Wednesday, February 15, 2012

Trendnet Security Issues, Updated Firmware & SSH / Dropbear

So, it seems that after several years of these cameras being on the market it appears there are some very basic security holes. To be honest I am not surprised, these cameras are *very* budget and so given that I was using them to watch over the little one I didn't expose them on the internet but have used a cracking piece of software zoneminder to host and record the video when I want to access it outside of the homestead.

However, in an effort to at least try and make them more secure, I have enabled telnet and inserted the boot script to version 1.1.1.74 of the firmware which was released by Trendnet as a result of  the excellent work done by Console Cowboys; you can download the new and improved firmware here. The upgrade procedure released by Trendnet suggests that you need to first install 1.1.0.67 before upgrade which can be found here.

Whilst we are talking about security, if you are concerned about telnet being open, I suggest you turn it off in the startup scripts on USB or SMB. You can then use dropbear to have ssh connectivity if you still want the command line as below:

I have also compiled dropbear with its associated support files (dbclient, dropbearkey and scp); it take a little bit of effort to get this running as you need to copy the libutil.so.0 into the lib directory, generate the keys and add users to the device. As user management is not included in the base busybox provided I have also compiled a more complete version. All these files can found here, I'll add more complete instructions to automate this when I get some time.