I want to ask these cameras that are constantly resetting / working for about 20 minutes and resume again reset to default/ is it possible to have injected them installed a script that turns them to a bot-net that will keep them constantly are crashed.
Hikvision camera resets ITSELF to factory default twice!
- Thread starter d3sentryGunZ
- Start date
Hi .
alastairstevenson.. i really appreciate how you take the time to write all information..i first thought its like copy paste.. but no,, all personal information. Is this your work ? you getting paid for this ?
I can understand that people are against port forwarding, and sure it is not the safest way, which should be avoided.. But what are the most important tips you guys can give , to avoid this kind of things to happen again ( when it is neccessary to do port forwarding )..
alastairstevenson.. i really appreciate how you take the time to write all information..i first thought its like copy paste.. but no,, all personal information. Is this your work ? you getting paid for this ?
I can understand that people are against port forwarding, and sure it is not the safest way, which should be avoided.. But what are the most important tips you guys can give , to avoid this kind of things to happen again ( when it is neccessary to do port forwarding )..
alastairstevenson
Staff member
Yes, and definitely no, and no wish to be either.
Just remember that the internet is a hostile environment to expose your devices to, and that everything is connected so it's not just affecting the device allowed out into the world wild web.
And think hard about the value of your data and what would be the consequence if either :
a) It vanished
b) It was exposed to the world.
Does anyone know where I can download old firmware for example 5.3.0 because it can not be updated directly from 5.1.0 or 5.2.3 to 5.4.41 and from 5.3.0 to 5.4.41 it is updated without problem / for Chinese versions of cameras R0 nad R2/.
my current firmware in Chinese cameras is 5.2.3, 5.3.0 and 5.1.0 my idea is update firmware to ultimate firmware 5.4.41 to secure my cameas from hack atacks.
I updated the cameras to 5.4.41 wich have current firmware 5.3.0 to 5.4.41 without problem, but these wich firmware 5.2.3. nad 5.1.0 can not be updated to 5.4.41 /I think because I first need to update to 5.3.0 first because it gives me a error, or this error is is another cause I do not know/.
Can it be updated directly through the UI in the camera from 5.2.3 or 5.1.0 to 5.3.0 ?
I updated the cameras to 5.4.41 wich have current firmware 5.3.0 to 5.4.41 without problem, but these wich firmware 5.2.3. nad 5.1.0 can not be updated to 5.4.41 /I think because I first need to update to 5.3.0 first because it gives me a error, or this error is is another cause I do not know/.
Can it be updated directly through the UI in the camera from 5.2.3 or 5.1.0 to 5.3.0 ?
Last edited:
Excuse me my friend if I do not understand something, but I do not want to make downgrade the firmware but UPGRADE it to the latest secure version of my Chinese cameras. It does not matter if the interface language is Chinese or English because they are connected to another brand NVR.
Please explain to me if you had anything else in mind and I did not understand you please read carefully my post above.
Please explain to me if you had anything else in mind and I did not understand you please read carefully my post above.
fenderman
Staff member
- Mar 9, 2014
- 36,892
- 21,408
This is why people like you should not be buying these hacked china cams...you have no idea what you are doing...no you will suffer through this aggravation...
alastairstevenson
Staff member
The temporary downgrade requirement is linked to the method of permanently converting the camera from Chinese to English. If the language conversion is not needed then the downgrade is not required.
But most people do need the language conversion. Chinese cameras will not connect to a Hikvision NVR, for example, as they complain of a language mismatch.
But most people do need the language conversion. Chinese cameras will not connect to a Hikvision NVR, for example, as they complain of a language mismatch.
Seems like he doesnt care the language mismatch. As he wrote,,probable he is going to connect the cameras to another brand NVR, by using onvif.
alastairstevenson
Staff member
As far as i have seen, some infected camera's are gone back to inactive status, some have got an out of range ip adres like 192.0.0.
And some even not showing in Sadp tool, which i think is the worsest scnenarioo
And some even not showing in Sadp tool, which i think is the worsest scnenarioo
alastairstevenson
Staff member
It would not be good if this backdoor exploit is being used in a brickerbot.
I'm almost tempted to set up a honeypot to see what's being attempted - but I think I'll leave that to others, I've plenty of other things to explore.
Does anyone know the meaning of the letters B, C, T etc on the hinge and the camera, because when I look for a firmware for somebody my model comes out, for example, for the Chinese model DS-2CD3310D / three firmware depending on the letter of the package or the camera / has a firmware that does not have a specific letter.
How can I find out which firmware is for my DS-2CD3310D camera if the camera label is deleted or no have?
海康威视是全球领先的以视频为核心的物联网解决方案提供商
How can I find out which firmware is for my DS-2CD3310D camera if the camera label is deleted or no have?
海康威视是全球领先的以视频为核心的物联网解决方案提供商
So let me get this straight. My Hik camera reset itself twice in the past week. Apparently it set up its own port forwarding via UPNP (I confirmed it was turned on in the camera and I looked on my router and it had ports forwarded to the camera... WTF). So UPNP was turned on by default, it configured my router to forward ports to the Hik and some hacker was getting in and resetting the Hik?
Why were they resetting it? Why TF is this turned on by default? I feel like a bad network admin for not noticing this before.
Why were they resetting it? Why TF is this turned on by default? I feel like a bad network admin for not noticing this before.
alastairstevenson
Staff member
If UPnP is on by default, it's pretty old firmware in the camera, which also means it's susceptible to the recently-publicly-disclosed 'Hikvision backdoor'.
Backdoor found in Hikvision cameras
And it also mean that you have UPnP enabled on your router, allowing any device on the LAN to mess with port forwarding.
It may be worth doing a full port scan with ShieldsUp! GRC | ShieldsUP! — Internet Vulnerability Profiling
Thanks for the response, it was a DS-2CD2042WD-I running V5.4.1 build 160525. I am working on upgrading it right now. I disabled UPnP on my router. Running ShieldsUp on my Blue Iris server shows everything as stealth. On my Ubuntu laptop I am seeing 20, 21, 22 as closed, not stealth.
The only port forwarding I have been doing via my router has been some ports to my Synology. I am also going to go in and ensure none of my cameras have access to the internet.
Be glad they only reset the camera (and hope they didn't install infected firmware too). Maybe the attacker decided a reset, which might take the camera off the internet, was better than inserting a warning message into the camera's text overlay and leaving it online (where it would be vulnerable to worse attacks). Look at me, assuming a guy who hacks cameras for fun really has your best interests at heart.
As for why camera manufacturers have UPnP on by default, I don't think anyone knows. Nobody knows to look for an open port they didn't set up themselves.