Beware unitoptek/Boavision camera, backdoor inside

shdf

n3wb
Joined
Apr 23, 2018
Messages
3
Reaction score
1
Hello from France, :wave:
i just bought a few weeks ago a chinese camera on aliexpress :
4 Inch HD 4MP Mini PTZ IP Camera Outdoor Network Onvif Speed Dome 30X Zoom IP PTZ Speed Dome Camera CCTV 50m IR NightVision-in Surveillance Cameras from Security & Protection on Aliexpress.com | Alibaba Group

and just discovered that it has a telnet runing and that you can't disable it, the seller does not seem to want to give the password in order to be able to disable it...

Finaly, someone discovered that there is an administrator hidden account hardcoded in the firmware, that you obviously can't disable :
user : HANKVISION_2016
pass : HANKVISION_2016

if your Camera web interface looks like this, i bet this backdoor account is working...




 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
10,291
Reaction score
8,167
Location
USA
No camera should ever be assumed to be secure :) Even the world's leading camera manufacturers have been caught doing this kind of crap.
 
Top