Critical flaws found in Amcrest security cameras - Amcrest Hid info for 18 months

The first allows an unauthenticated attacker to discover the camera’s admin credentials stored in clear text, facilitating a takeover of the device and, presumably including locking legitimate users out of the UI. Worryingly:

Based on cursory analysis of other Amcrest products, this might be prevalent in all the Amcrest IP cameras and also other Amcrest products.
Click to expand...
Ouch!
 
  • Like
Reactions: Ssayer and fenderman
Add another of a zillion reasons to not allow your cams to be accessible from the net, eh?
 
Is there a way to test if your cameras can access the internet? I've placed mine on a blacklist in the router... But I would like to see if that is effective. And yes in my blue iris system I do have Amcrest cams
 
Chris TT said:
Is there a way to test if your cameras can access the internet? I've placed mine on a blacklist in the router... But I would like to see if that is effective. And yes in my blue iris system I do have Amcrest cams
Click to expand...

Chris - if you have a default gateway configured (barring any other security device) those cams have access to the internet. You’ll typically see NTP traffic but the Amcrest are notorious for calling home even when you shut every option off in the Web GUI it will still attempt connections out.


Sent from my iPhone using Tapatalk
 
Thanks. Will removing the gateways cause any other issues? I imagine I should still be able to access the cams for adjustments on their native UIs.
 
Chris TT said:
Thanks. Will removing the gateways cause any other issues? I imagine I should still be able to access the cams for adjustments on their native UIs.
Click to expand...
Other than time drift potentially being an issue, I don't see any other issues unless you view your cameras remotely by connecting directly to them - which is not a good idea.
 
OK will test. I don't connect directly to cams. I do see some timedrift, so i'm hoping the router blacklisting was working all along. Network is behind a VPN. Also need to look into a local time server... seen references to that as as solution.

The camera UI is forcing a Gateway address of the same segment, what do you recommend?
I put the same address as the camera IP to try one
 
Last edited:
Chris TT said:
OK will test. I don't connect directly to cams. I do see some timedrift, so i'm hoping the router blacklisting was working all along. Network is behind a VPN. Also need to look into a local time server... seen references to that as as solution.

The camera UI is forcing a Gateway address of the same segment, what do you recommend?
I put the same address as the camera IP to try one
Click to expand...

How is the camera setup to obtain an IP? Is it set to automatic/DHCP? You may be able to change it to manual and set it to the current IP address and subnet mask and leave the default gateway blank.
 
Hi, the cameras have reserved ip addresses outside DHCP range.
The camera's UI is set to STATIC IP. it's forcing a gateway of same segment. Can't leave it blank.
I'm thinking though a gateway circular reference to it's own ip would sufficiently block access to internet.... i hope.
 
Chris TT said:
OK will test. I don't connect directly to cams. I do see some timedrift, so i'm hoping the router blacklisting was working all along. Network is behind a VPN. Also need to look into a local time server... seen references to that as as solution.

The camera UI is forcing a Gateway address of the same segment, what do you recommend?
I put the same address as the camera IP to try one
Click to expand...
NetTime - Network Time Synchronization Tool
 
Chris TT said:
Thanks, this keeps the bi server time updated. How do i pass this to the cams for their native time/date to remain updated?
On some cams i use the native cam software to provide date/time, instead of blueiris
Click to expand...

? This turns your BI machine into an NTP server. You set your cameras up via their setups to look to your BI machine instead of one of the internet NTP servers...
 
If IP camera companies want to sell their products, they'll need enclose disclaimers as well as full-blown manuals to the less tech-savvy showing them the do's and don'ts and a brief overview of VLAN configuration, VPN's, avoiding Cloud 9 and so on and so forth :facepalm:
 
Here is another new CVE from a few weeks back (CVE-2019-3948) - listed in this Forbes article on the eavesdropping risk. They specifically call out Amcrest cameras in the article. I tested this on the couple of Amcrest cams I own and I can indeed reproduce the issues. The cameras like the 5231s and 5241s I purchased though Andy do not exhibit the issue at all.
 
If its Dahua or Hikvision they all exhibit the same problem, you need to disable port forwarding, P2P, and anything that communicates in and out of the network. Use your own VPN; also utilize VLAN's. Cliff Notes should be bookmarked
 
The article specifically referenced Davis cameras. I didn’t try my him cameras. Will have to give that a try as well.


Sent from my iPhone using Tapatalk
 
Update: Tested 2 of my HikVision cameras. Both were not susceptible to this vulnerability. Could be the way the code is written - it may be more Dahua specific.
 
You must log in or register to reply here.
Top Bottom