Backdoor found in Hikvision cameras

sammmy said:
Thanks for the comments. Noticed no NVR firmware update at this stage.
Click to expand...
I'm not saying that the NVR has this vulnerability...My point was it can...Stop Port forwarding.!
 
  • Like
Reactions: nayr
Like to setup a VPN so I can remote access the NVR on a iphone or android.
Any advice how to set one up.
Would openVPN do the job?
Thanks
 
sammmy said:
Like to setup a VPN so I can remote access the NVR on a iphone or android.
Any advice how to set one up.
Would openVPN do the job?
Thanks
Click to expand...

Search the forum, all your answers and guides are already here...

Look for the thread VPN Primer....
 
Is this vulnerability on any open ports to a Hickvision or just the web port for example? I believe the Hickvision cams use port 80 for web access and then a different port for "server" access as well as an RTP port for audio? If using "security by obscurity" and using a non-traditional port, is the cam identifiable on a port scan other than that it is listening?

Of course, I have a grey market cam that I doubt that I can upgrade the firmware on without the risk of it either being full Chinese, bricked or potentially fine. I obviously have to do more reading on that aspect.
 
  • Like
Reactions: Nicktran337
sammmy said:
Like to setup a VPN so I can remote access the NVR on a iphone or android.
Any advice how to set one up.
Would openVPN do the job?
Thanks
Click to expand...

Yes OpenVPN would be a good solution. Depending how you implemented OpenVPN it can be moderate or difficult. Check if your router supports it out of the box. If not check if you router can run firmware like did-wrt with vpn support. Another option and the option I use is a raspberry pi running OpenVPN. I find this solution to be more secure as the software is continuously being updated. I also have pi-hole running on the same raspberry pi to block ads when surfing the internet on my home network.

Prohidium said:
Is this vulnerability on any open ports to a Hickvision or just the web port for example? I believe the Hickvision cams use port 80 for web access and then a different port for "server" access as well as an RTP port for audio? If using "security by obscurity" and using a non-traditional port, is the cam identifiable on a port scan other than that it is listening?

Of course, I have a grey market cam that I doubt that I can upgrade the firmware on without the risk of it either being full Chinese, bricked or potentially fine. I obviously have to do more reading on that aspect.
Click to expand...

A lot of times the port scans look for open ports. Then the IP address and port is automatically put into a script that runs. The script has known hacks and back doors and automatically tries to get in. When successful it reports back to the loser (script kid, hacker, punk, etc) that a successful login worked. There is more to it but that is basically what it's about.

My first post. Finally created an account to be able to reply here.. lurking is done.
 
  • Like
Reactions: whoslooking, vasycara and alastairstevenson
Managed to setup a VPN and it is up and running.
Able to playback and live view from the App from a remote site.
Having problems with alarm notification with the App. Unable to
enable due to failed to register the DDNS server
bomack said:
Yes OpenVPN would be a good solution. Depending how you implemented OpenVPN it can be moderate or difficult. Check if your router supports it out of the box. If not check if you router can run firmware like did-wrt with vpn support. Another option and the option I use is a raspberry pi running OpenVPN. I find this solution to be more secure as the software is continuously being updated. I also have pi-hole running on the same raspberry pi to block ads when surfing the internet on my home network.



A lot of times the port scans look for open ports. Then the IP address and port is automatically put into a script that runs. The script has known hacks and back doors and automatically tries to get in. When successful it reports back to the loser (script kid, hacker, punk, etc) that a successful login worked. There is more to it but that is basically what it's about.

My first post. Finally created an account to be able to reply here.. lurking is done.
Click to expand...



Managed to setup a VPN and it is up and running.
Able to playback and live view from the App from a remote site.
Having problems with alarm notification with the App. Unable to
enable due to failed to register the DDNS server.


bomack said:
Yes OpenVPN would be a good solution. Depending how you implemented OpenVPN it can be moderate or difficult. Check if your router supports it out of the box. If not check if you router can run firmware like did-wrt with vpn support. Another option and the option I use is a raspberry pi running OpenVPN. I find this solution to be more secure as the software is continuously being updated. I also have pi-hole running on the same raspberry pi to block ads when surfing the internet on my home network.



