In this episode of the podcast, host Paul Roberts connects with Noam Moshe, a lead vulnerability researcher at the firm Claroty about critical vulnerabilities he discovered in Axis IP cameras – a fixture of large corporations and sensitive government agencies. Discover how attackers could hijack entire fleets of cameras, manipulate video feeds, and pivot into sensitive networks—and what organizations must do to defend against these IoT and cyber-physical system threats.







[Video Podcast] | [MP3] | [Transcript]















One of the notable “cyber” trends we’ve seen the last decade is the broadening landscape of cyber attacks. Malicious campaigns these days target not just Windows workstations and conventional IT infrastructure like application servers and networking infrastructure – but a diverse and growing population of “Internet of Things” devices that are deployed in homes, businesses, critical infrastructure and more.







The incident that brought this change to light was, of course, the Mirai botnet back in 2016 (read SL’s coverage of that attack). That saw broadband routers and other devices enlisted in a massive botnet that helped take down DNS provider DYN, resulting in massive outages. More recently, hacking crews such as the China-backed actors Volt Typhoon have aggressively targeted IoT devices like end of life broadband routers and IP cameras to build out attack platforms like the KV-Botnet, which have then been used to conduct both disruptive and espionage focused campaigns against telecommunications networks and critical infrastructure.







A popular target in those Volt Typhoon campaigns: Axis IP cameras – commercial grade devices manufactured by a Sweden-based Axis Communications: a key supplier of IP cameras to western governments and economies that have grown wary of buying hardware from Chinese firms.







Why Axis? In this podcast interview recorded at this year’s Black Hat Briefings in Las Vegas, Nevada, I speak with Noam Moshe, a lead vulnerability researcher at Claroty Inc and the lead for Claroty’s Team 82.







Noam Moshe, Claroty Team 82





In this conversation, Noam and I discuss findings from research he did on Axis IP cameras and that he presented at Black Hat. That included serious vulnerabilities discovered in a proprietary Axis communication protocol. Noam and I also discuss the implications of “black box” IoT devices and the security risks lurking in their software for organizations and the broader cybersecurity landscape.







Phish where the fish are







Noam told me his research into Axis IP cameras was inspired by their prevalence in sensitive environments and the significant impact that exploited vulnerabilities have had in the past. Axis, a leading brand in IP cameras and video surveillance, sees extensive use due to international restrictions on Chinese devices. As a result, Axis’s dominance in the market makes it a vital subject for security research.







Noam’s approach involved examining heavily used Axis devices for vulnerabilities that malicious actors could exploit. As part of their research, Noam and his team uncovered significant vulnerabilities in the Axis .remoting protocol,