Video equipment, video processing, video technology
Full disclosure: 0day vulnerability (backdoor) in firmware for Xiaongmai-based DVRs, NVRs and IP cameras
This is a full disclosure of recent backdoor integrated into DVR/NVR devices built on top of HiSilicon SoC with Xiaongmai firmware. Described vulnerability allows attacker to gain root shell access and full control of device. Full disclosure format for this report has been chosen due to lack of trust to vendor. Proof of concept code is presented below.
Publish and Play
There exist two main functions of WebRTC operation on the server side in the field of streaming video: publishing and playing. In the case of publishing, the video stream is captured from the web camera and moves from the browser to the server. In the case of playing, the stream moves in the opposite direction, from the server to the browser, is decoded and played in the browser’s HTML5
<video> element on the device’s screen.
Video conferencing systems, so familiar to us today, have come a long way — more than a hundred years passed from fantastic ideas inspired by belief in unstoppable technical progress to the first mass implementation of video conferencing systems. A lot of dramatic events have come along the way. The way to success wasn’t easy at all.
Video surveillance has long been used to solve various problems. In the 1950s and '60s, these were analog closed video surveillance systems, the name CCTV (closed circuit television) reveals the meaning of the concept.