Exclusive: How safe is the Maximus Answer DualCam video doorbell?
Exclusive: How safe is the Maximus Answer DualCam video doorbell?
The Maximus Answer DualCam is one of the best video doorbells, every bit its two-camera setup lets you encounter very conspicuously if someone left a package at your door. Just while the DualCam may be adept at protecting your packages, how good is it at protecting your data?
As part of a partnership with Tom's Guide, security firm Bitdefender has analyzed the Maximus Answer DualCam video doorbell that Tom'south Guide reviewed in 2020. Bitdefender looked at the video doorbell's network communications and its internal software and hardware, and its study report found the video doorbell'due south security to be pretty good overall.
- I finally installed an indoor security camera — and y'all should, too
- The all-time video doorbells you lot tin buy
- Plus: Google Maps is getting a major upgrade for cyclists
Some problems with server authentication
The just major vulnerability was a lack of server authentication in two instances. The video doorbell did not verify the Amazon Web Services data "bucket" to which it uploaded video feeds and logs. Nor did it verify the server from which it downloaded firmware updates.
These network communications are sent using the plain old HTTPS web protocol, not the OpenVPN protocol used to handle commands to the video doorbell from the smartphone app.
That flaw could, at least in theory, lead to a man-in-the-eye attack if an attacker who was already on the doorbell owner'southward home Wi-Fi network could forcefulness the doorbell to accept a bogus HTTPS certificate and intercept the uploads.
"As a issue," says the Bitdefender report, "an aggressor sitting between the camera and the servers could intercept the uploaded logs and recordings."
Then your nasty neighbour could intercept your video feed this way. To protect yourself against such an attack, however unlikely it may be, make sure you utilize a strong, unique password to access your abode Wi-Fi network.
As for the log files, "they practise not incorporate sensitive data that could exist useful to an assailant," the report says. "Virtually of the messages pertain to the functioning of the camera."
While "the surrounding Wi-Fi networks and their MAC addresses are transmitted, too as the proper name of the current network" as role of the log files, "the countersign for the current network is not transmitted."
Firmware updates are very well protected
Hacking the doorbell with a bogus firmware update, a common method of attacking smart-abode devices, would exist very difficult to pull off on the Maximus Answer DualCam for a number of reasons.
First, the web accost, or URL, of the update server seems to be hard-coded in the Maximus Answer DualCam video doorbell'south firmware, and changing the server address would require root access.
2d, the Bitdefender report says that "the attack requires noesis of both the ta.key file (to authenticate TLS connections), and a way to trick the photographic camera into connecting to the rogue server."
At least in theory, an attacker could perhaps "spoof" the Maximus server past setting upwardly a rogue Wi-Fi hotspot and forcing the doorbell to connect to that. So a poisoned DNS file on the rogue hotspot could redirect queries for the server URL to instead go to the attacker's automobile every bit the "server."
3rd, setting upwards or changing the doorbell's Wi-Fi network connection can but be done via Bluetooth using the Kuna companion app on the possessor'southward smartphone.
The Kuna app relays the doorbell'southward series number plus random data — a "nonce," in cryptography terms — to the Maximus server. The server replies with a token (consisting of a "hashed" version of the nonce plus a hush-hush code) that authorizes the video doorbell and gives the doorbell the local Wi-Fi access credentials it got from the possessor'southward Kuna smartphone app.
"The Bluetooth connection can be established at any fourth dimension to modify the Wi-Fi network, simply just the photographic camera owner can initiate it," the written report says.
"If an aggressor wishes to change the network, they would need either the secret to create the token, or the token provided from the server. The hush-hush is unknown, and the server sends the token to the owner but."
Finally, the Maximus Answer DualCam's firmware updates are digitally signed past the vendor. A rogue firmware update delivered by a rogue server would simply non exist installed.
"Whatever modifications to the binary will consequence in a signature mismatch," says the study. "The binary will be discarded in this case. An attacker can't forge the signature, as it requires the private certificate respective to the public primal used to check the signature."
Locked down pretty tight
Otherwise, the Maximus Answer DualCam video doorbell has good security. As noted earlier, for almost communications it uses the OpenVPN protocol to communicate with its server and then that third parties on the same wireless network equally the video doorbell cannot decipher the signals.
Each camera has a unique digital identifier to identify itself to its servers. Attempts to access ports on the video doorbell over the local Wi-Fi network were unsuccessful, and and so was an attempt to exploit the OpenVPN connectedness using a widely applicable flaw.
Commands sent past the owner to the video doorbell are routed through Maximus' servers, only each asking has to be accompanied by an authority token.
Besides, "to alter the photographic camera's settings, the user requires its serial number. An attacker who knows the series number cannot modify settings, as ownership is validated."
Similar authentication is required for alive streaming.
Even UART connections, which involve clipping wires to specific spots on the motherboard for software or hardware debugging, crave a password in this case. UART connections are frequently a reliable backdoor into a smart-domicile device, simply non on the Maximus Answer DualCam video doorbell.
How Bitdefender tested the Maximus Answer DualCam
Bitdefender researchers used several tools and methods to analyze the security of the Maximus Reply DualCam.
A virtual auto running on a PC served every bit the Wi-Fi access bespeak. The Burp Suite penetration-testing tool was used to monitor encrypted network traffic. The UBI Reader Extract Files utility was used to read the filesystem on the firmware disk image.
The Bluetooth Host Controller Interface logging tool congenital into Android (with Developer mode activated) was used to capture data packets exchanged betwixt a smartphone and the video doorbell during the initial setup process, and the Wireshark network-package analyzer was used to examine those packets. A custom digital document was used to stage a man-in-the-middle attack in guild to decrypt traffic to and from the Android app.
The Ghidra decompiler developed by the U.S. National Security Agency was used to reverse-engineer binary information, i.east. turning data that was just $.25 and bytes dorsum into source code. The network mapper Nmap was used to determine that the Maximus Answer DualCam had no open ports.
Safe to use? Yes, more often than not
Overall, the Maximus Answer DualCam video doorbell seems safe to use, except for the remote possibility that someone already on your Wi-Fi network might be able to intercept the video feed, provided the attacker knows how to spoof a digital server certificate.
We remember that's non something most people would need to worry near, unless they work for a defense contractor or another organisation having to practice with national security. If we were to give devices letter grades in security, nosotros'd give the Maximus Respond DualCam video doorbell an A-minus.
Source: https://www.tomsguide.com/news/maximus-answer-dualcam-video-doorbell-security-analysis
Posted by: burtdinar1938.blogspot.com
0 Response to "Exclusive: How safe is the Maximus Answer DualCam video doorbell?"
Post a Comment