Backdoor found in Hikvision cameras

[alastairstevenson]

I think I might steal @montecrypto 's discovery and submit it to the "About Hikvision Security Response Center (HSRC)" Hikvision UK & Ireland and see if they will send me one of those new low-light IPCs that may rival the Dahua Starlight varifocal turret.

I did this, to see what the response would be.
It was very quick, to the effect that they are already in the process of fixing it.
And that they'd seen the discussion about it on ipcamtalk.com
As they say in 'Person Of Interest' - "we are being watched!".

 

[tommyd75]

I did this, to see what the response would be.
It was very quick, to the effect that they are already in the process of fixing it.
And that they'd seen the discussion about it on ipcamtalk.com
As they say in 'Person Of Interest' - "we are being watched!".

Love that show.


Sent from my iPhone using Tapatalk

 

[IL-MAFIOSO]

Hello,

Regarding ,like said in previous post, that two of my caméras are chinese and still with 5.2.5 firmware, is it possible to allow only access to internet for output and block input . For example, i need to receive email notification for crossing Line ...

 

[Kroegtijgertje]

Stop fucking around on requesting new passwords on the Hikvision website!!!
You're only being very annoying and not able to get access on anything!!!

Could a mod please remove this topic, as it is only an invitation to some people trying to 'hack' into user accounts??

 

[fenderman]

Stop fucking around on requesting new passwords on the Hikvision website!!!
You're only being very annoying and not able to get access on anything!!!

Could a mod please remove this topic, as it is only an invitation to some people trying to 'hack' into user accounts??

Are you kidding me? No. It will not be removed. Why doesn't shitvision, oops, hikvision, who reads this site, FIX the damn problem.

 

[john-ipvm]

FIX the damn problem

@fenderman, I posted a quick note to help call attention to this: Hikvision, Please Fix Password Reset That Discloses Email Addresses Of Usernames

 

[Kroegtijgertje]

Changing your profilename on the Hikvision website to something different than your profilename here on the forum will also fix the problem, right?

 

[fenderman]

Changing your profilename on the Hikvision website to something different than your profilename here on the forum will also fix the problem, right?

of course...the only way this works is if you use the same user name for hikvision and this site or any other website..

 

[Tolting Colt Acres]

All this side-talk is interesting, but can we get back to the original topic of the thread, the backdoor, and the status/etc.

 

[Kroegtijgertje]

Hikvision gets two weeks to come forward, acknowledge, and explain why the backdoor is there and when it is going to be removed. I sent them an email. If nothing changes, I will publish all details on March 20th, along with the firmware that disables the backdoor.

So...has anything been published yet? We're way past March 20th and I'm curious as well.

 

[nayr]

He updated us in post #70

Update on the promised March 20 full disclosure date:

Per agreement with Hikvision I am delaying the disclosure. Hikvision promised to responsibly disclose and resolve the vulnerability. They are working with ICS-CERT and other organizations, and it is expected that more details will be communicated soon via those channels. If nothing is communicated in the next few weeks, I will proceed with full disclosure.

 

[tangent]

So...has anything been published yet? We're way past March 20th and I'm curious as well.

this was posted above:

Update on the promised March 20 full disclosure date:

Per agreement with Hikvision I am delaying the disclosure. Hikvision promised to responsibly disclose and resolve the vulnerability. They are working with ICS-CERT and other organizations, and it is expected that more details will be communicated soon via those channels. If nothing is communicated in the next few weeks, I will proceed with full disclosure.

 

[alastairstevenson]

And in response Hikvision issued a Security Notice - and updated firmware : Hikvision UK & Ireland

 

[john-ipvm]

And in response Hikvision issued a Security Notice - and updated firmware : Hikvision UK & Ireland

Alastair, that is not the 'more details will be communicated' @montecrypto referred to on March 20th. The notice you cite occurred a week before that but lacks details as to what privileges can be escalated (i.e., as @montecrypto has stated "One can remotely escalate their privileges from anonymous web surfer to admin."). Hikvision has not yet acknowledged this publicly which is key to its level of severity. @montecrypto, will Hikvision be confirming that finding in their forthcoming announcement?

 

[ravuthkumars]

There have been rumours... I would like to confirm that there is a backdoor in many popular Hikvision products that makes it possible to gain full admin access to the device.

Hikvision gets two weeks to come forward, acknowledge, and explain why the backdoor is there and when it is going to be removed. I sent them an email. If nothing changes, I will publish all details on March 20th, along with the firmware that disables the backdoor.

It would be wise to disconnect your cameras from the Internet.

Hi how to identify the back door in Hikvision cameras,
And how to access the cameras without admin password...

 

[montecrypto]

Hi how to identify the back door in Hikvision cameras,
And how to access the cameras without admin password...

And that is one of the reasons for the disclosure to be delayed.

 

[alexvas]

@montecrypto can you confirm that the vulnerability is fixed in the latest Hikvision firmware V5.4.41 - V5.4.71?

 

[sammmy]

1 how safe are the cameras if they are sitting behind an NVR?
2 The risk involved here is it linked to port forwarding?
Thanks

 

[fenderman]

1 how safe are the cameras if they are sitting behind an NVR?
2 The risk involved here is it linked to port forwarding?
Thanks

The nvr's are have vulnerabilities as well
Yes, port forwarding..

 

[sammmy]

Thanks for the comments. Noticed no NVR firmware update at this stage.