Backdoor found in Hikvision cameras

montecrypto

IPCT Contributor
Joined
Apr 20, 2016
Messages
104
Reaction score
304
There have been rumours... I would like to confirm that there is a backdoor in many popular Hikvision products that makes it possible to gain full admin access to the device.

Hikvision gets two weeks to come forward, acknowledge, and explain why the backdoor is there and when it is going to be removed. I sent them an email. If nothing changes, I will publish all details on March 20th, along with the firmware that disables the backdoor.

It would be wise to disconnect your cameras from the Internet.
 

Kroegtijgertje

Getting the hang of it
Joined
Nov 10, 2015
Messages
119
Reaction score
20
Would be wise to disconnect my cam??
Because today you tell us we have a backdoor??
That backdoor has been present since the day I bought the cam, but never had a problem with it.
So I will just continue using my cam, thank you! ;)
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,656
Reaction score
13,984
Location
USA
I sent them an email. If nothing changes, I will publish all details on March 20th, along with the firmware that disables the backdoor.
In other words, see you on March 20th.

This isn't the first backdoor and won't be the last. Best not to put Hikvision cameras online in the first place without proper protection. Such as a VPN, or at least some video management software that keeps the cameras secure while providing video access.
 

ekaz

Getting the hang of it
Joined
Nov 4, 2015
Messages
95
Reaction score
26
You mean I shouldn't have gotten static IPs for each of my cameras from my ISP? :D
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,896
Reaction score
21,247
Would be wise to disconnect my cam??
Because today you tell us we have a backdoor??
That backdoor has been present since the day I bought the cam, but never had a problem with it.
So I will just continue using my cam, thank you! ;)
That you know of...Also when he makes the exploit public anyone will be able to access your camera..Don't be blissfully ignorant..
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,905
Reaction score
6,757
Location
Scotland
Just for info - @brk at ipvm.com has been putting together a story on this topic, having been provided with the recipe to demonstrate the backdoor(s) independently by a certain forum member.
But apparently he's paused it for a similar story on Dahua backdoors.

*edit* Check out this recent very high-level statement :
check out the Hikvision Pledges No Backdoors post, you can use this link: Hikvision Pledges 'Never' 'Backdoors'
 

john-ipvm

Known around here
Joined
Oct 15, 2015
Messages
420
Reaction score
674
The PDF linked article
John,
The PDF linked on the article does not work, do you have a copy of the PDF?
The PDF Linked article works for me but another person said it did not work for them. I reuploaded it here https://ipvm-uploads.s3.amazonaws.com/uploads/d899/4a9a/Dahua-Cybersecurity-Bulletin-030617v2.pdf Let me know if that helps

That statement was originally published here on IPVM on Saturday and is the precursor to out report / test 0-Day: Dahua Backdoor Generation 2 & 3
 

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,329
Reaction score
5,324
Location
Denver, CO
Whats the C's in CCTV stand for? It sure in the hell dont mean hook it up to a global broadcasting system and hope for the best..

VPN is the only way to go; none of these IP systems have ever been, nor ever will be secure enough for direct exposure to the full force of the internet.

If you dont trust your LAN, then there are external ways to isolate these systems further.. they are black boxes your putting on your network, dont trust them ever.
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,656
Reaction score
13,984
Location
USA
I love how the guy "deleted" the backdoor script for Dahua on github.

I looked at it, and sure enough, no authentication required to pull account info off a camera.
 

richtj99

Getting the hang of it
Joined
May 11, 2016
Messages
163
Reaction score
17
Do these cameras phone home to china? Or is it more that if the camera is sitting on a port forward, someone else can gain access easily?

How can you scan the camera traffic to see if its going outside your network?
 

Kroegtijgertje

Getting the hang of it
Joined
Nov 10, 2015
Messages
119
Reaction score
20
Kim Jong-Un is behind this complot theory.
He's planning on taking over the world :p:D
 

iTuneDVR

Pulling my weight
Joined
Aug 23, 2014
Messages
846
Reaction score
153
Location
Россия
Hikvision
Prev. was 7001 port to control IPC device without auth.
For ex. add IPC to NVR POE port: change IP address without auth.

Later they not listen it allways but .... ;)

Dahua
If shared media port 37777 to internet you can get from it without auth many interesting thing: account information name, hashed password (need brute), and etc....

Many holes, a lot of vulnerabilitys
Think that you buy or (and) use!
 
Top