Backdoor found in Hikvision cameras

Discussion in 'Hikvision' started by montecrypto, Mar 5, 2017.

Share This Page

  1. montecrypto

    montecrypto IPCT Contributor

    Joined:
    Apr 20, 2016
    Messages:
    104
    Likes Received:
    292
    There have been rumours... I would like to confirm that there is a backdoor in many popular Hikvision products that makes it possible to gain full admin access to the device.

    Hikvision gets two weeks to come forward, acknowledge, and explain why the backdoor is there and when it is going to be removed. I sent them an email. If nothing changes, I will publish all details on March 20th, along with the firmware that disables the backdoor.

    It would be wise to disconnect your cameras from the Internet.
     
  2. Securame

    Securame Pulling my weight

    Joined:
    Mar 25, 2014
    Messages:
    463
    Likes Received:
    118
    Location:
    Barcelona, Spain
    :facepalm:
    Ahhh well...
     
    giomania likes this.
  3. nayr

    nayr IPCT Contributor

    Joined:
    Jul 16, 2014
    Messages:
    9,350
    Likes Received:
    5,201
    Location:
    Denver, CO
    Obligatory
    [​IMG]
     
    giomania and adamrx7 like this.
  4. Kroegtijgertje

    Kroegtijgertje Getting the hang of it

    Joined:
    Nov 10, 2015
    Messages:
    119
    Likes Received:
    18
    Would be wise to disconnect my cam??
    Because today you tell us we have a backdoor??
    That backdoor has been present since the day I bought the cam, but never had a problem with it.
    So I will just continue using my cam, thank you! ;)
     
    giomania likes this.
  5. bp2008

    bp2008 Staff Member

    Joined:
    Mar 10, 2014
    Messages:
    7,719
    Likes Received:
    4,398
    In other words, see you on March 20th.

    This isn't the first backdoor and won't be the last. Best not to put Hikvision cameras online in the first place without proper protection. Such as a VPN, or at least some video management software that keeps the cameras secure while providing video access.
     
    giomania and alastairstevenson like this.
  6. ekaz

    ekaz Getting the hang of it

    Joined:
    Nov 4, 2015
    Messages:
    95
    Likes Received:
    25
    You mean I shouldn't have gotten static IPs for each of my cameras from my ISP? :D
     
    giomania likes this.
  7. fenderman

    fenderman Staff Member

    Joined:
    Mar 9, 2014
    Messages:
    27,867
    Likes Received:
    7,690
    That you know of...Also when he makes the exploit public anyone will be able to access your camera..Don't be blissfully ignorant..
     
    giomania, bitblit, mat200 and 3 others like this.
  8. alastairstevenson

    alastairstevenson Staff Member

    Joined:
    Oct 28, 2014
    Messages:
    9,727
    Likes Received:
    2,850
    Location:
    Scotland
    Just for info - @brk at ipvm.com has been putting together a story on this topic, having been provided with the recipe to demonstrate the backdoor(s) independently by a certain forum member.
    But apparently he's paused it for a similar story on Dahua backdoors.

    *edit* Check out this recent very high-level statement :
     
    giomania, dt-cam and fenderman like this.
  9. john-ipvm

    john-ipvm Known around here

    Joined:
    Oct 15, 2015
    Messages:
    185
    Likes Received:
    274
  10. alastairstevenson

    alastairstevenson Staff Member

    Joined:
    Oct 28, 2014
    Messages:
    9,727
    Likes Received:
    2,850
    Location:
    Scotland
    This isn't the 'zhimakaimen' access by any chance?
     
  11. Securame

    Securame Pulling my weight

    Joined:
    Mar 25, 2014
    Messages:
    463
    Likes Received:
    118
    Location:
    Barcelona, Spain
  12. john-ipvm

    john-ipvm Known around here

    Joined:
    Oct 15, 2015
    Messages:
    185
    Likes Received:
    274
    The PDF linked article
    The PDF Linked article works for me but another person said it did not work for them. I reuploaded it here https://ipvm-uploads.s3.amazonaws.com/uploads/d899/4a9a/Dahua-Cybersecurity-Bulletin-030617v2.pdf Let me know if that helps

    That statement was originally published here on IPVM on Saturday and is the precursor to out report / test 0-Day: Dahua Backdoor Generation 2 & 3
     
  13. Securame

    Securame Pulling my weight

    Joined:
    Mar 25, 2014
    Messages:
    463
    Likes Received:
    118
    Location:
    Barcelona, Spain
  14. nayr

    nayr IPCT Contributor

    Joined:
    Jul 16, 2014
    Messages:
    9,350
    Likes Received:
    5,201
    Location:
    Denver, CO
    Whats the C's in CCTV stand for? It sure in the hell dont mean hook it up to a global broadcasting system and hope for the best..

    VPN is the only way to go; none of these IP systems have ever been, nor ever will be secure enough for direct exposure to the full force of the internet.

    If you dont trust your LAN, then there are external ways to isolate these systems further.. they are black boxes your putting on your network, dont trust them ever.
     
  15. bp2008

    bp2008 Staff Member

    Joined:
    Mar 10, 2014
    Messages:
    7,719
    Likes Received:
    4,398
    I love how the guy "deleted" the backdoor script for Dahua on github.

    I looked at it, and sure enough, no authentication required to pull account info off a camera.
     
    whoslooking and nayr like this.
  16. richtj99

    richtj99 Young grasshopper

    Joined:
    May 11, 2016
    Messages:
    98
    Likes Received:
    8
    Do these cameras phone home to china? Or is it more that if the camera is sitting on a port forward, someone else can gain access easily?

    How can you scan the camera traffic to see if its going outside your network?
     
  17. Kroegtijgertje

    Kroegtijgertje Getting the hang of it

    Joined:
    Nov 10, 2015
    Messages:
    119
    Likes Received:
    18
    Kim Jong-Un is behind this complot theory.
    He's planning on taking over the world :p:D
     
  18. NVR

    NVR Getting the hang of it

    Joined:
    Apr 13, 2015
    Messages:
    291
    Likes Received:
    33
  19. NVR

    NVR Getting the hang of it

    Joined:
    Apr 13, 2015
    Messages:
    291
    Likes Received:
    33
  20. iTuneDVR

    iTuneDVR Getting the hang of it

    Joined:
    Aug 23, 2014
    Messages:
    357
    Likes Received:
    40
    Location:
    www.iTuneDVR.ru
    Hikvision
    Prev. was 7001 port to control IPC device without auth.
    For ex. add IPC to NVR POE port: change IP address without auth.

    Later they not listen it allways but .... ;)

    Dahua
    If shared media port 37777 to internet you can get from it without auth many interesting thing: account information name, hashed password (need brute), and etc....

    Many holes, a lot of vulnerabilitys
    Think that you buy or (and) use!
     
    mat200 likes this.