NVR4108-4KS Recordings Paused by Thieves

aabs

Getting the hang of it
Joined
Mar 19, 2017
Messages
101
Reaction score
32
Location
UK
As per the title of the thread. Today the police knocked on my door to view footage of a robbery which had taken place in a neighbours property.
However when I went to view the footage both the cameras that had that area covered had been paused recording whilst the crime took place.

Went into the events log and saw that my system had been logged into at that time but HOW ?

I have a VPN running and I have changed the NVR default passwords to the admin account and the 88888 account.

Starlight cameras also have no gateway address for not internet facing.
NVR4108-4KS firmware 3.215.000000.3

Eager to find out where my vulnerability is and how this has happened if anyone can help.

A few screen shots attached, hope someone can help me plug my security flaw.
 

Attachments

redfive

Pulling my weight
Joined
Apr 13, 2016
Messages
509
Reaction score
205
What about the details, of the logs ? And there is something other ? The recordings seem stopped around 2:46 AM
 

aabs

Getting the hang of it
Joined
Mar 19, 2017
Messages
101
Reaction score
32
Location
UK
Hi Redfive,
Yeah the robbery took place at 2:46. My system was rebooted at 03:02
Can't figure out all cameras paused at 2:46 followed by a reboot.
Maintenance reboot is disabled and I've check other random dates and no pauses in any other night time monitors.
 

Attachments

Last edited:

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,006
Location
USA
I wonder if that could have been automatic maintenance of some kind on the NVR. Since your log doesn't show any events for an hour leading up to the reboot it is hard to say what happened. Does the details button show anything for the shutdown/reboot and later events to suggest what may have triggered it?

You should check on UPnP and port forwarding features as noted here: How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk

I'd also recommend preventing the cameras and NVR from having internet access at all, and when you need remote access use only a VPN.

There's also the possibility that something else simply failed on the NVR at exactly the wrong time and that nothing related to the failure got logged.
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
That does seem like an amazing coincidence - and way too sophisticated for normal smash-and-grab burglars.
But just in case - you can check the extent of external access using a service such as ShieldsUp! GRC | ShieldsUP! — Internet Vulnerability Profiling  
Use the 'All service ports' scan, not the UPnP scan, in the first instance.
 

aabs

Getting the hang of it
Joined
Mar 19, 2017
Messages
101
Reaction score
32
Location
UK
That does seem like an amazing coincidence - and way too sophisticated for normal smash-and-grab burglars.
But just in case - you can check the extent of external access using a service such as ShieldsUp! GRC | ShieldsUP! — Internet Vulnerability Profiling
Use the 'All service ports' scan, not the UPnP scan, in the first instance.
Yeah the police did mention that it was a very organised gang taking prestigious vehicles in the area. I have no doubt that they have somehow disabled my system. I'm eager to find out how as I've followed all advise on here in the past. E.g. VPN, no wifi cameras and no gateways apart from NVR which is needed for my remote viewing.

Done the port scan and all Green
 

Attachments

redfive

Pulling my weight
Joined
Apr 13, 2016
Messages
509
Reaction score
205
The shutdown seems at 03:01:33, and then rebooted (like a power outage), the strange thing is that the recordings were stopped before, without any logs about this ...
 

aabs

Getting the hang of it
Joined
Mar 19, 2017
Messages
101
Reaction score
32
Location
UK
No the power being switched off would of triggered my property burglar alarm and would of been obvious as all the AV equipment/clocks and other gadgets would all be flashing displays.
Also no further information in the details of who rebooted the system.
 

aabs

Getting the hang of it
Joined
Mar 19, 2017
Messages
101
Reaction score
32
Location
UK
The shutdown seems at 03:01:33, and then rebooted (like a power outage), the strange thing is that the recordings were stopped before, without any logs about this ...
Yeah this completely fits in as the vehicle was taken at 2:50 and picked up on a police APR camera at 3:10 a 2 miles away.
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
Done the port scan and all Green
Yes, looks good.
Though remember it's only service ports.
Maybe also do a custom port scan on the higher ports that the NVR uses.

I have no doubt that they have somehow disabled my system.
That would be pretty stunning.
Can you ask the Police if they are aware of any similar situations where CCTV has been disabled?
That would be very newsworthy, in my view.
 

redfive

Pulling my weight
Joined
Apr 13, 2016
Messages
509
Reaction score
205
Do you have a wifi around from which you can access the NVR/cams ?
 

aabs

Getting the hang of it
Joined
Mar 19, 2017
Messages
101
Reaction score
32
Location
UK
Do you have a wifi around from which you can access the NVR/cams ?
I have a guest wifi which has no access to LAN and password protected.
I have my wifi which does have access to LAN and is also password protected.
Reason for guest wifi is for visitors so I don't give access to my LAN.
I'm a dam more careful than most !!
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
So that's not an NVR with PoE ports (I'm unfamiliar with Dahua kit).
Do the cameras and NVR connect on a switch, ie not through switch ports on your router?
 

looney2ns

IPCT Contributor
Joined
Sep 25, 2016
Messages
15,521
Reaction score
22,657
Location
Evansville, In. USA
I have a guest wifi which has no access to LAN and password protected.
I have my wifi which does have access to LAN and is also password protected.
Reason for guest wifi is for visitors so I don't give access to my LAN.
I'm a dam more careful than most !!
How strong are the passwords for your wifi? What encryption are you using for your WiFi?
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
Do the cameras and NVR connect on a switch, ie not through switch ports on your router?
I'm thinking if they are capable enough to be using one of those relays / boosters for breaking into keyless cars, there could also be a WiFi disruptor aimed at the many that use WiFi cameras - that could give the router/AP a hard enough time that it doesn't pay enough attention to the router switch ports, to the detriment of any traffic though them.
If the normal camera traffic passes through them.
Pure unfounded speculation of course.
 

aabs

Getting the hang of it
Joined
Mar 19, 2017
Messages
101
Reaction score
32
Location
UK
Did you check the logs on your router and/or wifi system ?
Wifi logs on router don't go back far enough only 10 hours or so due to the amount of activity.
I have tried a telnet session but get no connection, don't know if it support sssh
Totally at a loss how they have got in but when things emerge such as SHODAN did it might make a little more sense as the crooks always seam to be a step ahead with tech vulnerabilities.

With reference to the last post, at least and I will now enable DOS attacks.
 
Top