From Remote Code Execution to Persistent Backdoor in TP-Link TL-SC3130G Wireless 2-Way Audio Surveillance Camera
Before getting started today I want to explain the difference between a remote code execution vulnerability and a manufacturers backdoor.
Google’s definition of a backdoor is : “The rear door of a building.”;
A more precise definition is : “A feature or defect of a computer system that allows surreptitious unauthorised access to data”.
Manufacturers of Modems, Cameras, Light-switches, Set-top-boxes, and Mobile Phones and countless IOT devices leave back-doors in their products as a way for them to at any-point fix issues if something goes wrong with their products.
In a perfect word manufacturers would develop software that does its job and does it well; But software isn’t such a simple world- In order for manufacturers to create all these cool new gadgets; developers will develop software to fit the technical requirements until a solution and a product is available and implemented-
Sweet your camera is a camera your modem is a modem.
But we’re in 2020 now, and we’ve found that developers sometimes don’t implement perfect software, hence the argument for ‘backdoors’ to manage the devices, so that if something goes wrong: (your…