Matthew Garrett, a well-known developer of the Linux kernel, who at one time received an award from the Free Software Foundation for his contribution to the development of free software, to problems with the reliability of CCTV cameras connected to the network via Wi-Fi. After analyzing the operation of the Ring Video Doorbell 2 camera installed in his house, Matthew came to the conclusion that attackers can easily disrupt video broadcasting by carrying out a long-known attack to deauthenticate wireless devices, usually used in on WPA2 to reset the client connection when it is necessary to capture a sequence of packets when establishing a connection.
Wireless security cameras usually do not use the standard by default. to encrypt service packets and process control packets coming from the access point in clear text. An attacker can use spoofing to generate a stream of fake control packets that initiate a break in the connection between the client and the access point. Typically, such packets are used by the access point to disconnect the client in case of overload or authentication failure, but an attacker can use them to disrupt the network connection of a surveillance camera.
Since the camera broadcasts video for storage in the cloud storage or on a local server, and also sends notifications to the ownerβs smartphone via the network, the attack can prevent the storage of video with the image of an intruder and the transmission of notifications about the intrusion into the premises. The MAC address of the camera can be calculated by monitoring the traffic on the wireless network using and selecting devices with known camera manufacturer IDs. After that, using you can arrange a cyclic sending of deautunification packets. With such a flow, the camera connection will be immediately reset after the next authentication is completed and sending data from the camera will be blocked. A similar attack is applicable to all kinds of motion sensors and alarms connected via Wi-Fi.
Source: opennet.ru