Remember the movies where the bad guys replace the security guards video feed with a fake one showing an endless loop of nothing? Security researches have just figured out how to do this on a AXIS 2100 Surveillance Camera. This is a popular camera that can be remotly controlled – and viewed over the web.
“This hack (.pdf) works by combining a few vulnerabilities in how the camera’s accompanying software accepts input — a type of security hole known as cross site scripting, or XSS.
…From there the attacker can simply change the HTML on the camera viewing page to secretly point the playback screen to another video file — one that can even be hosted on another web site.”
The trick is to get the administrator to check the logs which could easily be done by sending a flood of traffic to the camera causing a temporary denial of service to the camera. You can view the entire hack here. Full article is below.