Backdoor found in Hikvision cameras

d3sentryGunZ · Sep 21, 2017

YES, too many jerks. And NO, I'm not leaving, because there are always good people that try to aport something and can help. And if you felt touched, it's not my fault. I've never written specifically that you are a jerk.

fenderman · Sep 21, 2017

d3sentryGunZ said:
YES, too many jerks. And NO, I'm not leaving, because there are always good people that try to aport something and can help. And if you felt touched, it's not my fault. I've never written specifically that you are a jerk.

So learn something and stop being a defensive ungrateful prick...

Tolting Colt Acres · Sep 21, 2017

d3sentryGunZ said:
Why don't you read who called idiot first? He's the guy that calls other people idiots just for not having the same knowledge. If you are going to judge, first read page 7. Too many jerks on this forum.

Fenderman can come across like a jerk, sure. But, it's only because he practices "tough love". The truth hurts sometimes. But, he loves you. And, because he loves you, he will tell you the truth. Sometimes, we do not want to hear the truth, so we feel all butthurt by it. However, deep down inside, know from that butthurt is a buttload of fenderlove.

mjb · Sep 21, 2017

Fascinating discussion

All I know is that my attention to the dialogue in this topic has led me to improve significantly the security associated with my 40 Hikvision cameras. Because of information I have learned here I have updated firmware, removed all port forwarding in favor of a VPN and installed a VLAN structure in my network.

To all those who contribute such information, I say simply "thanks."

fenderman · Sep 21, 2017

Here is a nice video by www.ipvm.com showing how easy it is to implement this exploit...

Carcus · Sep 24, 2017

How do you find clients go using the system with an app and having to connect to a VPN using there mobile devices?

pbc · Sep 24, 2017

I'm curious (and now that I've removed port forwarding, setup a VPN, and updated all my Hiks...hopefully relatively safe!), I viewed the video above. But if someone wanted to get into my specific cameras, how would someone know how to access my camera in the first place? I.e., wouldn't they need my DNS address or something?

bp2008 · Sep 24, 2017

Updating the firmware is no longer necessary for security if you don't have any ports forwarded and access only through a VPN.

If they wanted to get in, they'd try to connect to your IP address on all the possible ports. The common ports in particular (like port 80) get hit many times a day across basically every address in the entire IPv4 internet. The less common ports are tried less often, but still often enough.

pbc · Sep 25, 2017

Ah, so they would have to know my specific external IP address? E. G., not the usual 192.168.0.1.xx sort of thing.

bp2008 · Sep 25, 2017

Yes, 192.168.x.x is a private range, not used on the public internet. Like I said, everything on the internet gets scanned many times a day for various vulnerabilities and your IP address is no exception.

hikahikahika · Oct 2, 2017

some one try to decrypt config file?

"Configuration backup files, unfortunately, contain usernames and plain-text passwords for all configured users. While
the files are encrypted, the encryption is easily reversible, because Hikvision chose to use a static encryption key,
which is derived from the password "abcdefg". Other Hikvision products have similarly weak encryption mechanisms."

Buggah · Oct 23, 2017

I'm wondering, my cams are only accessable on "server port" ie 8000. Is this hack also working on this interface?

Mike A. · Oct 23, 2017

Buggah said:
I'm wondering, my cams are only accessable on "server port" ie 8000. Is this hack also working on this interface?

If that port is open to Internet traffic, then yes. An open port is an open port. There's not anything special about port 8000. It's only being called a "server port" by wherever you got that because there's a server/listening device installed behind it.

Buggah · Oct 23, 2017

So this exploit also works on other services than just the http service?

(btw 'Server port' is what Hikvision calls it the configuration interface)

Mike A. · Oct 23, 2017

Buggah said:
So this exploit also works on other services than just the http service?

(btw 'Server port' is what Hikvision calls it the configuration interface)

Not sure. The specific exploit discussed here is to the underlying HikCGI protocol used. Don't know whether that's limited only to authentication via http. I wouldn't trust it myself but I don't trust anything about these cams and similar IoT devices. If it's not subject to this specific vulnerability, then it probably will be to another.

sandamal · Oct 26, 2017

Ok, here is some intersting links about russian kids and exploit
/Web-мастера/ - Проверка видеорегистраторов и IP камер Hikvision на простые пароли

Проверка видеорегистраторов и IP камер Hikvision на простые пароли - В этом треде проверяем видеорегистраторы и IP камеры Hikvision на простые пароли. О найденных проблемах сообщаем их владельцам. Для этого нам понадобятся блоки IP http://www.iwik.org/ipcountry/ или —
Архивач

montecrypto · Oct 26, 2017

sandamal said:
Ok, here is some intersting links about russian kids and exploit

Fascinating. You seem to have discovered (accidentally, of course - I understand) a den of russian voyeuristic perverts who collaboratively use camera vulnerabilities to exercise their hand and arm muscles. It was very thoughtful of them to choose .hk domain for their home. Well, it was expected and the interpipes delivered. The other thing that was predicted and is yet to be discovered was a massive botnet. The clock is likely ticking.

I think the best way for Hikvision to demonstrate responsibility in this situation is to release patched EN firmware for all their CN and re-branded cameras and run a massive PR campaign urging users to upgrade.

alastairstevenson · Oct 26, 2017

montecrypto said:
I think the best way for Hikvision to demonstrate responsibility in this situation is to release patched EN firmware for all their CN and re-branded cameras and run a massive PR campaign urging users to upgrade.

That of course would be the responsible thing to do.
But, somehow, that seems to be the antithesis of how they behave.
It's such a pity, as the products are actually very good. But the way they treat their small customers is appallingly bad.

Tolting Colt Acres · Oct 26, 2017

montecrypto said:
I think the best way for Hikvision to demonstrate responsibility in this situation is to release patched EN firmware for all their CN and re-branded cameras and run a massive PR campaign urging users to upgrade.

You are more.likely to look out your window and see this...

TechDadHere · Oct 26, 2017

BI works pretty well with our Hikvision. I actually deleted the Hik's software and used BI alone. pretty great this side.

Search

Backdoor found in Hikvision cameras

d3sentryGunZ

n3wb

fenderman

Tolting Colt Acres

Pulling my weight

mjb

Young grasshopper

fenderman

Carcus

Getting the hang of it

pbc

Getting comfortable

bp2008

pbc

Getting comfortable

bp2008

hikahikahika

n3wb

Buggah

Young grasshopper

Mike A.

Known around here

Buggah

Young grasshopper

Mike A.

Known around here

sandamal

n3wb

Attachments

montecrypto

alastairstevenson

Tolting Colt Acres

Pulling my weight

TechDadHere

n3wb