Critical flaws found in Amcrest security cameras - Amcrest Hid info for 18 months

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
"As the 2017 date on the CVEs makes clear, Amcrest has known about these flaws for least 18 months or more. It offered updated firmware a few months ago but delayed telling owners about the security aspect of its purpose in order to “give users time to update.”

Critical flaws found in Amcrest security cameras
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
The first allows an unauthenticated attacker to discover the camera’s admin credentials stored in clear text, facilitating a takeover of the device and, presumably including locking legitimate users out of the UI. Worryingly:

Based on cursory analysis of other Amcrest products, this might be prevalent in all the Amcrest IP cameras and also other Amcrest products.
Ouch!
 

Ssayer

BIT Beta Team
Joined
Jan 5, 2016
Messages
19,578
Reaction score
70,727
Location
SE Michigan USA
Add another of a zillion reasons to not allow your cams to be accessible from the net, eh?
 

Chris TT

Young grasshopper
Joined
Apr 25, 2017
Messages
39
Reaction score
1
Is there a way to test if your cameras can access the internet? I've placed mine on a blacklist in the router... But I would like to see if that is effective. And yes in my blue iris system I do have Amcrest cams
 

mikeynags

Known around here
Joined
Mar 14, 2017
Messages
1,034
Reaction score
939
Location
CT
Is there a way to test if your cameras can access the internet? I've placed mine on a blacklist in the router... But I would like to see if that is effective. And yes in my blue iris system I do have Amcrest cams
Chris - if you have a default gateway configured (barring any other security device) those cams have access to the internet. You’ll typically see NTP traffic but the Amcrest are notorious for calling home even when you shut every option off in the Web GUI it will still attempt connections out.


Sent from my iPhone using Tapatalk
 

Chris TT

Young grasshopper
Joined
Apr 25, 2017
Messages
39
Reaction score
1
Thanks. Will removing the gateways cause any other issues? I imagine I should still be able to access the cams for adjustments on their native UIs.
 

mikeynags

Known around here
Joined
Mar 14, 2017
Messages
1,034
Reaction score
939
Location
CT
Thanks. Will removing the gateways cause any other issues? I imagine I should still be able to access the cams for adjustments on their native UIs.
Other than time drift potentially being an issue, I don't see any other issues unless you view your cameras remotely by connecting directly to them - which is not a good idea.
 

Chris TT

Young grasshopper
Joined
Apr 25, 2017
Messages
39
Reaction score
1
OK will test. I don't connect directly to cams. I do see some timedrift, so i'm hoping the router blacklisting was working all along. Network is behind a VPN. Also need to look into a local time server... seen references to that as as solution.

The camera UI is forcing a Gateway address of the same segment, what do you recommend?
I put the same address as the camera IP to try one
 
Last edited:

mikeynags

Known around here
Joined
Mar 14, 2017
Messages
1,034
Reaction score
939
Location
CT
OK will test. I don't connect directly to cams. I do see some timedrift, so i'm hoping the router blacklisting was working all along. Network is behind a VPN. Also need to look into a local time server... seen references to that as as solution.

The camera UI is forcing a Gateway address of the same segment, what do you recommend?
I put the same address as the camera IP to try one
How is the camera setup to obtain an IP? Is it set to automatic/DHCP? You may be able to change it to manual and set it to the current IP address and subnet mask and leave the default gateway blank.
 

Chris TT

Young grasshopper
Joined
Apr 25, 2017
Messages
39
Reaction score
1
Hi, the cameras have reserved ip addresses outside DHCP range.
The camera's UI is set to STATIC IP. it's forcing a gateway of same segment. Can't leave it blank.
I'm thinking though a gateway circular reference to it's own ip would sufficiently block access to internet.... i hope.
 

looney2ns

IPCT Contributor
Joined
Sep 25, 2016
Messages
15,521
Reaction score
22,657
Location
Evansville, In. USA
OK will test. I don't connect directly to cams. I do see some timedrift, so i'm hoping the router blacklisting was working all along. Network is behind a VPN. Also need to look into a local time server... seen references to that as as solution.

The camera UI is forcing a Gateway address of the same segment, what do you recommend?
I put the same address as the camera IP to try one
NetTime - Network Time Synchronization Tool
 

Ssayer

BIT Beta Team
Joined
Jan 5, 2016
Messages
19,578
Reaction score
70,727
Location
SE Michigan USA
Thanks, this keeps the bi server time updated. How do i pass this to the cams for their native time/date to remain updated?
On some cams i use the native cam software to provide date/time, instead of blueiris
? This turns your BI machine into an NTP server. You set your cameras up via their setups to look to your BI machine instead of one of the internet NTP servers...
 

Arjun

Known around here
Joined
Feb 26, 2017
Messages
9,015
Reaction score
11,032
Location
USA
If IP camera companies want to sell their products, they'll need enclose disclaimers as well as full-blown manuals to the less tech-savvy showing them the do's and don'ts and a brief overview of VLAN configuration, VPN's, avoiding Cloud 9 and so on and so forth :facepalm:
 

mikeynags

Known around here
Joined
Mar 14, 2017
Messages
1,034
Reaction score
939
Location
CT
Here is another new CVE from a few weeks back (CVE-2019-3948) - listed in this Forbes article on the eavesdropping risk. They specifically call out Amcrest cameras in the article. I tested this on the couple of Amcrest cams I own and I can indeed reproduce the issues. The cameras like the 5231s and 5241s I purchased though Andy do not exhibit the issue at all.
 

Arjun

Known around here
Joined
Feb 26, 2017
Messages
9,015
Reaction score
11,032
Location
USA
If its Dahua or Hikvision they all exhibit the same problem, you need to disable port forwarding, P2P, and anything that communicates in and out of the network. Use your own VPN; also utilize VLAN's. Cliff Notes should be bookmarked
 

mikeynags

Known around here
Joined
Mar 14, 2017
Messages
1,034
Reaction score
939
Location
CT
The article specifically referenced Davis cameras. I didn’t try my him cameras. Will have to give that a try as well.


Sent from my iPhone using Tapatalk
 

mikeynags

Known around here
Joined
Mar 14, 2017
Messages
1,034
Reaction score
939
Location
CT
Update: Tested 2 of my HikVision cameras. Both were not susceptible to this vulnerability. Could be the way the code is written - it may be more Dahua specific.
 
Top