Turning Camera Surveillance on its Axis
Noam Moshe
DEF CON 33 · Day 2 · Main Stage
Noam Moshe, Team Lead and Lead Vulnerability Researcher at Claroty, presented an investigation into critical vulnerabilities in Axis Communications IP cameras — enterprise-grade surveillance equipment
AI review
Claroty's lead IoT vulnerability researcher reverse-engineers Axis Communications' proprietary Access Remoting protocol from scratch, discovers an authentication bypass chained with a stack buffer overflow, and demonstrates unauthenticated RCE against enterprise IP cameras — with a full network pivot to internal infrastructure as the demonstrated payload.