Document all of the DVR's assets in order to understand where to focus more probable attacks in the interest of time. If we can identify assets that contain public vulnerabilities, this will save us time as attackers when exploiting the DVR system. The following table describes what we know about the DVR's assets by reading the back of the box and user manuals when installing the device:
|
ID |
Asset |
Description |
|
1 |
DVR |
The DVR contains multiple camera channels to view live feeds, play back previous feeds, record videos, and take camera pictures. The DVR can connect to IP cameras or hardwired BNC cable cameras. A number of known network protocols and proprietary protocols are supported, such as TCP/IP, PPPoE, DHCP, Hik-connect Cloud P2P, DNS, DDNS, NTP, SADP, SMTP, NFS, iSCSI, UPnP, and HTTPS. The DVR has the ability to connect to a number of application interfaces to view camera feeds. |
|
2 |
Cameras |
Video streams are captured by enabled IP cameras and/or BNC cable cameras where data is transmitted to the DVR directly or wirelessly if an IP is available. |
|
3 |
Firmware |
Various camera features and configuration options are controlled via the firmware. |
|
4 |
Web applications |
The DVR contains a local web server that can be reached by accessing the IP address in a web browser. To view video feeds via the local web application, a plugin must be downloaded with a supported browser. The device has the option to view video feeds via the vendor's cloud SaaS platform when configuring the device. A separate username and password is needed to enable the vendor's cloud SaaS platform. The SaaS platform adds additional sharing features to third parties and access to other DVRs that may be purchased by the same owner. |
|
5 |
Mobile applications |
Android and iOS applications are available for configuring various settings as well as view and save video feeds remotely. All traffic from mobile applications is sent via the vendor's API over the mobile device's network connection. The mobile application connects to the vendor's cloud environment to render back the camera feed. A username and password are needed to access the camera system via the mobile applications. |
|
6 |
Thick applications |
Windows and OS X installers are available to view camera feeds and configure various settings. |
|
7 |
Device hardware |
The DVR hardware contains multiple video outputs for VGA and HDMI. The device connects to the local network via an Ethernet cable. For storage, the device has one SATA connector for a hard drive with up to 6 TB in capacity. |
|
8 |
Radio communication |
The DVR connects to cameras via BNC connectors or via IP. No wireless communication is used; however, all traffic via the mobile applications is transmitted over wireless communication. |