DS-2CD2032-I hacked

[benali]

I have 2 DS-2CD2032’s and 2 DS-2CD2035’s as part my synology surveillance system, anyway one of the cameras has now gone onto b&w live view with the stamp ‘hacked’ embedded in the view.

This is the camera:
DS-2CD2032-I (serial DS-2CD2032-I20150410CCWR511624194) FW V5.3.0 build 150327

Not sure how concerned I should be or what course of action to take, any help please?

 

[alastairstevenson]

Not sure how concerned I should be

An intruder on the internet is able to access your LAN, as presumably you've exposed the 2032 to the outside world.
In principle, they would be able to do almost anything on the LAN, given the motivation and skills.
The vulnerable and accessible camera makes quite a reasonable foothold to do that from.
Consider carefully the value of the data and the type of activities on your LAN.

what course of action to take, any help please?

You need to upgrade the camera firmware to a version (at least 5.4.41) that does not suffer from the 'Hikvision backdoor' vulnerability for which the exploit is widely available in public.
You need to look at more secure ways to achieve remote access.
With a Synology NAS, you could install and configure OpenVPN, for example, if your router isn't capable.

 

[benali]

In the short-term is a password change sufficient?
I seem to remember that a firmware upgrade was not a 5min job, especially as I think the camera is a Chinese variant.
I have asus ac66u, so VPN via router I guess is best option then, but I need a subscription, yeah?

 

[alastairstevenson]

In the short-term is a password change sufficient?

Nope - the backdoor exploit does not rely on default passwords.

I have asus ac66u, so VPN via router I guess is best option then, but I need a subscription, yeah?

I believe you are thinking of an outbound VPN service, often paid for, where you'd like to hide your origin, as opposed to your own VPN service for your inbound connections.

 

[alastairstevenson]

I think the camera is a Chinese variant.

The serial number with WR suggests the 2032 is upgradeable.

 

[benali]

Sorry, I have just looked but its been a while and I cant remember the update method!
So what is the recognised update method and where to source the firmware?

My other DS-2CD2032-I is Serial No. DS-2CD2032-I20140808CCCH475660525
Firmware Version V5.1.0 build 131202

This one then is chinese I think, can it be updated?

 

[alastairstevenson]

This one then is chinese I think, can it be updated?

Yes, it does look Chinese.
For this, check out the 'enhanced mtd hack'.
Hikvision DS-2CD2x32-I (R0) brick-fix tool / full upgrade method / fixup roundup.
I don't know if that very old firmware can be directly upgraded, but if you check the mtdblock6 against the requirements for the 'enhanced mtd hack' you can be sure.

 

[NoloC]

Also stop any port forwarding and upnp immediately, if you care about your lan and the data on it.

 

[benali]

OK, thanks. I've turned port forwarding off for now.
Strange that now this morning the cameras appear fine ie 'hacked' not showing in live view. Anyway obviously needs sorting.

So my English cam ..CCWR.. FW V5.3.0 build 15032. Update through web yeah? One version at a time or all the way?

My chinese cam ..CCCH.. Firmware Version V5.1.0 build 131202. This has had language edit applied before using hex I remember doing it, but my memory is vague now!
I've had a quick look through the new thread and its already giving me a headache! So may just take this out of service until I get more time. Unless anyone can give me a quick summary of best method for this one?
Thanks!

 

[alastairstevenson]

I've had a quick look through the new thread and its already giving me a headache!

Just check out the 'enhanced mtd hack' - that's all you need. The camera isn't bricked, and you don't need to do the 5.3.0 to 5.2.5 downgrade.
But you should check mtdblock1 locations 0x0C and 0x8000C and if they are 0, change them to 2 and rewrite mtdblock1 back to the camera.

 

[benali]

OK, thought I'd try an sort this early 2032 chinese camera out.
Its had the traditional hack with mtdblock5 & 6 being edited. I checked mtdblock1 and its just full of 'F's'.
Its running 5.1.0, however when I try a webgui update to 5.2.0 I get ' Language version mismatch' error.
Any Ideas, you kind people?

 

[alastairstevenson]

Just follow the brickfixV2 method - instructions, tool, and video here :
Unbrick and fully upgrade your R0 / DS-2CD2x32 IP cameras -
R0 / DS-2CD2x32 BrickfixV2 brick recovery and full upgrade tool - enhanced.

 

[benali]

Thank you!
This upgrade went smoothly, straight on with 5.4.5

I also have 2 chinese DS-2cd2035-i running 5.4.2.
Is this FW exposed to security vulnerability?
Can this device be updated, I was under the impression not?

 

[alastairstevenson]

This upgrade went smoothly, straight on with 5.4.5

Well done!

I also have 2 chinese DS-2cd2035-i running 5.4.2.
Is this FW exposed to security vulnerability?

My understanding is that firmware version 5.4.41 or higher is required to fix the 'Hikvision backdoor'.

Can this device be updated, I was under the impression not?

Probably not, by normal methods, unless you're OK with it reverting to Chinese.