Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)CCTV insecurity
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
tripp
3848 posts

Uber Geek

Trusted
Lifetime subscriber

  #1782191 15-May-2017 08:29
Send private message

jnimmo:

 

It's a bit like when your building security company installs a card access system and leaves the card encryption key as the well known default,  hmmm

 

 

Or leaves a card on string next to the door scanner :P

 

 

 

 



raytaylor
4014 posts

Uber Geek

Trusted

  #1782301 15-May-2017 09:54
Send private message

Exactly - like if i was the designer of the wannacry malware, I would have had it bitcoin mining rather than encrypting data, on every pc, security camera and DVR i can get it on.





Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

Oblivian
7300 posts

Uber Geek

ID Verified

  #1782668 15-May-2017 16:00
Send private message

sbiddle:

 

Oblivian:

 

With what little knowledge I have on this other than sorting a few routing issues with a mates NVR, I take it it's referring to cameras offering a cloud connect solution and or single IP units with the dodgy chinese-english firmware that they open up

 

Rather than a single point such as an NVR being the risky part with its built in password change requirements and NAT and such

 

 

It's not just cameras - NVR's are just as risky. The issue also isn't just people seeing your cameras, it's the fact that much of the Chinese hardware has such poor code there are well known backdoors for many brands so is also being utilised for DDOS attacks. 

 

There was also even a famous hack a few years ago using NVR's for bitcoin mining.

 

 

 

 

Hrm. So using the Hikvision remote app with the router doing an external port change to non standard NATing to standard inside one is at least a start... right (hopes)



richms
28187 posts

Uber Geek

Trusted
Lifetime subscriber

  #1782733 15-May-2017 19:31
Send private message

Not sure why people think a non standard port helps. All ports get scanned and indexed by what answers.




Richard rich.ms

Oblivian
7300 posts

Uber Geek

ID Verified

  #1782749 15-May-2017 20:06
Send private message

richms: Not sure why people think a non standard port helps. All ports get scanned and indexed by what answers.

 

Well short of not putting it on for him to remotely monitor, I couldn't find any other such ideal solution to at the least deter pre-set 'default known' attempts. VPN endpoiont and client would be too-hard bin material with most generic users.

 

Everything points at firmware fixes for the open holes in Hikvisions it seems, it has the latest. The default credentials - changed on install to the point he no longer even remembers admin (but made an administration user at the time) and the cameras are all sitting behind it's own NAT. But if people wanna check up on the dog in the back yard I doub't they will be too phased.

freitasm
BDFL - Memuneh
79289 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1782753 15-May-2017 20:09
Send private message

Oblivian:

 

Everything points at firmware fixes for the open holes in Hikvisions it seems, it has the latest. The default credentials - changed on install to the point he no longer even remembers admin (but made an administration user at the time) and the cameras are all sitting behind it's own NAT. But if people wanna check up on the dog in the back yard I doub't they will be too phased.

 

 

And we know John and Jane doe are highly skilled and system administrators and know that their crappy camera has a new firmware and even know how to update it...




Please support Geekzone by subscribing, or using one of our referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync 

Oblivian
7300 posts

Uber Geek

ID Verified

  #1782756 15-May-2017 20:13
Send private message

freitasm:

 

Oblivian:

 

Everything points at firmware fixes for the open holes in Hikvisions it seems, it has the latest. The default credentials - changed on install to the point he no longer even remembers admin (but made an administration user at the time) and the cameras are all sitting behind it's own NAT. But if people wanna check up on the dog in the back yard I doub't they will be too phased.

 

 

And we know John and Jane doe are highly skilled and system administrators and know that their crappy camera has a new firmware and even know how to update it...

 

 

Indeed, at least as soon as I knew one was on premesis I pointed it out and made an attempt to secure it up :) Wasn't a simple case of jane purchases a good idea and plugs in.

 

And to that point, its even harder when they sell them online as 'hikvision' then turn up in a white box and only support ONVIF protocols. Keyword nabbers clearly. Often don't have a visible model number etc to source updates

 
 
 
 

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.
richms
28187 posts

Uber Geek

Trusted
Lifetime subscriber

  #1782759 15-May-2017 20:17
Send private message

There are many brands that hikvision OEM for, and they then become responsible for software updates, not hik. There are some white box varients of it available out of the US, but I have not seen any locally yet. Most are resellers of ones they get from aliexpress so have whatever hacked firmware to make it english on a chinese domestic model.




Richard rich.ms

Oblivian
7300 posts

Uber Geek

ID Verified

  #1782763 15-May-2017 20:20
Send private message

richms:

 

There are many brands that hikvision OEM for, and they then become responsible for software updates, not hik. There are some white box varients of it available out of the US, but I have not seen any locally yet. Most are resellers of ones they get from aliexpress so have whatever hacked firmware to make it english on a chinese domestic model.

 

 

Tis what I fear some of them are. Mostly sourced from ebay ala ali. Where I could I jumped on them and turned off most the default services so the NVR only got the RTSP feeds 

freitasm
BDFL - Memuneh
79289 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1782766 15-May-2017 20:24
Send private message

Like most things in IoT (Internet of Things), which I call Internet of Unsecure Things...




Please support Geekzone by subscribing, or using one of our referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync 

gzcwnk
23 posts

Geek


  #1784279 18-May-2017 14:40
Send private message

"I see there are now a few of the newer models of DVR on aliexpress now use a cloud system rather than port forwards so I am thinking of getting customers to request cloud connected models now instead of the ones that require port forwards

 

So your password now gets stored on a dodgy website in china, I guess that is an improvement to an actual open port.  I wonder how long it will be before someone will be selling addresses and logins to the cameras so the crims can just take a peak and figure out your habits (blackmail you?) and even if the house has anything worth stealing in it. Maybe once you have a IOT enabled fridge they can figure out what day to call so they get a good feed as well........nice.

 

Its also not just the aliexpress stuff either, when you start to look named brands seem little if any better.  

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #1784305 18-May-2017 15:34
Send private message

And a blog post I started a long time ago that I finally got around to updating and posting.

 

 

 

https://www.geekzone.co.nz/sbiddle/8941

 

 

linw
2849 posts

Uber Geek


  #1786771 23-May-2017 14:20
Send private message

 Thanks for that Steve. 

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright