Backdoor found in Hikvision cameras

fenderman said:
show me where hikvision has notified dealers and end users of this exploit, its missing from their press release pages...
Click to expand...
True, but to be fair, they did put some public announcements on their security notices, somewhat downplayed, and not much viewed :
Hangzhou Hikvision Digital Technology Co. Ltd.
Hangzhou Hikvision Digital Technology Co. Ltd.
How much they communicated down the reseller chain we don't know.
 
  • Like
Reactions: fenderman
Sorry, What? Me using this to hack cameras? I didnt have to use this, because i didnt need to.
Let me clarify something that many of you dont understand.
All of you got NOTHING about this public announcment.

Because of that treatment of bugholes, manufacturers has to complicate things. Say what you want. Think what you want BUT:
1. 2 years ago you didnt gave to ask HikVision for password reset tool.
2. Many of you could dig into camera by telnet or SSH without a problem
3. Many of you bought Chineese cheaper cameras on Alibaba and they worked.
3.5 You could upload Eng soft to Chinnese camera to get EN support.
4. There was no limitation of software modification (that i do, not to hack cameras btw).
5. You got SDK APi for free, you could implement it straight away.
6. You could change firmware by upgrade or downgrade without any help.

Now what you have:
1. You need Hik assistance when you forget password
2. Hikvision first disabled telnet and later added PSH and later removed SSH access completly
(many of you asked me to prepare firmware with SSH enabled btw....)
3. You still buy Chinnese cameras but without upgrade procedure possible
4. Hikvision added RSA signature to prevent software modification
5. SDK i partly closed to the public without NDA
6. You cannot downgrade firmware because of a lock-down

Because of same work in Dahua - they added Dahua Protected Shell and RSA signatures to FW so soon you will not be able to change firmware at all.
In example Ubiquity two weeks ago added RSA signature to their firmwares because some idiot published a bug and someone used it to infect thousands of devices before they were able to fix the hole.

Finally all this makes camera more closed, more closed-source and sooner or later - maybe even more expensive.

Think about me as a someone who "hack cameras" - that's great. But dont ever ask me for help like i did before. That's not fair.
 
  • Like
Reactions: ovexi and cuongphoenix
Speed666 said:
Think about me as a someone who "hack cameras" - that's great. But dont ever ask me for help like i did before. That's not fair.
Click to expand...

Sorry if I'm being unfair, but how useful is your help exactly if you found this bug 2 years ago and couldn't get Hikvision to fix it? It's a serious bug and the sooner vulnerable units are updated the better. Montecristo did the right thing by forcing Hikvision to improve the security of this product.
 
Jesus christ fenderman - how someone with a minimal knowledge and a TPLink for 20USD as a router will get a VPN?
 
Speed666 said:
Jesus christ fenderman - how someone with a minimal knowledge and a TPLink for 20USD as a router will get a VPN?
Click to expand...
They will buy a 50 dollar router and hire someone, the same way they hire someone to install their alarm system, door locks, or repair their car...I dont understand the question..
 
Last edited:
  • Like
Reactions: Tolting Colt Acres and TonyR
Speed666 said:
Jesus christ fenderman - how someone with a minimal knowledge and a TPLink for 20USD as a router will get a VPN?
Click to expand...
@Speed666, so you're upset that 'simple' folks will suffer the ill effects from the revelation of the Hik Hak and shouldn't have to strain to obtain a VPN, am I right?
Why are you not upset with Hik that after 2 years of ignoring the issue that their knee jerk reaction has its own repercussions? Why is everyone else at fault here and you're the only one wearing a white hat?

Let me ask this simple question: Did your white hat tell you to keep the hack to yourself for TWO FRICKIN' YEARS ???
 
  • Like
Reactions: Tolting Colt Acres and fenderman
fenderman said:
Yes, he is...now he knows...same as someone leaving their key under their front door mat...
Click to expand...

Sorry but you are the idiot here. First of all everywhere on the net you can find that people use port fortward to access a camera via ivms.

Second of all, who the hell would hack a simple user that uses a camera to watch the door entrance , it is not a BANK, nor a mansion, it is a damn small house.

Third of all instead of blaming the noob users like me, why don't you help them instead to be such a dramatic? as I am sure you are a super professional and one of the best installers and IT out there; why don't you help people how to solve this problem, that after all, it's a HIKVISION problem?
 
  • Like
Reactions: bpratt
d3sentryGunZ said:
Second of all, who the hell would hack a simple user that uses a camera to watch the door entrance , it is not a BANK, nor a mansion, it is a damn small house.
Click to expand...
It's likely been an automated activity.
It's done quite a lot to make use of your device and communications facility to create 'botnets' to perform malicious tasks over the internet, such as scanning for specific types of targets, Distributed Denial Of Service attacks, lots of forms of malicious activity.
The human only comes into play to process the found list.
d3sentryGunZ said:
it is not a BANK, nor a mansion, it is a damn small house.
Click to expand...
So some ransomeware on your family picture collection wouldn't bother you?
 
  • Like
Reactions: fenderman
d3sentryGunZ said:
Sorry but you are the idiot here. First of all everywhere on the net you can find that people use port fortward to access a camera via ivms.

Second of all, who the hell would hack a simple user that uses a camera to watch the door entrance , it is not a BANK, nor a mansion, it is a damn small house.

Third of all instead of blaming the noob users like me, why don't you help them instead to be such a dramatic? as I am sure you are a super professional and one of the best installers and IT out there; why don't you help people how to solve this problem, that after all, it's a HIKVISION problem?
Click to expand...
Just because others do it doesn't mean it's safe...they are all idiots as well... If you would take a minute to get your head out of your ass you would see that the solution was provided... we started this site to help amateurs like you...use it...
 
fenderman said:
Just because others do it doesn't mean it's safe...they are all idiots as well... If you would take a minute to get your head out of your ass you would see that the solution was provided... we started this site to help amateurs like you...use it...
Click to expand...

Yes I see.. all idiots out there. One is not every day thinking that someone can hack the camera, nor even expect it, as it is supposely to be 'safe'. Also the first thought I had was a camera's malfunction.

Btw, you could have been more friendly, instead of calling the people 'idiots', for not being a 'professional' as you
 
  • Like
Reactions: ovexi
d3sentryGunZ said:
Yes I see.. all idiots out there. One is not every day thinking that someone can hack the camera, nor even expect it, as it is supposely to be 'safe'. Also the first thought I had was a camera's malfunction.

Btw, you could have been more friendly, instead of calling the people 'idiots', for not being a 'professional' as you
Click to expand...
I call it like it is...not sure why you thought it was safe...next time hire someone competent if you don't know what you are doing
 
ilkevinli said:
This statement is very hypocritical of you, considering you just called someone an idiot yourself above this post.
Click to expand...

Why don't you read who called idiot first? He's the guy that calls other people idiots just for not having the same knowledge. If you are going to judge, first read page 7. Too many jerks on this forum.
 
d3sentryGunZ said:
Why don't you read who called idiot first? He's the guy that calls other people idiots just for not having the same knowledge. If you are going to judge, first read page 7. Too many jerks on this forum.
Click to expand...
Too many jerks? if you dont like it LEAVE...if you need help leaving let me know..Ill get rid of you.
 
You must log in or register to reply here.
Top Bottom