Backdoor found in Hikvision cameras

catseyenu

Getting the hang of it
Joined
Jun 13, 2014
Messages
324
Reaction score
42
Testing V5.1.6 build 140412 I get either 404s or Invalid Operation, confirmation of noted non-vulnerable version.
 

bashis

IPCT Contributor
Joined
May 27, 2017
Messages
87
Reaction score
118
DS-2CD2020F-IW
V5.4.3 build 160705: Confirmed working
V5.4.5 Build 170123: Confirmed _not_ working

Nice work montecrypto!
 

LaZona

Young grasshopper
Joined
Jan 26, 2017
Messages
41
Reaction score
5
Are cameras behind a hikvision NVR also vulnerable to the same backdoor?
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,825
Reaction score
6,377
My relabeled Hik DS-2CD2412F cube cam (ANNKE I61DR) is vulnerable.

Wonder if I can drop newer Hik firmware over it?

Edit to add:

Contacted Annke support and they sent me a firmware update but the issue remains.

File name: digicap.dav
Firmware: V5.3.5 build 161112

Installing Hikvision firmware balks with "The type of upgrade file mismatches."

*sigh*

So after going back and forth with Annke's first line tech support trying to get them to understand this was a significant issue given that this and lots of their relabeled cameras likely are subject to the same and them saying that it wasn't a problem for a variety of reasons, even though I confirmed that the cam is in fact vulnerable even after the update, they finally told me that "As a technical support, we know better for our product."

Yeah, good luck with that. ; ) lol
 
Last edited:

catseyenu

Getting the hang of it
Joined
Jun 13, 2014
Messages
324
Reaction score
42
Are cameras behind a hikvision NVR also vulnerable to the same backdoor?
The vulnerability is with the camera's firmware allowing remote unauthorized access on your network, a NVR has no mitigating effect.
You can 1. fix the firmware or 2. have a secure network with no "outside" access for an attacker to exploit the vulnerability.
 

LaZona

Young grasshopper
Joined
Jan 26, 2017
Messages
41
Reaction score
5
The vulnerability is with the camera's firmware allowing remote unauthorized access on your network, a NVR has no mitigating effect.
You can 1. fix the firmware or 2. have a secure network with no "outside" access for an attacker to exploit the vulnerability.

Ok thanks.

If I disable upnp from the NVR, does that disable access to the cameras even if the cameras have upnp activated?
 

Tolting Colt Acres

Pulling my weight
Joined
Jun 7, 2016
Messages
379
Reaction score
153
So after going back and forth with Annke's first line tech support trying to get them to understand this was a significant issue given that this and lots of their relabeled cameras likely are subject to the same and them saying that it wasn't a problem for a variety of reasons, even though I confirmed that the cam is in fact vulnerable even after the update, they finally told me that "As a technical support, we know better for our product."
I wonder how they'd feel when their company name appears in an security advisory?
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,007
Location
USA
Alright! Maybe its time to make a new password reset tool that works on a good set of newer firmwares!
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,825
Reaction score
6,377
I wonder how they'd feel when their company name appears in an security advisory?
Guess we'll find out.

They've also not let clear for public view a post that I made on their forum last night asking about it.

Great way to respond to security issues - pretend that they don't exist and hope that nobody notices. lol
 

DokkenVersusChicken

Young grasshopper
Joined
Jan 4, 2015
Messages
63
Reaction score
4
Geez. I found this thread via a thread about the hikvision cube clone (which i just bought a month ago).

I have Ubiquiti Unifi gear. the BI PC is on VLAN2 with no access to my main LAN. My IP camera group on VLAN2 is blocked from access WAN and my main LAN (cannot ping out to WAN or to LAN1). The cameras get their time from my BI PC using the nettime app. The BI PC only runs my cameras.

Does this sound safe? I have not touched the firmware on my 8 cameras in a while.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Geez. I found this thread via a thread about the hikvision cube clone (which i just bought a month ago).

I have Ubiquiti Unifi gear. the BI PC is on VLAN2 with no access to my main LAN. My IP camera group on VLAN2 is blocked from access WAN and my main LAN (cannot ping out to WAN or to LAN1). The cameras get their time from my BI PC using the nettime app. The BI PC only runs my cameras.

Does this sound safe? I have not touched the firmware on my 8 cameras in a while.
yes, you have no risk.
 

DokkenVersusChicken

Young grasshopper
Joined
Jan 4, 2015
Messages
63
Reaction score
4
yes, you have no risk.
Thanks, I thought so, but good to have experienced confirmation. I also use L2TP VPN for remote access and to not have any open/forwarded/visible ports. All this works great. I'm a networking novice, but I don't know how in the world normal people are supposed to be expected to set this stuff up.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Thanks, I thought so, but good to have experienced confirmation. I also use L2TP VPN for remote access and to not have any open/forwarded/visible ports. All this works great. I'm a networking novice, but I don't know how in the world normal people are supposed to be expected to set this stuff up.
they are not...they either have to put a bit of effort into learning how (as you have shown, its not that difficult) or hire someone...those same folks wouldn't dare run electrical wiring themselves....so they should hire someone for this as well..
 
Top