Are Dahua and Hikvision cameras a security risk?

jeremylatz

Young grasshopper
Joined
Apr 22, 2018
Messages
40
Reaction score
10
Easily hackable and spied on?
 
Joined
Apr 26, 2016
Messages
1,090
Reaction score
852
Location
Colorado
In the age of "script kiddies" is there anything truly unhackable, new code (Nintendo Switch) and old things get hacked all the time? Security vulnerabilities are always being identified on tons of platforms, usually the general security arguments are "keep your stuff patched and updated" and "defense in depth" guidelines (like put your fully patched system behind a firewall, and put anti-virus and anti-malware software on it).

Pivot to the IP camera, black-box NVR, PTP Cameras (the stuff you can buy off the shelf at Best Buy), smart appliances and even consumer routers (which almost everyone in the world with an Internet connection has) and you start to see why these are ripe targets for bad actors:

  1. Some vendors don't provide patches or patch aggressively to address vulnerabilities for your <insert random internet-connected device here> ?
  2. How often would a typical consumer patch or update their <insert random internet-connected device here> even if the vendor provided those patches for free and regularly? A certain percentage of the population just wants to plug it in and have it work.
  3. there is typically very little effort required and potential for even financial gain for the bad actor to takeover your equipment. See https://hotforsecurity.bitdefender.com/blog/website-down-ddos-for-hire-site-webstresser-shut-by-crime-agencies-19802.html was just reading over lunch.
  4. Once they compromise one device inside your firewall, they can more easily scan for other vulnerable devices on your typical simple consumer network because they've reduced your layers of defense.
So YES Hikvision and Dahua cameras can be hacked easily, as can a mountain of other networked things. That's why if you look around the forums you'll see a LOT of guidance away from port-forwarding (allowing anyone on the internet to connect to your cameras) and network segregation strategies along with camera isolation strategies to prevent cameras themselves from "phoning home".
 

jeremylatz

Young grasshopper
Joined
Apr 22, 2018
Messages
40
Reaction score
10
In the age of "script kiddies" is there anything truly unhackable, new code (Nintendo Switch) and old things get hacked all the time? Security vulnerabilities are always being identified on tons of platforms, usually the general security arguments are "keep your stuff patched and updated" and "defense in depth" guidelines (like put your fully patched system behind a firewall, and put anti-virus and anti-malware software on it).

Pivot to the IP camera, black-box NVR, PTP Cameras (the stuff you can buy off the shelf at Best Buy), smart appliances and even consumer routers (which almost everyone in the world with an Internet connection has) and you start to see why these are ripe targets for bad actors:

  1. Some vendors don't provide patches or patch aggressively to address vulnerabilities for your <insert random internet-connected device here> ?
  2. How often would a typical consumer patch or update their <insert random internet-connected device here> even if the vendor provided those patches for free and regularly? A certain percentage of the population just wants to plug it in and have it work.
  3. there is typically very little effort required and potential for even financial gain for the bad actor to takeover your equipment. See https://hotforsecurity.bitdefender.com/blog/website-down-ddos-for-hire-site-webstresser-shut-by-crime-agencies-19802.html was just reading over lunch.
  4. Once they compromise one device inside your firewall, they can more easily scan for other vulnerable devices on your typical simple consumer network because they've reduced your layers of defense.
So YES Hikvision and Dahua cameras can be hacked easily, as can a mountain of other networked things. That's why if you look around the forums you'll see a LOT of guidance away from port-forwarding (allowing anyone on the internet to connect to your cameras) and network segregation strategies along with camera isolation strategies to prevent cameras themselves from "phoning home".
Thanks so much @crw030 - I'll have a search for those resources. You make excellent points.
 

tigerwillow1

Known around here
Joined
Jul 18, 2016
Messages
3,816
Reaction score
8,424
Location
USA, Oregon
I'm curious what the extent of the risks are. Is it just that somebody could get images off your camera and mess with its configuration? Or could it be something like the camera hacks into your PC and sends all your account numbers and passwords out, forwards audio from your smart TV's microphone, gives full access to your network, or anything along those lines.
 

mat200

IPCT Contributor
Joined
Jan 17, 2017
Messages
13,670
Reaction score
22,774
I'm curious what the extent of the risks are. Is it just that somebody could get images off your camera and mess with its configuration? Or could it be something like the camera hacks into your PC and sends all your account numbers and passwords out, forwards audio from your smart TV's microphone, gives full access to your network, or anything along those lines.
HI Tigerwillow

Yes - all those and more...

