Hello, welcome to the Thursday, June 17th, 2021 edition of the Sansand-Stormsanders Stormcast. My name is Johannes

Ulrich. And today I'm recording from Jacksonville, Florida, and again virtually teaching in Paris, France.

And today we got another forensic quiz from Brad. Just like in prior months, there is a packet capture that you need to analyze.

Beyrshark being sort of the preferred tool here in order to participate.

But of course, you're free to use other tools if you would like to.

There are a number of questions that you need to answer. Submit your

answer, please, via our contact form, and we'll give away a Raspberry Pi again. Last month,

we had a little bit sort of a mad dash for people trying to be the first to submit, because we

sort of stated that the first correct submission will be the winner.

This time we sort of do a little pseudo-random drawing among the correct submissions,

so you don't necessarily have to be the first one.

And then we have yet another vulnerability in IP-based surveillance cameras.

The tricky part here is that the vulnerability is in a software development kit to implement

a P2P protocol in order to access the video stream from these cameras.

The vendor of the software development kit is through tech. However,

you are unlikely going to sort of see this labeled on the camera. This particular software

development kit is used by numerous different vendors. The vulnerability overall, well, I don't actually personally consider it that super critical,

even though it has a CVSS score of 9.1.

Essentially, the problem here is that video feeds are not encrypted.

They're just obfuscated.

So an attacker would be able to possibly view the video feeds if they can intercept the traffic.

There is a possibility to add TLS to these video feeds, and that's essentially the mitigation

...