Hikvision backdoor? (WSJ article)

[Cljs]

Link:
Surveillance Cameras Made by China Are Hanging All Over the U.S. - WSJ

In May, the Department of Homeland Security issued a cybersecurity warning saying some of Hikvision’s cameras contained a loophole making them easily exploitable by hackers. The department assigned its worst security rating to that vulnerability.​

Also in the article: interesting description of technologies Hikvision is developing.

 

[Mike A.]

Cameras are kind of the tip of the iceberg as far as that goes.

 

[RyanODan]

Yeah, @Cljs, montecrypto (a member on this forum) found the "backdoor" which was easily executed on any cameras that were/are port forwarded and have an outdated firmware (below 5.4.5)

Here's IPVM's Demo Video:
Here's the ICS-CERT page: Hikvision Cameras | ICS-CERT

 

[RyanODan]

Also, @bp2008 made a program from the exploit that allowed you to easily change the password on the cameras that were dated earlier than version 5.4.5. You can find it here: Hikvision camera admin password reset tool

and I can personally vouch that his release of the password generator script and Password reset tool has saved me hours of waiting to get a password reset.

 

[Q™]

 

[montecrypto]

Neutrally-toned, paywalled article, outdated information, too much credit to DHS, no mentioning of researchers, published 6 months too late... Typical WSJ.

 

[fenderman]

Neutrally-toned, paywalled article, outdated information, too much credit to DHS, no mentioning of researchers, published 6 months too late... Typical WSJ.

It amazes me that they can publish something like that and not give you credit.

 

[montecrypto]

It amazes me that they can publish something like that and not give you credit.

I need no credit. I need to be able to trust my cameras.

 

[fenderman]

I need no credit. I need to not be able to trust my cameras.

I understand that, but credit is due whether you need it or not....no one will be able to trust any camera ever....the true solution is open source verified firmware. There is no need for hikvision or any camera manufacturer to be in the firmware business....they suck at it.