2042WD Hacked

T

Todger66

n3wb
Oct 16, 2017
6
0
Hi folks,

My camera (2CD 2042WD-I20) got hacked today with the telltale dimming and 'HACKED' name replacement.

It's connected up to my Synology NAS for recording. Petrified to think of what they've accessed till I got a neighbour round to pull the plug on my internet. Really nervous about being online again now. (Any suggestions of things to do to mitigate/ensure no lingering threat?)

I've seen posts about the back door hack, but that seems to be about the 2032.

I'm on firmware 5.3.8 build 151224. Is it 5.5.0_170725 that I need?

My other camera, a 2342 seems unscathed. It did have a much better password.. and firmware 5.4.5 build 170124.

Am assuming This firmware (if correct one) should also be applied to my other camera?

Any help greatfull appreciated!

Thanks,
Andy
 
Lesson one : never expose a camera directly on Internet, welcome to the world.
 
search "vpn for noobs" or "vpn primer" thread to learn how to protect your camera access so you can reach it in a secure way from Internet
 
Thanks. Annoyingly, I recently got openvpn set up, now I need to learn how to close all the doors I may have opened in the past, including on the synology.

I managed to successfully update the firmware on both cameras, so does that mean I've now locked that entrance point?
 
Based on information posted on the dark web (e.g DeepPaste) it sounds like a wide range of DVRs and IP cameras are being targeted. If you don't have a firmware that's newer than April 2017 your camera or DVR will be vulnerable to being reset, reconfigured or bricked. As Dodutils said welcome to the Internet in 2017.
 
Last edited by a moderator:
BertCCTV said:
Based on information posted on the dark web (e.g DeepPaste) it sounds like a wide range of DVRs and IP cameras are being targeted. If you don't have a firmware that's newer than April 2017 your camera or DVR will be vulnerable to being reset, reconfigured or bricked. As Dodutils said welcome to the Internet in 2017.
Click to expand...

Thanks. Really interesting post.

All the more frustrating as I’d set up vpn, just hadn’t disconnected any of the internet accesses to devices... any idea how to do this to a nest thermostat, as it just refuses to work unless it can reach the internet - how safe is that?! Not to mention our new ovens! Maybe the reason I can never acess the buggers when I want to switch one on so it’s hot by the time I get in late from work is someone’s pissing about with them?!

Anyway, unplugged the cameras and did firmwares updates (router, synology NAS etc) and passwords updated and strengthened, but still can’t help but feel there’s a presence.

Is there any way of knowing? Or do I just have to hope I was lucky that a ‘friendly’ hacker opened my eyes to the vulnerability by dimming my camera and changing its name to ‘hacked’?
 
Todger66 said:
Thanks. Really interesting post.

All the more frustrating as I’d set up vpn, just hadn’t disconnected any of the internet accesses to devices... any idea how to do this to a nest thermostat, as it just refuses to work unless it can reach the internet - how safe is that?! Not to mention our new ovens! Maybe the reason I can never acess the buggers when I want to switch one on so it’s hot by the time I get in late from work is someone’s pissing about with them?!

Anyway, unplugged the cameras and did firmwares updates (router, synology NAS etc) and passwords updated and strengthened, but still can’t help but feel there’s a presence.

Is there any way of knowing? Or do I just have to hope I was lucky that a ‘friendly’ hacker opened my eyes to the vulnerability by dimming my camera and changing its name to ‘hacked’?
Click to expand...
The best thing to do with nest and other iot devices is to simply set them to connect to guest networks (or if your router supports it, vlan)...
 
Interestingly, your troubles have provided a nice test of the new 5.4.5 firmware. Seems the hackers had little difficulty breaking into the camera with 5.3.8 firmware but couldn’t get into the one with 5.4.5 firmware even though it was on the same network and equally exposed.

Nonetheless, I echo the other views here that no cameras should not be exposed directly to the internet and to use a VPN for offsite access. It is also a good idea, as stated, to put all of your “iOT” things using your WiFi network onto the guest network, making sure they have no access to your intranet. Finally, I’m upgrading my switches to managed switches and plan to segregate all my my wired devices using VLANs. My thermostat may need to talk to the internet but it doesn’t need to have access to my computers.
 
  • Like
Reactions: Todger66
You must log in or register to reply here.
Top Bottom