Work Camera Hacked

b0wie

n3wb
May 6, 2019
2
2
london
We have an ipcam at work and when we checked it today it had been hacked into, The camera name was changed and there is a big red box in the middle of the screen. The name can be changed back but I don't know how to remove the red box, does anyone know how to do this?. It is in the saved video feed. I was hoping not to have to factory reset it because I am not tech savvy and had a friend set it up for me a while back. Thanks for any help.
 
Last edited:
  • Like
Reactions: mat200
Have you tried power-cycling the camera to see if the red box goes away?
If you are lucky, the changes may not be permanent.

If the red box persists, the easiest next step would be to re-install the same version of firmware that's installed.
Though there is no guarantee that would be effective, easy enough to try.

Can you put up a screenshot of the system info page?
 
  • Like
Reactions: mat200
We have an ipcam at work and when we checked it today it had been hacked into, The camera name was changed and there is a big red box in the middle of the screen. The name can be changed back but I don't know how to remove the red box, does anyone know how to do this?. It is in the saved video feed. I was hoping not to have to factory reset it because I am not tech savvy and had a friend set it up for me a while back. Thanks for any help. ..

Welcome @b0wie

Is the camera exposed to the internet? ( connected to the internet ).

If it is, you're going to want to secure your network because it will get cyberjacked again.
 
  • Like
Reactions: RyanODan
I'd agree that the red boxes are likely privacy masking. The text on the image is going to be changed by a setting for overlay or channel caption / title. Both of these settings are likely to survive a reboot. Hopefully, you're lucky and this was more of a prank to alert you to the vulnerability than something truly malicious. The next hacker may not be so kind.

The bigger question is how did they get access to the camera and how can you secure it?
- If you forwarded ports in your router to the camera you should stop doing that and find a more secure method of accessing the camera.
- If UPnP is enabled on your router, disable it. UPnP allows devices on your network to automatically set up port forwarding.
- Disable P2P type services for remote access to the camera. I can't be certain, but from the screenshot you posted, I think this camera may be affected by a recent vulnerability in the P2P service used in some cameras.
- Delete any extra user accounts that have been added, change your password to something random and long
- Make sure DDNS settings weren't added to the camera
- Prevent things like guest wifi from being able to access the cameras
 
Last edited:
I'd agree that the red boxes are likely privacy masking. The text on the image is going to be changed by a setting for overlay or channel caption / title. Both of these settings are likely to survive a reboot. Hopefully, you're lucky and this was more of a prank to alert you to the vulnerability than something truly malicious. The next hacker may not be so kind.

The bigger question is how did they get access to the camera and how can you secure it?
- If you forwarded ports in your router to the camera you should stop doing that and find a more secure method of accessing the camera.
- If UPnP is enabled on your router, disable it. UPnP allows devices on your network to automatically set up port forwarding.
- Disable P2P type services for remote access to the camera. I can't be certain, but from the screenshot you posted, I think this camera my be affected by a recent vulnerability in the P2P service used in some cameras.
- Delete any extra user accounts that have been added, change your password
- Make sure DDNS settings weren't added to the camera
- Prevent things like guest wifi from being able to access the cameras

Has there been a CVE issued for this? "a recent vulnerability in the P2P service used in some cameras."
 
Hi this looks like a camera i used to have..
it is a privacy window they is different colours you can use. it's easy to take away you have 2 choices.
1 go to settings at the top it will be near monitor. select Advanced settings it might sat video shade click on that it should bring another window up. were you can block a view or unblock. untick anything that is ticked and tick apply that should clear the window.
2 you can do a factory reset. again in settings go to System and select Initialize here you can either reboot or factory reset.
hope this helps,,
 
Hey guys, thanks for the help, it was what jon2 suggested, I finally removed it, I will be alot more careful from now on,thanks again!
 
  • Like
Reactions: mat200
Hey guys, thanks for the help, it was what jon2 suggested, I finally removed it, I will be alot more careful from now on,thanks again!

Hi @b0wie

I would recommend doing a good anti-malware scan now on all computers connected to that LAN, you never know if the attack hit other machines at this point.
 
  • Like
Reactions: tangent
Hi @b0wie

I would recommend doing a good anti-malware scan now on all computers connected to that LAN, you never know if the attack hit other machines at this point.
It works the other direction too, a compromised computer could lead to a hacked camera or other device.
 
  • Like
Reactions: mat200