be published. The bare-bones configuration is as gigaste Log in or sign up for an account to create a custom feed or widget. Cross Site Request Forgery.
Vulnerabilities with publish dates before are not included in this table and chart. Any use of this information is at the user’s risk.
Testing Gigaset Elements Camera
The encrypted connections and their problems were indicated earlier. With the installed root certificate on the user smartphone, it was alan possible to hack this connection also by means of a man-the-middle attack. An additional connection via real-time streaming protocol RTSP is at least partially unencrypted. The fact that this outdated and unsecure encryption is still used to transmit data of the Gigaset camera does not speak for the security of the product.
This page lists vulnerability statistics for all versions of Siemens Gigaset Wlan Camera. Internal IP, parameters for the video transmission resolution and codec as well as an authorization token are transmitted, among other things — potentially useful information for an attacker.
If you don’t select any criteria “all” CVE entries will be returned Vulnerabilities with exploits.
Testing Gigaset Elements Camera – AV-TEST Internet of Things Security Testing Blog
This is followed by binary data; based on the volume and the time sequence, it contains the actual stream or transmission of video and sound.
The Android app saves downloaded videos unencrypted in freely accessible locations on the smartphone. You may also like. CVE or or Because there is no local access, this also applies even if the user and the camera are in the same network. NINJA 2 years ago. During our tests, despite several csmera, we were, however, unable to determine that it actually contained unencrypted video stream data. Yet there are even more connections that are transmitted at least partially unencrypted.
Here RC4 encryption is used, which is outdated and considered practically broken. In order to transmit the video stream, the camera and app establish encrypted connections to the servers of the manufacturer Gigaset. Selected vulnerability types are OR’ed.
Outdated encryption In order to transmit the video stream, the camera and app establish encrypted connections to the servers of the manufacturer Gigaset.
Already in Februarythe use of this stream encryption was forbidden in the encryption protocol TLS RFC for security reasons. Your email address will not be published.
The fact that it does not contain sufficient obfuscation of the program code makes it easier for attackers to analyze potential vulnerabilities. Feeds or widget will contain only vulnerabilities of this product Selected vulnerability types are OR’ed. There are 2 comments 2 comments.
There is an initial communication of data, e. While the attackers are required to know the URL, this can be found out.
Might our Artificial Intelligence support you?
Use of this information constitutes acceptance for use in an AS IS condition. Thanks to night vision mode, it even works at low light intensity. If necessary, the year-month combination contained in the URL can simply be tried out. The camera from Gigaset records its environment in a picture quality of p with a frame rate of up to 30 FPS.