Work Camera Hacked

b0wie

n3wb
Joined
May 6, 2019
Messages
2
Reaction score
2
Location
london
We have an ipcam at work and when we checked it today it had been hacked into, The camera name was changed and there is a big red box in the middle of the screen. The name can be changed back but I don't know how to remove the red box, does anyone know how to do this?. It is in the saved video feed. I was hoping not to have to factory reset it because I am not tech savvy and had a friend set it up for me a while back. Thanks for any help.
 
Last edited:

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
Have you tried power-cycling the camera to see if the red box goes away?
If you are lucky, the changes may not be permanent.

If the red box persists, the easiest next step would be to re-install the same version of firmware that's installed.
Though there is no guarantee that would be effective, easy enough to try.

Can you put up a screenshot of the system info page?
 

Walrus

Getting comfortable
Joined
Nov 19, 2018
Messages
593
Reaction score
449
Location
Ontario
@b0wie
Possibly look for a privacy mask setting somewhere, could be on the overlay tab.

Most cams have this option for where you are required to mask out public areas (eg not allowed to record the street or your neighbours house/yard).
 

mat200

IPCT Contributor
Joined
Jan 17, 2017
Messages
13,660
Reaction score
22,752
We have an ipcam at work and when we checked it today it had been hacked into, The camera name was changed and there is a big red box in the middle of the screen. The name can be changed back but I don't know how to remove the red box, does anyone know how to do this?. It is in the saved video feed. I was hoping not to have to factory reset it because I am not tech savvy and had a friend set it up for me a while back. Thanks for any help. ..
Welcome @b0wie

Is the camera exposed to the internet? ( connected to the internet ).

If it is, you're going to want to secure your network because it will get cyberjacked again.
 

tangent

IPCT Contributor
Joined
May 12, 2016
Messages
4,339
Reaction score
3,521
I'd agree that the red boxes are likely privacy masking. The text on the image is going to be changed by a setting for overlay or channel caption / title. Both of these settings are likely to survive a reboot. Hopefully, you're lucky and this was more of a prank to alert you to the vulnerability than something truly malicious. The next hacker may not be so kind.

The bigger question is how did they get access to the camera and how can you secure it?
- If you forwarded ports in your router to the camera you should stop doing that and find a more secure method of accessing the camera.
- If UPnP is enabled on your router, disable it. UPnP allows devices on your network to automatically set up port forwarding.
- Disable P2P type services for remote access to the camera. I can't be certain, but from the screenshot you posted, I think this camera may be affected by a recent vulnerability in the P2P service used in some cameras.
- Delete any extra user accounts that have been added, change your password to something random and long
- Make sure DDNS settings weren't added to the camera
- Prevent things like guest wifi from being able to access the cameras
 
Last edited:

RyanODan

IPCT Vendor
Joined
Mar 10, 2014
Messages
626
Reaction score
266
Location
Tulsa
I'd agree that the red boxes are likely privacy masking. The text on the image is going to be changed by a setting for overlay or channel caption / title. Both of these settings are likely to survive a reboot. Hopefully, you're lucky and this was more of a prank to alert you to the vulnerability than something truly malicious. The next hacker may not be so kind.

The bigger question is how did they get access to the camera and how can you secure it?
- If you forwarded ports in your router to the camera you should stop doing that and find a more secure method of accessing the camera.
- If UPnP is enabled on your router, disable it. UPnP allows devices on your network to automatically set up port forwarding.
- Disable P2P type services for remote access to the camera. I can't be certain, but from the screenshot you posted, I think this camera my be affected by a recent vulnerability in the P2P service used in some cameras.
- Delete any extra user accounts that have been added, change your password
- Make sure DDNS settings weren't added to the camera
- Prevent things like guest wifi from being able to access the cameras
Has there been a CVE issued for this? "a recent vulnerability in the P2P service used in some cameras."
 

jon2

Pulling my weight
Joined
Sep 9, 2018
Messages
232
Reaction score
238
Location
uk
Hi this looks like a camera i used to have..
it is a privacy window they is different colours you can use. it's easy to take away you have 2 choices.
1 go to settings at the top it will be near monitor. select Advanced settings it might sat video shade click on that it should bring another window up. were you can block a view or unblock. untick anything that is ticked and tick apply that should clear the window.
2 you can do a factory reset. again in settings go to System and select Initialize here you can either reboot or factory reset.
hope this helps,,
 

b0wie

n3wb
Joined
May 6, 2019
Messages
2
Reaction score
2
Location
london
Hey guys, thanks for the help, it was what jon2 suggested, I finally removed it, I will be alot more careful from now on,thanks again!
 

mat200

IPCT Contributor
Joined
Jan 17, 2017
Messages
13,660
Reaction score
22,752
Hey guys, thanks for the help, it was what jon2 suggested, I finally removed it, I will be alot more careful from now on,thanks again!
Hi @b0wie

I would recommend doing a good anti-malware scan now on all computers connected to that LAN, you never know if the attack hit other machines at this point.
 

tangent

IPCT Contributor
Joined
May 12, 2016
Messages
4,339
Reaction score
3,521
Hi @b0wie

I would recommend doing a good anti-malware scan now on all computers connected to that LAN, you never know if the attack hit other machines at this point.
It works the other direction too, a compromised computer could lead to a hacked camera or other device.
 
Top