Wisenet X, P, Q, L Series Cameras

CYBER SECURITY PEN TEST REPORT

Contents: April 3rd, 2020 Introduction 1 INTRODUCTION Test Purpose 1 Hanwha Techwin have performed We believe this activity will make our Test Model 2 penetration test for our products through product more secure. We expect that Test Method 2 trusted third party white hacker who can disclosure of the processes and results make a professional diagnosis using of these activities to our customers will Summary of Findings 2 hacking tools and hacking techniques lead to their trust. Impact Assessment since long time ago. Criteria 3 Vulnerability Summary 4 About RaonSecurity 5 Grading Report 5 Notice 7 About S-CERT 7

TEST PURPOSE Penetration testing should be performed commitment to product security from a for a variety of reasons. customer perspective and provide trust that their private information and control Some of the common reasons why system will be protected securely on Hanwha Techwin as manufacturer operation. perform penetration tests include: Penetration testing allows manufacturers Penetration testing can prevent to proactively assess for emerging or vulnerabilities which can lead to serious newly discovered vulnerabilities that were personal information leakage due to the not known or have not yet been widely nature of surveillance equipment. published. Penetration testing can identify Simple penetration testing can be vulnerabilities inadvertently introduced integrated into the internal QA process of during development process, such as the Software Development Life Cycle to source code changes or platform prevent security bugs from entering into upgrade. production systems. Some relevant regulatory standards But, for more robust testing, it is good to require penetration tests are performed. be done with the help of a trusted third Penetration testing can demonstrate a party security organization.

PENETRATION TESTING REPORT Page 2 of 8

Newsletter Title

TEST MODEL

TEST MODEL / VERSION TEST SCOPE

 Wisenet X, P, Q, L Series Cameras  Device System: OS, Firmware, Binary, etc. (Total 182 models)  Device Built-In Service: / Firmware version before fixing WebViewer, RTSP, UPNP, etc.

 Other Scope: Hardware-based access channel (UART), etc.

TEST METHOD

Methodologies for Security Testing Testing Techniques

 Grey Box: Partial information is  Firmware / binary test: Memory given to the tester about the system, corruption, Memory leak, Denial of and it is a hybrid of white and black Service, Reverse engineering of box models. firmware, etc.

 OWASP IOT TOP10: Founded  Network test: Replay attack, vulnerabilities has classified Spoofing attack, Sniffing attack, etc. according to the OWASP Internet Of  Web application test: File Things TOP10 2018. download/upload, XSS/CSRF attack, Directory listing/traversal attack, HTTP header modification, etc. Test Tool for Security Testing  Encryption test: Cryptographic key  Vulnerability scan: Metasploit cracking, Decrypting cipher text,  Network scan : Nmap Inference of hashed plain text, etc.  Web App Testing : Burp Suite  Other test: Backdoor analysis, Hardware debug port access, Known  Reverse engineering: IDA Pro open-source vulnerability attack, etc.

SUMMARY OF FINDINGS

Summary of Identified Vulnerabilities. Total 7 unknown vulnerabilities have been found in Wisenet camera. Those vulnerabilities are same in each X, P, Q, L Series Camera model. The critical impact is one. The high impact is one. The middle impact is four. The low impact is one.

Page 3 of 8 PENETRATION TESTING REPORT

IMPACT ASSESSMENT CRITERIA

PENETRATION TESTING REPORT Page 4 of 8

Newsletter Title

VULNERABILITY SUMMARY

During the first assessment, RaonSecurity has classified Founded vulnerabilities have could cause buffer overflow, identified 7 unknown vulnerabilities according to the system authority access, crucial data expose, command OWASP Internet Of Things TOP10 2018*1. After injection etc. Fortunately, these vulnerabilities have been complementary work, RaonSecurity has performed unknown to the public due to our proactively penetration assessment one more time to confirm the original findings test. Hanwha Techwin has resolved all issues as releasing be cleared up. latest Firmware. We recommend customers always to use with Camera’s latest version for the security safe.

* 1) Reference sites: https://www.owasp.org/index.php/OWASP_Internet_of_Thi ngs_Project

Page 5 of 8 PENETRATION TESTING REPORT

TEST MODEL / FIXED VERSION

PENETRATION TESTING REPORT Page 6 of 8

Newsletter Title

ABOUT RAONSECURITY GRADING REPORT DEFCON (also written as DEFCON, The grade below is a representation of Defcon or DC) is one of the world's the Hanwha Techwin X, P, Q, L Series largest and most notable hacker Cameras (latest, post-remediation) conventions, held annually in Las Vegas, security posture. Nevada. RaonSecurity calculates grades with (https://en.wikipedia.org/wiki/DEF_CON, Level A based on each detailed https://www.defcon.org) assessment items. RaonSecurity attended at CTF of DEF Level A means that the proper protection CON 16 in 2008 with the name of against anticipated protection threats has Taekwon-V and was ranked 4th. been implemented in surveillance equipment, ensuring that the customer's (https://www.defcon.org/html/defcon- sensitive information is kept safe for 16/dc-16-contest-results.html) operation. RaonSecurity provides security solution development and penetration test consulting services and is an IT information security company that conducts various latest hacking techniques research and hacking competitions. RaonSecurity was ranked 1st at Wechall in 2018 and 1st at Noe.systems in 2019. Wechall and Noe.systems are the famous hacking challenge and problem solving sites in globally. (http://www.wechall.net/site/ranking/for/1/ WeChall, https://noe.systems/Rank) RaonSecurity has been providing consulting services to global companies such as Electronics, Hyundai motors, motors, SK Telecom etc.

131, GASAN DIGITAL 1-RO,

GEUMCHEON-GU, SEOUL, REPUBLIC OF KOREA

Page 7 of 8 PENETRATION TESTING REPORT

GRADING REPORT

Notice

Please refrain from asking the manufacturer for more information as it could be exploited like a known vulnerability. The results of this penetration test do not prove to be a flawless product without vulnerabilities, and are intended to create products with better security through trusted third parties.

13488 Hanwha Techwin R&D Please note that exploiting the vulnerability Center,6 Pangyoro 319-gil, information mentioned in this report or Bundang-gu, Seongnam-si, illegally accessing the operating system Gyeonggi-do can cause legal problems.

TEL 070.7147.8771-8 FAX 031.8018.3715 http://hanwha-security.com Our Business

Hanwha Techwin’s world class imaging We will continuously provide high technology is now applied to more diverse resolution, high performance and highly business areas including Access Control reliable premium security products and and Intruder Detection. achieve the social value of “safety and the comfort”. Our products play an important role for the safety and happiness of people by Hanwha Techwin will advance towards protecting cities, airports, seaports, becoming the world’s best total security industrial areas and military installations. solutions provider by offering a one-stop security solution, facilitating the global network, and continuously conducting research and development. About S-CERT…

Hanwha Techwin operates a security to lead the field of video surveillance, and vulnerability response team (S-CERT) to is also endeavoring to acquire various prevent illegal and unauthorized security security certifications to be recognized breaches from external sources, and to externally for the quality of the improved prevent internal security flaws. product. In order to improve the quality of product security, S-CERT pre-checks product security at product the development stage and conducts penetration testing periodically by specialized agencies. Furthermore, S-CERT is committed to developing a differentiated security solution