Is to fake an KP_Return event (based on anĪnd we can connect with whichever client, stream a live video or download all Unfortunately, this dialog is running on a wide-open X server, so all we need Smart and added a user confirmation dialog to the camera UI, to prevent remote
Unencrypted access point named AP_SSC_NX300_0-XX:XX:XX (where XX:XX:XX Two of the on-camera apps ( MobileLink, Remote Viewfinder) open an Wow! They know where I live! At least they do not transmit any unique identifiers with the query.Īnd gets redirected to an XML document with the ChangeLog. X-ConnMan-Client-City: # (my actual city) Obtained from the IP) in the headers: X-ConnMan-Status: online Returns an empty document, but has your location data (apparently When the camera goes online, it performs a firmware version check.Īccept: application/x-shockwave-flash, application/vnd.ms-excel, */* It! But besides displaying stuff on the camera the fun seems very limited:Ī short investigation using xev outlines that the physical keys on theĬamera body are bound to X11 key events as follows: On/Off Nope! This is really an unprotected X server! It is runningĮnlightenment! And we can even run apps on HDMI1 disconnected (normal left inverted right x axis y for i in $(xdotool search '.') do xdotool getwindowname $i doneĭefaulting to search window name, class, and classname LVDS1 connected 480x800+0+0 (normal left inverted right x axis y axis) 480mm x 800mm Wait, what? X11 as an open service? Could that be true? For sure it isĪccess-locked via TCP to prevent abuse? DISPLAY=nx300:0 DISPLAY=nx300:0 xrandr Remote Viewfinder mode, the camera also opens 7679/tcp. Play and MobileLink modes, 7676/tcp is opened in addition. This scan was performed while the "E-Mail" application was open. No exact OS matches for host (If you know what OS is running on it, see ). Offered by performing a port scan: megavolt:~# nmap -sS -O nx300 Regular client with some open services, like DLNA. You can configure the NX300 to enter your WiFi network, it will behave like a Nerd, you might end up with a camera stuck redirecting you to a hardcore The deployed tag supports permanent write-locking, so if you know a prankster This wasĬonfirmed by replacing the tag content with an URL. Web browser, merely by touching it with an NFC-enabled smartphone.
Rewriting its tag to download some evil app, or to open nasty links in your The tag is writable, so a malicious user can easily "hack" your camera by NFC TagĬreated by NXP, which is pre-programmed with an NDEF message to download andįrom Google Play, and to inform the app about the access point name providedīy this individual camera: Type: MIME: application/ The findings in this blog posts are based on firmware version 1.31.
0 kommentar(er)
