Is it Really that Bad? Exploring IoT Camera Security
Internet of Things devices are becoming increasingly common in our lives and in our homes. Connected sensors and controls are inexpensive and popular to buy online and in stores. Their sleek plastic shells promise a well designed package, but these devices can harbor surprising secrets. With a 4-star rating from hundreds of reviewers on Amazon, a slick mobile app, and $99 price tag, the Reolink Argus 2 wireless camera seems to tick all the boxes for a savvy shopper. I bought one to use in my home, but after hearing horror stories about IoT devices I decided to open it up to see how it worked, and to investigate if the software was respecting my privacy and security. This talk will share my discoveries in reverse engineering this device and explore the the implications of their design decisions. I'll go through contacting the vendor and trying to responsibly disclose my discoveries. I'll also share the resources that I've discovered and written to fix the security problems and make it a useful, more secure device.