2017 m. balandžio 13 d., ketvirtadienis

Foscam All networked devices, multiple Design Errors. SSL bypass.

Two issues in one that nullify SSL in foscam devices:
All Foscam networked cameras use the same SSL private key that is hard coded into the downloadable firmware. This is easily extracted using a utility like binwalk and would allow an attacker to MITM any Foscam device.
One devices SSL keys are valid for any other device. See the below certificates CNs: *.myfoscam.org

Below are the ssl certificates of two foscam devices.

 openssl s_client -connect [REDACTED]myfoscam.org:443

CONNECTED(00000003)
depth=0 C = CN, ST = Guangdong, L = Shenzhen, O = "Shenzhen Foscam Intelligent Technology Co,Ltd", CN = *.myfoscam.org
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = CN, ST = Guangdong, L = Shenzhen, O = "Shenzhen Foscam Intelligent Technology Co,Ltd", CN = *.myfoscam.org
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=CN/ST=Guangdong/L=Shenzhen/O=Shenzhen Foscam Intelligent Technology Co,Ltd/CN=*.myfoscam.org
   i:/C=CN/O=WoSign CA Limited/CN=WoSign Class 3 OV Server CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFFDCCA/
ygAwIBAgIQEMpzCCRnnDOkG7I+cxTlKTANBgkqhkiG9w0BAQUFADBP
MQswCQYDVQQGEwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxJDAiBgNV
BAMTG1dvU2lnbiBDbGFzcyAzIE9WIFNlcnZlciBDQTAeFw0xNTA0MDcwODIwMDda
Fw0xNjEyMDcwOTIwMDdaMIGFMQswCQYDVQQGEwJDTjESMBAGA1UECAwJR3Vhbmdk
b25nMREwDwYDVQQHDAhTaGVuemhlbjE2MDQGA1UECgwtU2hlbnpoZW4gRm9zY2Ft
IEludGVsbGlnZW50IFRlY2hub2xvZ3kgQ28sTHRkMRcwFQYDVQQDDA4qLm15Zm9z
Y2FtLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK8H1eeluYBP
7x/7DLKPGneAnI9LWdMYbo+dIQKsyxQXRPOL+eWpQ/aWm/TAy0i4eDxmE0F7HmEn
Y/m3Prl7TweSvFYcthDn77bJTXjbdKdLPFxc34j/KC2AdaJOJzGVJfmPuSVk2NW+
mQyZxFuMU0X8M88+HwPX7leADUAjNdNIGcw4BG9xCrTY/6N/tk9an5iOHc+WKRQm
P6S+2xCSHIUETpbPlpbRnk+FYDP8KLqdLwTgECIYEfsefNdasACyQ9EafWF1C683
iuMAxtRe+mghklQoWYeslA6FhDcIZilPPkgnWjjqIkkAn+ik1q521aI3fUz/iGfM
ugsGMuBmck0CAwEAAaOCAbMwggGvMAsGA1UdDwQEAwIFoDAdBgNVHSUEFjAUBggr
BgEFBQcDAgYIKwYBBQUHAwEwCQYDVR0TBAIwADAdBgNVHQ4EFgQUYf1ztHxahhue
DsBxwaJJhZHpTAIwHwYDVR0jBBgwFoAUYi6B2eNCeRSjzdlUim743pWqj5gwfwYI
KwYBBQUHAQEEczBxMDUGCCsGAQUFBzABhilodHRwOi8vb2NzcDEud29zaWduLmNv
bS9jbGFzczMvc2VydmVyL2NhMTA4BggrBgEFBQcwAoYsaHR0cDovL2FpYTEud29z
aWduLmNvbS9jbGFzczMuc2VydmVyLmNhMS5jZXIwOQYDVR0fBDIwMDAuoCygKoYo
aHR0cDovL2NybHMxLndvc2lnbi5jb20vY2ExLXNlcnZlci0zLmNybDAnBgNVHREE
IDAegg4qLm15Zm9zY2FtLm9yZ4IMbXlmb3NjYW0ub3JnMFEGA1UdIARKMEgwCAYG
Z4EMAQICMDwGDSsGAQQBgptRAQMCAQIwKzApBggrBgEFBQcCARYdaHR0cDovL3d3
dy53b3NpZ24uY29tL3BvbGljeS8wDQYJKoZIhvcNAQEFBQADggEBAFSLG5spzqWY
qzZmHTYvNPwFSF6AD1VXksIaqKvrj4x4tOR5JQz3JBpgHpchaxQlv0VxA12lmGRY
kkF7vK48yVwlZkV6+ScYiK2PAVxpyJqqA42cv0vbna+cgoSbw5zz6/VjWdiAlqbl
lS5Su2FsVuPJBEIbRXQshRJycmxG9JqKOWQRSNvxdO59EHyYSmo+avNLzGl218R4
FeF4fEP4/QHmOPNzrDMFzfXFdlsO3T3WeXcmgeSyNGev9d6EwhP+LRJsawpVdRAq
f1sqtSGbqN3iGQrEQeGMCDAE+U7nzTTCWBcFXg8O5077kiB/MZtx2kDpZf2p3qqt
OVAbevhaNsE=
-----END CERTIFICATE-----
subject=/C=CN/ST=Guangdong/L=Shenzhen/O=Shenzhen Foscam Intelligent Technology Co,Ltd/CN=*.myfoscam.org
issuer=/C=CN/O=WoSign CA Limited/CN=WoSign Class 3 OV Server CA

openssl s_client -connect [REDACTED]myfoscam.org:443


CONNECTED(00000003)

depth=0 C = CN, ST = Guangdong, L = Shenzhen, O = "Shenzhen Foscam Intelligent Technology Co,Ltd", CN = *.myfoscam.org
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = CN, ST = Guangdong, L = Shenzhen, O = "Shenzhen Foscam Intelligent Technology Co,Ltd", CN = *.myfoscam.org
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=CN/ST=Guangdong/L=Shenzhen/O=Shenzhen Foscam Intelligent Technology Co,Ltd/CN=*.myfoscam.org
   i:/C=CN/O=WoSign CA Limited/CN=WoSign Class 3 OV Server CA
---
Server certificate

Komentarų nėra:

Rašyti komentarą