Backdoor found in Hikvision cameras

alastairstevenson · Aug 9, 2017

dealpapa said:
Does this version fix the backdoor problem?

dealpapa · Aug 9, 2017

alastairstevenson said:
Check this out:
Hikvision Europe

That is great. Thank you for the link.

montecrypto · Aug 9, 2017

jfyi, I plan to disclose all details of the backdoor when 6 months pass, which will be the second week of September. Updates are available and 6 months is more than enough time to apply them. There are, however, hundreds of thousands of cameras accessible via the Internet that still contain the backdoor.

dealpapa · Aug 9, 2017

montecrypto said:
jfyi, I plan to disclose all details of the backdoor when 6 months pass, which will be the second week of September. Updates are available and 6 months is more than enough time to apply them. There are, however, hundreds of thousands of cameras accessible via the Internet that still contain the backdoor.

so the 5.4.41 works?

alastairstevenson · Aug 10, 2017

montecrypto said:
Updates are available and 6 months is more than enough time to apply them.

Unless you've bought from eBay or Aliexpress and want to avoid a bricked camera.
Maybe it's time to openly publish the 'enhanced mtd hack' that gives a fully upgradable (R0 series) camera.

dealpapa · Aug 10, 2017

alastairstevenson said:
Unless you've bought from eBay or Aliexpress and want to avoid a bricked camera.
Maybe it's time to openly publish the 'enhanced mtd hack' that gives a fully upgradable (R0 series) camera.

or they can learn chinese and flash them to chinese version. That will be much more easy and also they work for every single series.

Tolting Colt Acres · Aug 10, 2017

dealpapa said:
or they can learn chinese and flash them to chinese version. That will be much more easy and also they work for every single series.

As someone else pointed out on this, or another thread, you can still use the english batch configuration tool to configure a chinese camera.

dealpapa · Aug 10, 2017

Tolting Colt Acres said:
As someone else pointed out on this, or another thread, you can still use the english batch configuration tool to configure a chinese camera.

the problem is ivms-4200 and nvr will need to be chinese too.

Tolting Colt Acres · Aug 10, 2017

I had a locked-english chinese camera (until alastair was kind enough to walk me through the process of making it english upgradable) which I downgraded and reverted back to chinese for a while, neither ivms-4200 nor blueiris (my NVR) cared it was Chinese.

catseyenu · Aug 10, 2017

montecrypto said:
jfyi, I plan to disclose all details of the backdoor when 6 months pass, which will be the second week of September. Updates are available and 6 months is more than enough time to apply them. There are, however, hundreds of thousands of cameras accessible via the Internet that still contain the backdoor.

Is there a work around apart from updating to the latest firmware?
I have a batch still on 5.16 that I'm hesitant to upgrade...

dealpapa · Aug 10, 2017

catseyenu said:
Is there a work around apart from updating to the latest firmware?
I have a batch still on 5.16 that I'm hesitant to upgrade...

I am going to hack your camera. lol just kidding.

Tolting Colt Acres · Aug 10, 2017

catseyenu said:
Is there a work around apart from updating to the latest firmware?

Make the camera non-accessible from the internet.

alastairstevenson · Aug 10, 2017

If the detail in this is accurate, firmware versions before 5.2.0 do not have the vulnerability : Hikvision Cameras | ICS-CERT
The details presumably come from Hikvision : Hikvision Europe

catseyenu · Aug 12, 2017

Thank you, Hik has never been very clear on "details" and I can't remember if 5.16 was an official release or not.
FWIW, they are inaccessible from the internet other than when I remote in through another computer on the network.

alastairstevenson · Aug 12, 2017

There is 5.1.6 and even older here : DOWNLOAD PORTAL
Perhaps when @montecrypto publishes the detail he will include a test method for the vulnerability - it won't be that long now.

bashis · Aug 15, 2017

montecrypto said:
jfyi, I plan to disclose all details of the backdoor when 6 months pass, which will be the second week of September. Updates are available and 6 months is more than enough time to apply them. There are, however, hundreds of thousands of cameras accessible via the Internet that still contain the backdoor.

Dahua had more than one million when I released info about their backdoor, bad to say that didn't even help, maybe 700k are still vulnerable today for same thing, but at least many security companies do know about this and can catch the things with IPS.

whoslooking · Sep 12, 2017

2nd week of September, back door access using ivm-4200

montecrypto · Sep 12, 2017

Details published yesterday in the full disclosure mailing list. Peeping toms and botnet herders are probably celebrating.

alastairstevenson · Sep 12, 2017

And worst of all, one can download camera configuration:

Yes indeed. And 8.8 out of 10 for the contents.

whoslooking · Sep 12, 2017

It can be read here

Full Disclosure: Access control bypass in Hikvision IP Cameras

Search

Backdoor found in Hikvision cameras

alastairstevenson

dealpapa

Getting the hang of it

montecrypto

dealpapa

Getting the hang of it

alastairstevenson

dealpapa

Getting the hang of it

Tolting Colt Acres

Pulling my weight

dealpapa

Getting the hang of it

Tolting Colt Acres

Pulling my weight

catseyenu

Getting the hang of it

dealpapa

Getting the hang of it

Tolting Colt Acres

Pulling my weight

alastairstevenson

catseyenu

Getting the hang of it

alastairstevenson

bashis

whoslooking

montecrypto

alastairstevenson

whoslooking