Assessing IoT Surveillance Arlo

Explore the vulnerabilities and security implications of IoT surveillance systems in this 24-minute conference talk from Derbycon 2019. Delve into the assessment of Arlo devices, examining their setup, components, and functionality. Uncover critical vulnerabilities, including CVE-2016-10115, and learn about initial scans, attack surfaces, and device teardown processes. Gain insights into connecting to serial interfaces, booting procedures, and authentication requirements. Discover methods for finding sensitive information, conducting config reconnaissance, and identifying running services. Investigate insufficient UART protections, plaintext data exposure, and networking misconfigurations. Understand camera snooping techniques, decryption routines, and encryption keys. Follow a timeline summary of the assessment and explore the implications of SIP interfaces in IoT surveillance systems.

Intro
Overview of Past Surveillance Systems
Why Arlo?
Device Setup
Components
Functionality
CVE-2016-10115
Initial Scans and Attack Surface
Device Teardown
Connecting to Serial
Booting
Authentication Required
Bootloader
CFE Save Command
Finding Goodies
Config Recon
Service Running
Primary Services
Insufficient UART Protections
Plaintext Goodies
Networking Misconfiguration
Camera Snooping
Decryption Routines and Keys
Timeline Summary
The damn SIP interface
Final Thoughts