## https://sploitus.com/exploit?id=AB707FD0-10EC-5832-AA12-0BAE5D134247
# IoT Firmware Reverse Engineering — IoT Camera Security
**University at Albany | Sep 2024 – Nov 2024**
## What is this project?
Firmware is the software that runs permanently inside a device like a security camera, router, or smart doorbell. In this project I extracted the firmware from an IoT security camera and analyzed it to find hidden security vulnerabilities. This is called reverse engineering — working backwards from a finished product to understand how it works and where it can be attacked.
## How did I do it?
I used a tool called Binwalk to extract and unpack the firmware file system from the binary image. I used IDA Pro to analyze the compiled binary code and trace how the software handles user input and system calls. I used Wireshark to capture the actual network traffic the device was generating while running, to check if any sensitive data was being sent without protection.
## What vulnerabilities did I find?
I found five real vulnerabilities. The most critical was a Command Injection flaw mapped to CWE-78 — the device passed user input directly into system commands without any checking, allowing an attacker to run any command they want on the device. The device was also running an outdated Linux kernel with the DirtyCOW vulnerability (CVE-2016-5195) which lets any user gain full administrator control through a race condition exploit. The login system was weak and easy to bypass (CWE-287). The device had Telnet enabled and was sending passwords in plain text visible to anyone on the network (CWE-319). The factory default settings had never been changed after deployment (CWE-1188).
## What did I recommend?
I recommended patching the kernel to remove DirtyCOW, disabling Telnet and enforcing SSH with key-based authentication, sanitizing all user inputs to prevent command injection, replacing default credentials, and encrypting all communications using TLS.
## Tools I used
Binwalk · IDA Pro · Wireshark
## Skills this shows
Firmware analysis · Reverse engineering · Static binary analysis · Dynamic network traffic analysis · CVE and CWE research · IoT security · Vulnerability report writing · Malware analysis techniques