Think of your cameras like... working cars in a bad neighborhood full of delinquent teens who have time and energy to do whatever they want and there are no police around, only private security protecting some of the cars they are paid to protect ( as in not your car ).

Or think of your vacant house on a lot someplace where delinquents pass by... what could they use it for? A crack pad? drug den? brothel? vandalize it? a meth lab? ...

Your CPU / computer power and your internet connection is what is of significant value - just like a bank robber may want to steal your car to rob a bank, someone may want to harness the power of your cameras and internet connection to do similar in the cyber world.
 

Mr_D

Getting comfortable
Joined
Nov 17, 2017
Messages
596
Reaction score
527
Location
Southern California
I'm curious what the extent of the risks are. Is it just that somebody could get images off your camera and mess with its configuration? Or could it be something like the camera hacks into your PC and sends all your account numbers and passwords out, forwards audio from your smart TV's microphone, gives full access to your network, or anything along those lines.
There are two big issues. First, it gives potential attackers a beachhead on your network. "A man on the inside", so to speak. They can use the camera as a platform to probe the rest of your network. The second issue is that it can be conscripted into a botnet. So the next time you hear that some popular web site was overwhelmed by several terabits per second of junk traffic, taking it off the net, your camera or NVR may have played a role in that.

Another potential use for your camera, NVR, NAS, PC or whatever else they can find on your network would be to mine cryptocurrency. Your device runs hot, uses a lot of power, runs slowly, maybe eventually overheats and burns out, but of course that's not their problem.

This is why my cameras live on their own private network segment, unable to reach out to the Internet on their own and definitely not visible from the Internet.
 

SkyLake

Getting comfortable
Joined
Jul 30, 2016
Messages
358
Reaction score
301
Even the very well known but overpriced Europe brand, Axis or Bosch can be hacked.. Every brand could be hacked if badly configured and secured. The problem of being insecure mostly sits at the computerdesk ;)
 
Last edited:

TonyR

IPCT Contributor
Joined
Jul 15, 2014
Messages
16,451
Reaction score
38,164
Location
Alabama
So this 'Willie Howe' just posted this video on 8/2, bitches about paying IPVM any dues and yet @fenderman was able to tell all IPCT forum members about the Hikvision issue 5 months ago, here , as reported by IPVM?
 

keneil01

Getting the hang of it
Joined
Oct 22, 2017
Messages
46
Reaction score
29
Location
Norway
I have been watching this forum for several months an have learned a lot!! Where to by the cameras (Andy), type, placement, nvr vs BI (not yet there) and most important - Security.
As most people here, I have also placed my cameras and nvr behind its own vlan, and needs to be VPN to be reached. I love this forum, and have spent hours on searching trough old post.

My sharing of the YouTube clip was simply because I came over it...
 

TonyR

IPCT Contributor
Joined
Jul 15, 2014
Messages
16,451
Reaction score
38,164
Location
Alabama
My sharing of the YouTube clip was simply because I came over it...
Thanks for sharing!

Later on, when my plate isn't so full, I'd like to review his instructional videos re: networking. I would like so much to be able to point newbs to a place where they can quickly hear/see networking basics, essential to setting up & maintaining IP cams, NVR's, VPN's etc....even just their own PC's. It's not easy guiding someone through a process when a) they don't know basic terms and b) they don't know how to examine or change the IP of their PC.

It's not their fault in most cases, they just never needed to know or had no reason to "get into it." If they're on this forum, they do now. :cool:
 
Last edited:
Top