Hikvision camera resets ITSELF to factory default twice!

avoid

Young grasshopper
Joined
Sep 1, 2014
Messages
37
Reaction score
0
I want to ask these cameras that are constantly resetting / working for about 20 minutes and resume again reset to default/ is it possible to have injected them installed a script that turns them to a bot-net that will keep them constantly are crashed.
 

normel

Getting the hang of it
Joined
Dec 1, 2014
Messages
288
Reaction score
22
Hi .
alastairstevenson.. i really appreciate how you take the time to write all information..i first thought its like copy paste.. but no,, all personal information. Is this your work ? you getting paid for this ? :)
I can understand that people are against port forwarding, and sure it is not the safest way, which should be avoided.. But what are the most important tips you guys can give , to avoid this kind of things to happen again ( when it is neccessary to do port forwarding )..
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,779
Location
Scotland
but no,, all personal information. Is this your work ? you getting paid for this ?
Yes, and definitely no, and no wish to be either.
But what are the most important tips you guys can give
Just remember that the internet is a hostile environment to expose your devices to, and that everything is connected so it's not just affecting the device allowed out into the world wild web.
And think hard about the value of your data and what would be the consequence if either :
a) It vanished
b) It was exposed to the world.
 

Defender666

Getting the hang of it
Joined
Dec 19, 2015
Messages
193
Reaction score
25
Is the process to hack R0 also applied on NVR? No one did post any information how to hack NVR
 

avoid

Young grasshopper
Joined
Sep 1, 2014
Messages
37
Reaction score
0
Does anyone know where I can download old firmware for example 5.3.0 because it can not be updated directly from 5.1.0 or 5.2.3 to 5.4.41 and from 5.3.0 to 5.4.41 it is updated without problem / for Chinese versions of cameras R0 nad R2/.
 

avoid

Young grasshopper
Joined
Sep 1, 2014
Messages
37
Reaction score
0
my current firmware in Chinese cameras is 5.2.3, 5.3.0 and 5.1.0 my idea is update firmware to ultimate firmware 5.4.41 to secure my cameas from hack atacks.
I updated the cameras to 5.4.41 wich have current firmware 5.3.0 to 5.4.41 without problem, but these wich firmware 5.2.3. nad 5.1.0 can not be updated to 5.4.41 /I think because I first need to update to 5.3.0 first because it gives me a error, or this error is is another cause I do not know/.
Can it be updated directly through the UI in the camera from 5.2.3 or 5.1.0 to 5.3.0 ?
 
Last edited:

Defender666

Getting the hang of it
Joined
Dec 19, 2015
Messages
193
Reaction score
25
read my post.

Also if they are chinese you need to apply MTD hack
 

avoid

Young grasshopper
Joined
Sep 1, 2014
Messages
37
Reaction score
0
Excuse me my friend if I do not understand something, but I do not want to make downgrade the firmware but UPGRADE it to the latest secure version of my Chinese cameras. It does not matter if the interface language is Chinese or English because they are connected to another brand NVR.
Please explain to me if you had anything else in mind and I did not understand you please read carefully my post above.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Excuse me my friend if I do not understand something, but I do not want to make downgrade the firmware but UPGRADE it to the latest secure version of my Chinese cameras. It does not matter if the interface language is Chinese or English because they are connected to another brand NVR.
Please explain to me if you had anything else in mind and I did not understand you please read carefully my post above.
This is why people like you should not be buying these hacked china cams...you have no idea what you are doing...no you will suffer through this aggravation...
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,779
Location
Scotland
The temporary downgrade requirement is linked to the method of permanently converting the camera from Chinese to English. If the language conversion is not needed then the downgrade is not required.
But most people do need the language conversion. Chinese cameras will not connect to a Hikvision NVR, for example, as they complain of a language mismatch.
 

normel

Getting the hang of it
Joined
Dec 1, 2014
Messages
288
Reaction score
22
Seems like he doesnt care the language mismatch. As he wrote,,probable he is going to connect the cameras to another brand NVR, by using onvif.
 

