https://binreaper.pages.dev/tags/ghidra/ Recent content in Ghidra on binreaper Hugo en-us Fri, 13 Mar 2026 00:00:00 +0000 https://binreaper.pages.dev/posts/2026-03-13-born-insecure/ Fri, 13 Mar 2026 00:00:00 +0000 https://binreaper.pages.dev/posts/2026-03-13-born-insecure/ <p>I spent several weeks analyzing the firmware and cloud communication protocol of a popular consumer WiFi camera line. Seven firmware images across six models spanning five years of production — from late 2019 through November 2024.</p> <p>What I found wasn&rsquo;t the kind of vulnerability that gets introduced by a bad commit or fixed in a patch Tuesday. These are architectural decisions made early in the product&rsquo;s life that propagated unchanged across every model, every revision, every year. Shared cryptographic keys with trivially guessable passphrases. A plaintext cloud signaling channel with no integrity protection. An internal command execution daemon that pipes unsanitized input straight into <code>system()</code>.</p>