Webcams » History » Version 1
Karsten, 11/11/2014 03:28 PM
| 1 | 1 | Karsten | h1. Webcams |
|---|---|---|---|
| 2 | |||
| 3 | h2. Disassembled devices |
||
| 4 | |||
| 5 | h3. Cheap SpeedLink Reflect LED Webcam |
||
| 6 | |||
| 7 | * EtronTech eSP268A7, no external flash/eeprom |
||
| 8 | * http://www.etron.com/en/products/webcam_detial.php?Product_ID=3 |
||
| 9 | Embedded 8051 with 32KB mask ROM and 2KB SRAM |
||
| 10 | * http://wenku.baidu.com/view/b5b6a2c25fbfc77da269b15b.html |
||
| 11 | => Would be vulnerable if it had an external SPI Flash, but the particular webcam has none |
||
| 12 | => %{color:green}Most likely not vulnerable% |
||
| 13 | |||
| 14 | h3. Creative Labs Live! Cam Sync HD Model VFO770 |
||
| 15 | |||
| 16 | * RTS5822 with PM25LD512 SPI Flash (64 KiB) |
||
| 17 | * http://www.realtek.com.tw/products/productsView.aspx?Langid=1&PNid=30&PFid=43&Level=4&Conn=3&ProdID=346 |
||
| 18 | The RTS5822 supports an internal MCU program ROM, external NOR-Flash interface, and external Serial-Flash interface. With the external Serial-Flash interface, the internal program ROM can be fully replaced and the control firmware can be easily accessed via the USB link. |
||
| 19 | * Chip can be used with internal ROM only |
||
| 20 | * Hacking the firmware probably allows disabling the recording LED (but this may also be possible by hacking the driver only) |
||
| 21 | * We could dump the flash contents to check the firmware |
||
| 22 | * Particular webcam has an SPI flash |
||
| 23 | => %{color:red}most likely vulnerable%. |