Got this emal re: Hikvision cams being hacked

[tbennett1012]

My apologies and kudos for tracking that down. However, the IP in question is 239.255.255.250:1900 - fat fingers on the keypad.

 

[alastairstevenson]

Ooops - I already sent an email to SkyVision asking about their address.

*edit*
239.255.255.250
That's not an internet address - it's a broadcast address, or more strictly a multicast address, on the local domain.
Absolutely normal and expected.

 

[hiky]

Ooops - I already sent an email to SkyVision asking about their address.

*edit*
239.255.255.250
That's not an internet address - it's a broadcast address, or more strictly a multicast address, on the local domain.
Absolutely normal and expected.

and now breath ... all that for a on off multicast option !

 

[alastairstevenson]

all that for a on off multicast option !

Interesting though.
I had a similar situation when I first got a Hikvision NVR.
Out of curiosity I looked to see what it was doing on the network, out of the box, and found various attempts to contact AWS (Amazon Web Services) addresses.
Initially concerning, it turned out to be benign, due to certain Hikvision features / network services being enabled by default instead of being off.
The first thing I do with any camera or NVR is to go through the configuration and turn off any ddns or other services that are enabled by default.
And in quite a lot of study of what these devices do on the network, I have to say I've never seen anything (yet) of great concern.

 

[PSPCommOp]

So whats the chances of us getting a sub section for Network Security stuff? I mean I've googled a ton and I've barely gotten to 1% of it. But maybe given the content here it would be beneficial (and save redundant posts from newbs) to help inform us less experienced with network stuff about security for our systems.

 

[Enabler]

Ooops - I already sent an email to SkyVision asking about their address.

*edit*
239.255.255.250
That's not an internet address - it's a broadcast address, or more strictly a multicast address, on the local domain.
Absolutely normal and expected.

lol - 239.255.255.250

I've never seen Hikvision camera with malware on - hacked or not. I've seen alot of different models, firmware versions etc and done traffic analysis. It doesn't really make sense for the hackers or the sellers to do that as it will just stop people using the product.

Hikvision putting malware/backdoors in? There isn't much room to hide it when reverse engineering and it will show up on traffic capture if ever used. I think this is extremely unlikely though if you are safeguarding a nuclear reactor then by all means put them in a non routable network segment.

Given these devices are security products, it seems a great way to kill a multi billion dollar international business to do something so stupid and easily discoverable.

For the average home user likely setting a fake gateway IP on the camera to prevent Internet access would probably be enough if they are concerned.

I'm not saying blindly trust manufacturers in China (or anywhere) and caution is hardly ever a bad idea, but it is better at a measured and proportionate level.