2042WD Hacked

Todger66 · Oct 16, 2017

Hi folks,

My camera (2CD 2042WD-I20) got hacked today with the telltale dimming and 'HACKED' name replacement.

It's connected up to my Synology NAS for recording. Petrified to think of what they've accessed till I got a neighbour round to pull the plug on my internet. Really nervous about being online again now. (Any suggestions of things to do to mitigate/ensure no lingering threat?)

I've seen posts about the back door hack, but that seems to be about the 2032.

I'm on firmware 5.3.8 build 151224. Is it 5.5.0_170725 that I need?

My other camera, a 2342 seems unscathed. It did have a much better password.. and firmware 5.4.5 build 170124.

Am assuming This firmware (if correct one) should also be applied to my other camera?

Any help greatfull appreciated!

Thanks,
Andy

Dodutils · Oct 16, 2017

Lesson one : never expose a camera directly on Internet, welcome to the world.

Todger66 · Oct 16, 2017

Lesson learned the hard way.

Dodutils · Oct 17, 2017

search "vpn for noobs" or "vpn primer" thread to learn how to protect your camera access so you can reach it in a secure way from Internet

Todger66 · Oct 17, 2017

Thanks. Annoyingly, I recently got openvpn set up, now I need to learn how to close all the doors I may have opened in the past, including on the synology.

I managed to successfully update the firmware on both cameras, so does that mean I've now locked that entrance point?

Dodutils · Oct 17, 2017

it mean this specific backdoor has been sealed it do not mean you are safe

BertCCTV · Oct 17, 2017

Based on information posted on the dark web (e.g DeepPaste) it sounds like a wide range of DVRs and IP cameras are being targeted. If you don't have a firmware that's newer than April 2017 your camera or DVR will be vulnerable to being reset, reconfigured or bricked. As Dodutils said welcome to the Internet in 2017.

Todger66 · Oct 17, 2017

BertCCTV said:
Based on information posted on the dark web (e.g DeepPaste) it sounds like a wide range of DVRs and IP cameras are being targeted. If you don't have a firmware that's newer than April 2017 your camera or DVR will be vulnerable to being reset, reconfigured or bricked. As Dodutils said welcome to the Internet in 2017.

Thanks. Really interesting post.

All the more frustrating as I’d set up vpn, just hadn’t disconnected any of the internet accesses to devices... any idea how to do this to a nest thermostat, as it just refuses to work unless it can reach the internet - how safe is that?! Not to mention our new ovens! Maybe the reason I can never acess the buggers when I want to switch one on so it’s hot by the time I get in late from work is someone’s pissing about with them?!

Anyway, unplugged the cameras and did firmwares updates (router, synology NAS etc) and passwords updated and strengthened, but still can’t help but feel there’s a presence.

Is there any way of knowing? Or do I just have to hope I was lucky that a ‘friendly’ hacker opened my eyes to the vulnerability by dimming my camera and changing its name to ‘hacked’?

fenderman · Oct 17, 2017

Todger66 said:
Thanks. Really interesting post.

All the more frustrating as I’d set up vpn, just hadn’t disconnected any of the internet accesses to devices... any idea how to do this to a nest thermostat, as it just refuses to work unless it can reach the internet - how safe is that?! Not to mention our new ovens! Maybe the reason I can never acess the buggers when I want to switch one on so it’s hot by the time I get in late from work is someone’s pissing about with them?!

Anyway, unplugged the cameras and did firmwares updates (router, synology NAS etc) and passwords updated and strengthened, but still can’t help but feel there’s a presence.

Is there any way of knowing? Or do I just have to hope I was lucky that a ‘friendly’ hacker opened my eyes to the vulnerability by dimming my camera and changing its name to ‘hacked’?

The best thing to do with nest and other iot devices is to simply set them to connect to guest networks (or if your router supports it, vlan)...

Todger66 · Oct 17, 2017

fenderman said:
The best thing to do with nest and other iot devices is to simply set them to connect to guest networks (or if your router supports it, vlan)...

Genius, I hadn’t thought of the guest network! Vlan is a bit beyond my capabilities

Todger66 · Oct 17, 2017

fenderman said:
The best thing to do with nest and other iot devices is to simply set them to connect to guest networks (or if your router supports it, vlan)...

Ps, any thoughts on the ‘whether they left any malware etc’ concerns?
Thanks so much

fenderman · Oct 17, 2017

Todger66 said:
Ps, any thoughts on the ‘whether they left any malware etc’ concerns?
Thanks so much

very unlikely...

mjb · Oct 19, 2017

Interestingly, your troubles have provided a nice test of the new 5.4.5 firmware. Seems the hackers had little difficulty breaking into the camera with 5.3.8 firmware but couldn’t get into the one with 5.4.5 firmware even though it was on the same network and equally exposed.

Nonetheless, I echo the other views here that no cameras should not be exposed directly to the internet and to use a VPN for offsite access. It is also a good idea, as stated, to put all of your “iOT” things using your WiFi network onto the guest network, making sure they have no access to your intranet. Finally, I’m upgrading my switches to managed switches and plan to segregate all my my wired devices using VLANs. My thermostat may need to talk to the internet but it doesn’t need to have access to my computers.

Search

2042WD Hacked

Todger66

n3wb

Dodutils

Pulling my weight

Todger66

n3wb

Dodutils

Pulling my weight

Todger66

n3wb

Dodutils

Pulling my weight

BertCCTV

n3wb

Todger66

n3wb

fenderman

Todger66

n3wb

Todger66

n3wb

fenderman

mjb

Young grasshopper