5

Context: Hole Punching is one of NAT traversal techniques. It was first designed for P2P applications where the two peers are both behind the NAT. In the context of IoT, this technique is implemented by some connected IP cameras to allow users to control their devices remotely through an intermediary cloud server (figure).

enter image description here

Source of the figure.

Question: What are flaws or vulnerabilities in this technique that a hacker may exploit to remotely attack an IoT deployment (e.g., Smart Home)

Houcine Amraoui
  • 153
  • 5

1 Answers1

2

Cloud based team viewer or similar solutions to remotely control a camera have risk of

  • how do you decipher a legitimate remote user and a malicious hacker with a stolen password logging in?
  • the cloud provider themselves could be comprised or have a vulnerability that gives an attacker access to your internal network.

More important thoughts are

  • do you have logging of every time it's remotely accessed?
  • is your camera segmented off so that even if an attacker remotely logs in they can't do damage to the core part of your network?
  • do you have 2FA/MFA required in the remote access cloud account so you can't be breached by a simple stolen password?
Glorfindel
  • 2,235
  • 6
  • 18
  • 30
neonprimetime security
  • 936
  • 4
  • 15