HELP 2132F-IS running V5.2.5 build 141201 Admin Password hacked/changed

tradertim

Getting the hang of it
Joined
Jul 1, 2015
Messages
260
Reaction score
22
Hi guys can you please point me in the right direction. I have lost my admin password, believe it was hacked & changed. All other cameras 3 out of 4 are okay - it is a subtle message someone is trying to make as they could have screwed all the config.

I have no proof but could have been yandex, they recently blocked my cameras MAC/per device after telling me email wasn't used for this purpose (cameras) . Other devices worked e.g. PC for yandex account just not the cameras, and so they did something on a Cameras level e.g. MAC/ DeviceID etc.

This all happened in recent last while - coincidence or not - being running this setup 5 years.

I am reasonably technically capable - done Cisco IT networking, been in Telco tech 30 years.

I am running CCH Chinese Camera


Model 2CD2132F-IS Dome , Chinese flashed to English, V5.2.5 build 141201


How can I recover the admin password for CCH and 5.2.5?
Will the password reset tool work - I few pointers what is required?


====

Also any suggestions on hardening up the access environment, but in the context of still being able to remotely view?

I have been running this setup for ~ 5 years and things been good til now.

I use;

= port forwarding to cameras to access external to run VMS for remote viewing and play back.
-each camera has local SD for recording
-External access for camera views are important to me as the location is a holiday place on a shared driveway.
-I also access the config from time to time to change email addresses for notifications, emails run out etc.

-iVMS Access I only use Operator users externally limited to only remote view and playback.
-I haven't enabled SSH etc due to complexity, setup and I thought that would restrict to one device with the installed key on it accessing.

So acknowledge access login etc is probably clear text but thought chances were low re only access from local mobile company, and local Wireline broadband.

-My IP address used to circulate each 24 hours and so thought that helped re security.

I plan to;

-check Router and disable UpnP if enabled (I cant recall) , disabled on cameras.
-If I can add a user (other than admin) enabled to change config so I can do some tasks remote. But always have the admin user as a backup to access locally.
-Never use the ADMIN user off the local LAN/ always use on the local lan only so no clear text floating around for ADMIN user.
-Enable the IP address filter to enable only IP subnets I use - for access via mobile company and fixed broadband. (At least will restrict rest of world).
-I've learnt to pay the extra and buy World cameras so they are easy upgradable.

I know safest is to disable external access - but I want the remote camera views it's important to check state of my property.

Please any advice on any of the above gratefully accepted.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Hi guys can you please point me in the right direction. I have lost my admin password, believe it was hacked & changed. All other cameras 3 out of 4 are okay - it is a subtle message someone is trying to make as they could have screwed all the config.

I have no proof but could have been yandex, they recently blocked my cameras MAC/per device after telling me email wasn't used for this purpose (cameras) . Other devices worked e.g. PC for yandex account just not the cameras, and so they did something on a Cameras level e.g. MAC/ DeviceID etc.

This all happened in recent last while - coincidence or not - being running this setup 5 years.

I am reasonably technically capable - done Cisco IT networking, been in Telco tech 30 years.

I am running CCH Chinese Camera


Model 2CD2132F-IS Dome , Chinese flashed to English, V5.2.5 build 141201


How can I recover the admin password for CCH and 5.2.5?
Will the password reset tool work - I few pointers what is required?


====

Also any suggestions on hardening up the access environment, but in the context of still being able to remotely view?

I have been running this setup for ~ 5 years and things been good til now.

I use;

= port forwarding to cameras to access external to run VMS for remote viewing and play back.
-each camera has local SD for recording
-External access for camera views are important to me as the location is a holiday place on a shared driveway.
-I also access the config from time to time to change email addresses for notifications, emails run out etc.

-iVMS Access I only use Operator users externally limited to only remote view and playback.
-I haven't enabled SSH etc due to complexity, setup and I thought that would restrict to one device with the installed key on it accessing.

So acknowledge access login etc is probably clear text but thought chances were low re only access from local mobile company, and local Wireline broadband.

-My IP address used to circulate each 24 hours and so thought that helped re security.

I plan to;

-check Router and disable UpnP if enabled (I cant recall) , disabled on cameras.
-If I can add a user (other than admin) enabled to change config so I can do some tasks remote. But always have the admin user as a backup to access locally.
-Never use the ADMIN user off the local LAN/ always use on the local lan only so no clear text floating around for ADMIN user.
-Enable the IP address filter to enable only IP subnets I use - for access via mobile company and fixed broadband. (At least will restrict rest of world).
-I've learnt to pay the extra and buy World cameras so they are easy upgradable.

I know safest is to disable external access - but I want the remote camera views it's important to check state of my property.

Please any advice on any of the above gratefully accepted.
the hack does not care what account you used or what password you used...
doesnt matter what region cameras you have..you cannot port forward them..they will be hacked..even the newest firmware will be hacked eventually....
use a vpn..
there should be a reset button in the camera.
 

tradertim

Getting the hang of it
Joined
Jul 1, 2015
Messages
260
Reaction score
22
Hi Fender.

- if I invoke the camera reset wont the CCH camera go back to chinese?

- is it possible to VPN in and then obtain a view of the cameras using a camera monitoring application?

I use TinyCamMonitor Pro for daily remote view and IVMS for Remote playback.

I thought VPN might break these.






the hack does not care what account you used or what password you used...
doesnt matter what region cameras you have..you cannot port forward them..they will be hacked..even the newest firmware will be hacked eventually....
use a vpn..
there should be a reset button in the camera.
 

tradertim

Getting the hang of it
Joined
Jul 1, 2015
Messages
260
Reaction score
22
Will the password recovery tool help me with 5.2.5 firmware and Chinese serial?
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
Hi Fender.

- if I invoke the camera reset wont the CCH camera go back to chinese?

- is it possible to VPN in and then obtain a view of the cameras using a camera monitoring application?

I use TinyCamMonitor Pro for daily remote view and IVMS for Remote playback.

I thought VPN might break these.
1) I dont believe so....
2) yes, that is what vpn does, it puts you on the local network...
 
Top