Menu
What's new

Hikvison Cloud unsecure?

T

TechTobi

n3wb
Joined
Aug 5, 2018
Messages
1
Reaction score
0
Location
Hannover
Hey everyone,
I have a question.
For Push notification, I‘m use the Hikvision Cloud.
Who still uses it? Is the type of integration still safe today?
 
wittaj

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,871
Reaction score
48,514
Location
USA
And most here do not trust these companies regarding security. Ironic that security cameras are not very secure on the internet...

Too many instances over the years showing that the login credentials go unencrypted, data going all over the place to the cloud and then back, etc.

A general rule around here is regardless of who makes the devices, keep them off the internet.
 
user8963

user8963

Known around here
Joined
Nov 26, 2018
Messages
1,465
Reaction score
2,315
Location
Christmas Island
hikvision still saves screenshots of events (you see a little picture in hikconnect) on amazon cloud server ... visible for everyone if you have the serial number.. so no its not safe to use it.. not sure what else is saved there
 
E

Ellesmin

n3wb
Joined
Dec 20, 2021
Messages
1
Reaction score
0
Location
Prague
Hi, I would like to ask about hikvision vulnerable version (CVE-2021-36260)? I find out a lot of devices on the internet and try to find out without exploiting if the device is vulnerable or not, but without success? Is there any option to find if the camera is vulnerable without exploiting, I would like to inform owner of vurnerable devices, but I don't want to exploit them. Is there any option please?
 
Teken

Teken

Known around here
Joined
Aug 11, 2020
Messages
1,535
Reaction score
2,770
Location
Canada
Ellesmin said:
Hi, I would like to ask about hikvision vulnerable version (CVE-2021-36260)? I find out a lot of devices on the internet and try to find out without exploiting if the device is vulnerable or not, but without success? Is there any option to find if the camera is vulnerable without exploiting, I would like to inform owner of vurnerable devices, but I don't want to exploit them. Is there any option please?
Click to expand...
Hikvision provides a list of the hardware this problem impacts on their website. Any security camera that is vulnerable to this attack has firmware to resolve the same.
 
handinpalm

handinpalm

Getting comfortable
Joined
Sep 21, 2016
Messages
679
Reaction score
1,433
Location
Tampa Bay FL
Your friendly neighborhood CCP owns controlling stake of Hikvision (42%). Do you trust the CCP?
 
alastairstevenson

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,952
Reaction score
6,786
Location
Scotland
Ellesmin said:
Is there any option to find if the camera is vulnerable without exploiting
Click to expand...
There is a big thread here started by the researcher @watchful_ip that discovered the vulnerabilty, with posts from researcher @bashis who published POC code that will check non-destructively if a device is vulnerable.
An example of testing with the POC code :

Unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware (CVE-2021-36260)

Yes.
ipcamtalk.com ipcamtalk.com
 
You must log in or register to reply here.
Top