A lot of times the port scans look for open ports. Then the IP address and port is automatically put into a script that runs. The script has known hacks and back doors and automatically tries to get in. When successful it reports back to the loser (script kid, hacker, punk, etc) that a successful login worked. There is more to it but that is basically what it's about.

My first post. Finally created an account to be able to reply here.. lurking is done.
Click to expand...
 
I'm making vulnerability scanner for tinyCam Monitor (Android) app. It uses multiple exploits revealed recently to warn users about their cameras issues.
https://goo.gl/X6ySaV

I just tried to implement Hikvision camera vulnerability and it looks like information published by ICS-CERT (CWE-287: Improper Authentication) is very general.

I'm sending request:

GET/ISAPI/System/time HTTP/1.1\r\n
"Cookie: user=Administrator\n
"Cookie: loggedin=true\r\n
"Connection: close\r\n\r\n

And always getting 401 unauthorised request from several Hikvision cameras.

@montecrypto do you have any hints how to check if vulnerability exists on camera?
 
  • Like
Reactions: Bink
montecrypto said:
There have been rumours... I would like to confirm that there is a backdoor in many popular Hikvision products that makes it possible to gain full admin access to the device.

Hikvision gets two weeks to come forward, acknowledge, and explain why the backdoor is there and when it is going to be removed. I sent them an email. If nothing changes, I will publish all details on March 20th, along with the firmware that disables the backdoor.

It would be wise to disconnect your cameras from the Internet.
Click to expand...


I'm new here. Pardon my stupidly, but so what if a stranger wants to look at a camera pointed to as hot water heater? If someone in the USA were able to watch one or more of your cams, what adverse event might occur?
 
Consultant said:
I'm new here. Pardon my stupidly, but so what if a stranger wants to look at a camera pointed to as hot water heater? If someone in the USA were able to watch one or more of your cams, what adverse event might occur?
Click to expand...
The bigger issue is your camera being further hacked to attack the internet as part of a bot net or giving a hacker a foothold into your network. Concern someone's watching you is secondary. The real solution is to use a VPN and other network security measures to to enforce a degree of security for insecure devices.
 
  • Like
Reactions: xtropodx and alastairstevenson
There is no public available exploit at the moment. But it is just a question of time when this happens. What hackers should do is just compare "fixed" and previous version of Hikvision firmware publicly available.
 
tangent said:
The bigger issue is your camera being further hacked to attack the internet as part of a bot net or giving a hacker a foothold into your network. Concern someone's watching you is secondary. The real solution is to use a VPN and other network security measures to to enforce a degree of security for insecure devices.
Click to expand...

In such situation, would having an NVR vs Windows PC running IP cameras be better/worse? Assuming same set up ie VPN or lack thereof, all networked.

EDIT:
"Also recognize that VPN is only as secure as the connected devices"
^^Does this mean that if an IP camera is compromised on a network & you access said camera remotely via VPN, you're open to being compromised as well?
 
Last edited:
xtropodx said:
In such situation, would having an NVR vs Windows PC running IP cameras be better/worse? Assuming same set up ie VPN or lack thereof, all networked.

EDIT:
"Also recognize that VPN is only as secure as the connected devices"
^^Does this mean that if an IP camera is compromised on a network & you access said camera remotely via VPN, you're open to being compromised as well?
Click to expand...
I was referring to the choice between exposing a camera/nvr/pc directly to the internet vs requiring a VPN to tunnel into the network securely. Any security issues with the cameras/nvr/pc still exist, difference is only people on your local network or with access to your VPN server can exploit them instead of the entire internet. It's also a good idea to disable upnp and block or limit the ability of the cameras to connect to the internet.
 
Hello, if I've good understand disabling upnp will block (by the router) all requests from internet but allow camera to send to internet like email notification ?

But in this case , we will no more have live streaming with IVMS-4500 too in WAN ....
 
upnp allows devices on your network to automatically request port forwarding rules. Disabling it on your router and cameras won't block the cameras from connecting to the internet.

Blocking internet access is something to consider in the name of security, but will impact email alerts and push notifications (though you could run a local mail relay). The main reason to disable it is the p2p/easy4ip style nat traversal schemes many cameras have, you can disable this on many cameras. China regions cams may lack the option. You could also setup some more complicated firewall rules if you've got hardware that allows it to only allow certain things.
 
You must log in or register to reply here.
Top Bottom