Backdoor found in Hikvision cameras

[d3sentryGunZ]

YES, too many jerks. And NO, I'm not leaving, because there are always good people that try to aport something and can help. And if you felt touched, it's not my fault. I've never written specifically that you are a jerk.

 

[fenderman]

YES, too many jerks. And NO, I'm not leaving, because there are always good people that try to aport something and can help. And if you felt touched, it's not my fault. I've never written specifically that you are a jerk.

So learn something and stop being a defensive ungrateful prick...

 

[Tolting Colt Acres]

Why don't you read who called idiot first? He's the guy that calls other people idiots just for not having the same knowledge. If you are going to judge, first read page 7. Too many jerks on this forum.

Fenderman can come across like a jerk, sure. But, it's only because he practices "tough love". The truth hurts sometimes. But, he loves you. And, because he loves you, he will tell you the truth. Sometimes, we do not want to hear the truth, so we feel all butthurt by it. However, deep down inside, know from that butthurt is a buttload of fenderlove.

 

[mjb]

Fascinating discussion

All I know is that my attention to the dialogue in this topic has led me to improve significantly the security associated with my 40 Hikvision cameras. Because of information I have learned here I have updated firmware, removed all port forwarding in favor of a VPN and installed a VLAN structure in my network.

To all those who contribute such information, I say simply "thanks."

 

[fenderman]

Here is a nice video by www.ipvm.com showing how easy it is to implement this exploit...

 

[Carcus]

How do you find clients go using the system with an app and having to connect to a VPN using there mobile devices?

 

[pbc]

I'm curious (and now that I've removed port forwarding, setup a VPN, and updated all my Hiks...hopefully relatively safe!), I viewed the video above. But if someone wanted to get into my specific cameras, how would someone know how to access my camera in the first place? I.e., wouldn't they need my DNS address or something?

 

[bp2008]

Updating the firmware is no longer necessary for security if you don't have any ports forwarded and access only through a VPN.

If they wanted to get in, they'd try to connect to your IP address on all the possible ports. The common ports in particular (like port 80) get hit many times a day across basically every address in the entire IPv4 internet. The less common ports are tried less often, but still often enough.

 

[pbc]

Ah, so they would have to know my specific external IP address? E. G., not the usual 192.168.0.1.xx sort of thing.

 

[bp2008]

Yes, 192.168.x.x is a private range, not used on the public internet. Like I said, everything on the internet gets scanned many times a day for various vulnerabilities and your IP address is no exception.

 

[hikahikahika]

some one try to decrypt config file?

"Configuration backup files, unfortunately, contain usernames and plain-text passwords for all configured users. While
the files are encrypted, the encryption is easily reversible, because Hikvision chose to use a static encryption key,
which is derived from the password "abcdefg". Other Hikvision products have similarly weak encryption mechanisms."

 

[Buggah]

I'm wondering, my cams are only accessable on "server port" ie 8000. Is this hack also working on this interface?

 

[Mike A.]

I'm wondering, my cams are only accessable on "server port" ie 8000. Is this hack also working on this interface?

If that port is open to Internet traffic, then yes. An open port is an open port. There's not anything special about port 8000. It's only being called a "server port" by wherever you got that because there's a server/listening device installed behind it.

 

[Buggah]

So this exploit also works on other services than just the http service?

(btw 'Server port' is what Hikvision calls it the configuration interface)

 

[Mike A.]

So this exploit also works on other services than just the http service?

(btw 'Server port' is what Hikvision calls it the configuration interface)

Not sure. The specific exploit discussed here is to the underlying HikCGI protocol used. Don't know whether that's limited only to authentication via http. I wouldn't trust it myself but I don't trust anything about these cams and similar IoT devices. If it's not subject to this specific vulnerability, then it probably will be to another.

 

[sandamal]

Ok, here is some intersting links about russian kids and exploit
/Web-мастера/ - Проверка видеорегистраторов и IP камер Hikvision на простые пароли


Проверка видеорегистраторов и IP камер Hikvision на простые пароли - В этом треде проверяем видеорегистраторы и IP камеры Hikvision на простые пароли. О найденных проблемах сообщаем их владельцам. Для этого нам понадобятся блоки IP http://www.iwik.org/ipcountry/ или —
Архивач

 

[montecrypto]

Ok, here is some intersting links about russian kids and exploit

Fascinating. You seem to have discovered (accidentally, of course - I understand) a den of russian voyeuristic perverts who collaboratively use camera vulnerabilities to exercise their hand and arm muscles. It was very thoughtful of them to choose .hk domain for their home. Well, it was expected and the interpipes delivered. The other thing that was predicted and is yet to be discovered was a massive botnet. The clock is likely ticking.

I think the best way for Hikvision to demonstrate responsibility in this situation is to release patched EN firmware for all their CN and re-branded cameras and run a massive PR campaign urging users to upgrade.

 

[alastairstevenson]

I think the best way for Hikvision to demonstrate responsibility in this situation is to release patched EN firmware for all their CN and re-branded cameras and run a massive PR campaign urging users to upgrade.

That of course would be the responsible thing to do.
But, somehow, that seems to be the antithesis of how they behave.
It's such a pity, as the products are actually very good. But the way they treat their small customers is appallingly bad.

 

[Tolting Colt Acres]

I think the best way for Hikvision to demonstrate responsibility in this situation is to release patched EN firmware for all their CN and re-branded cameras and run a massive PR campaign urging users to upgrade.

You are more.likely to look out your window and see this...

 

[TechDadHere]

BI works pretty well with our Hikvision. I actually deleted the Hik's software and used BI alone. pretty great this side.