normel

Getting the hang of it
Joined
Dec 1, 2014
Messages
288
Reaction score
22
As far as i have seen, some infected camera's are gone back to inactive status, some have got an out of range ip adres like 192.0.0.
And some even not showing in Sadp tool, which i think is the worsest scnenarioo
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,779
Location
Scotland
And some even not showing in Sadp tool, which i think is the worsest scnenarioo
It would not be good if this backdoor exploit is being used in a brickerbot.
I'm almost tempted to set up a honeypot to see what's being attempted - but I think I'll leave that to others, I've plenty of other things to explore.
 

avoid

Young grasshopper
Joined
Sep 1, 2014
Messages
37
Reaction score
0
Does anyone know the meaning of the letters B, C, T etc on the hinge and the camera, because when I look for a firmware for somebody my model comes out, for example, for the Chinese model DS-2CD3310D / three firmware depending on the letter of the package or the camera / has a firmware that does not have a specific letter.
How can I find out which firmware is for my DS-2CD3310D camera if the camera label is deleted or no have?
海康威视是全球领先的以视频为核心的物联网解决方案提供商
 

ndstate

Young grasshopper
Joined
Nov 5, 2015
Messages
96
Reaction score
24
So let me get this straight. My Hik camera reset itself twice in the past week. Apparently it set up its own port forwarding via UPNP (I confirmed it was turned on in the camera and I looked on my router and it had ports forwarded to the camera... WTF). So UPNP was turned on by default, it configured my router to forward ports to the Hik and some hacker was getting in and resetting the Hik?

Why were they resetting it? Why TF is this turned on by default? I feel like a bad network admin for not noticing this before.
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,779
Location
Scotland
Apparently it set up its own port forwarding via UPNP (I confirmed it was turned on in the camera and I looked on my router and it had ports forwarded to the camera... WTF).
If UPnP is on by default, it's pretty old firmware in the camera, which also means it's susceptible to the recently-publicly-disclosed 'Hikvision backdoor'.
Backdoor found in Hikvision cameras
And it also mean that you have UPnP enabled on your router, allowing any device on the LAN to mess with port forwarding.
It may be worth doing a full port scan with ShieldsUp! GRC | ShieldsUP! — Internet Vulnerability Profiling  
 

ndstate

Young grasshopper
Joined
Nov 5, 2015
Messages
96
Reaction score
24
If UPnP is on by default, it's pretty old firmware in the camera, which also means it's susceptible to the recently-publicly-disclosed 'Hikvision backdoor'.
Backdoor found in Hikvision cameras
And it also mean that you have UPnP enabled on your router, allowing any device on the LAN to mess with port forwarding.
It may be worth doing a full port scan with ShieldsUp! GRC | ShieldsUP! — Internet Vulnerability Profiling
Thanks for the response, it was a DS-2CD2042WD-I running V5.4.1 build 160525. I am working on upgrading it right now. I disabled UPnP on my router. Running ShieldsUp on my Blue Iris server shows everything as stealth. On my Ubuntu laptop I am seeing 20, 21, 22 as closed, not stealth.

The only port forwarding I have been doing via my router has been some ports to my Synology. I am also going to go in and ensure none of my cameras have access to the internet.
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,007
Location
USA
So let me get this straight. My Hik camera reset itself twice in the past week. Apparently it set up its own port forwarding via UPNP (I confirmed it was turned on in the camera and I looked on my router and it had ports forwarded to the camera... WTF). So UPNP was turned on by default, it configured my router to forward ports to the Hik and some hacker was getting in and resetting the Hik?

Why were they resetting it? Why TF is this turned on by default? I feel like a bad network admin for not noticing this before.
Be glad they only reset the camera (and hope they didn't install infected firmware too). Maybe the attacker decided a reset, which might take the camera off the internet, was better than inserting a warning message into the camera's text overlay and leaving it online (where it would be vulnerable to worse attacks). Look at me, assuming a guy who hacks cameras for fun really has your best interests at heart.

As for why camera manufacturers have UPnP on by default, I don't think anyone knows. Nobody knows to look for an open port they didn't set up themselves.
 
Top