Work Camera Hacked

[b0wie]

We have an ipcam at work and when we checked it today it had been hacked into, The camera name was changed and there is a big red box in the middle of the screen. The name can be changed back but I don't know how to remove the red box, does anyone know how to do this?. It is in the saved video feed. I was hoping not to have to factory reset it because I am not tech savvy and had a friend set it up for me a while back. Thanks for any help.

 

[alastairstevenson]

Have you tried power-cycling the camera to see if the red box goes away?
If you are lucky, the changes may not be permanent.

If the red box persists, the easiest next step would be to re-install the same version of firmware that's installed.
Though there is no guarantee that would be effective, easy enough to try.

Can you put up a screenshot of the system info page?

 

[Walrus]

@b0wie
Possibly look for a privacy mask setting somewhere, could be on the overlay tab.

Most cams have this option for where you are required to mask out public areas (eg not allowed to record the street or your neighbours house/yard).

 

[mat200]

We have an ipcam at work and when we checked it today it had been hacked into, The camera name was changed and there is a big red box in the middle of the screen. The name can be changed back but I don't know how to remove the red box, does anyone know how to do this?. It is in the saved video feed. I was hoping not to have to factory reset it because I am not tech savvy and had a friend set it up for me a while back. Thanks for any help. ..

Welcome @b0wie

Is the camera exposed to the internet? ( connected to the internet ).

If it is, you're going to want to secure your network because it will get cyberjacked again.

 

[tangent]

I'd agree that the red boxes are likely privacy masking. The text on the image is going to be changed by a setting for overlay or channel caption / title. Both of these settings are likely to survive a reboot. Hopefully, you're lucky and this was more of a prank to alert you to the vulnerability than something truly malicious. The next hacker may not be so kind.

The bigger question is how did they get access to the camera and how can you secure it?
- If you forwarded ports in your router to the camera you should stop doing that and find a more secure method of accessing the camera.
- If UPnP is enabled on your router, disable it. UPnP allows devices on your network to automatically set up port forwarding.
- Disable P2P type services for remote access to the camera. I can't be certain, but from the screenshot you posted, I think this camera may be affected by a recent vulnerability in the P2P service used in some cameras.
- Delete any extra user accounts that have been added, change your password to something random and long
- Make sure DDNS settings weren't added to the camera
- Prevent things like guest wifi from being able to access the cameras

 

[RyanODan]

I'd agree that the red boxes are likely privacy masking. The text on the image is going to be changed by a setting for overlay or channel caption / title. Both of these settings are likely to survive a reboot. Hopefully, you're lucky and this was more of a prank to alert you to the vulnerability than something truly malicious. The next hacker may not be so kind.

The bigger question is how did they get access to the camera and how can you secure it?
- If you forwarded ports in your router to the camera you should stop doing that and find a more secure method of accessing the camera.
- If UPnP is enabled on your router, disable it. UPnP allows devices on your network to automatically set up port forwarding.
- Disable P2P type services for remote access to the camera. I can't be certain, but from the screenshot you posted, I think this camera my be affected by a recent vulnerability in the P2P service used in some cameras.
- Delete any extra user accounts that have been added, change your password
- Make sure DDNS settings weren't added to the camera
- Prevent things like guest wifi from being able to access the cameras

Has there been a CVE issued for this? "a recent vulnerability in the P2P service used in some cameras."

 

[tangent]

Has there been a CVE issued for this? "a recent vulnerability in the P2P service used in some cameras."

yes, this is the one I was thinking of: P2P Weakness Exposes Millions of IoT Devices — Krebs on Security
not sure if this camera is part of this or not.

CVE-2019-11219, CVE-2019-11220.

 

[jon2]

Hi this looks like a camera i used to have..
it is a privacy window they is different colours you can use. it's easy to take away you have 2 choices.
1 go to settings at the top it will be near monitor. select Advanced settings it might sat video shade click on that it should bring another window up. were you can block a view or unblock. untick anything that is ticked and tick apply that should clear the window.
2 you can do a factory reset. again in settings go to System and select Initialize here you can either reboot or factory reset.
hope this helps,,

 

[b0wie]

Hey guys, thanks for the help, it was what jon2 suggested, I finally removed it, I will be alot more careful from now on,thanks again!

 

[mat200]

Hey guys, thanks for the help, it was what jon2 suggested, I finally removed it, I will be alot more careful from now on,thanks again!

Hi @b0wie

I would recommend doing a good anti-malware scan now on all computers connected to that LAN, you never know if the attack hit other machines at this point.

 

[tangent]

Hi @b0wie

I would recommend doing a good anti-malware scan now on all computers connected to that LAN, you never know if the attack hit other machines at this point.

It works the other direction too, a compromised computer could lead to a hacked camera or other device.