Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
3336 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1782191 15-May-2017 08:29
Send private message

jnimmo:

 

It's a bit like when your building security company installs a card access system and leaves the card encryption key as the well known default,  hmmm

 

 

Or leaves a card on string next to the door scanner :P

 

 

 

 


3385 posts

Uber Geek

Trusted

  # 1782301 15-May-2017 09:54
Send private message

Exactly - like if i was the designer of the wannacry malware, I would have had it bitcoin mining rather than encrypting data, on every pc, security camera and DVR i can get it on.





Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




 
 
 
 


3280 posts

Uber Geek


  # 1782668 15-May-2017 16:00
Send private message

sbiddle:

 

Oblivian:

 

With what little knowledge I have on this other than sorting a few routing issues with a mates NVR, I take it it's referring to cameras offering a cloud connect solution and or single IP units with the dodgy chinese-english firmware that they open up

 

Rather than a single point such as an NVR being the risky part with its built in password change requirements and NAT and such

 

 

It's not just cameras - NVR's are just as risky. The issue also isn't just people seeing your cameras, it's the fact that much of the Chinese hardware has such poor code there are well known backdoors for many brands so is also being utilised for DDOS attacks. 

 

There was also even a famous hack a few years ago using NVR's for bitcoin mining.

 

 

 

 

Hrm. So using the Hikvision remote app with the router doing an external port change to non standard NATing to standard inside one is at least a start... right (hopes)


22339 posts

Uber Geek

Trusted
Subscriber

  # 1782733 15-May-2017 19:31
Send private message

Not sure why people think a non standard port helps. All ports get scanned and indexed by what answers.




Richard rich.ms

3280 posts

Uber Geek


  # 1782749 15-May-2017 20:06
Send private message

richms: Not sure why people think a non standard port helps. All ports get scanned and indexed by what answers.

 

Well short of not putting it on for him to remotely monitor, I couldn't find any other such ideal solution to at the least deter pre-set 'default known' attempts. VPN endpoiont and client would be too-hard bin material with most generic users.

 

Everything points at firmware fixes for the open holes in Hikvisions it seems, it has the latest. The default credentials - changed on install to the point he no longer even remembers admin (but made an administration user at the time) and the cameras are all sitting behind it's own NAT. But if people wanna check up on the dog in the back yard I doub't they will be too phased.


BDFL - Memuneh
64235 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1782753 15-May-2017 20:09
Send private message

Oblivian:

 

Everything points at firmware fixes for the open holes in Hikvisions it seems, it has the latest. The default credentials - changed on install to the point he no longer even remembers admin (but made an administration user at the time) and the cameras are all sitting behind it's own NAT. But if people wanna check up on the dog in the back yard I doub't they will be too phased.

 

 

And we know John and Jane doe are highly skilled and system administrators and know that their crappy camera has a new firmware and even know how to update it...





3280 posts

Uber Geek


  # 1782756 15-May-2017 20:13
Send private message

freitasm:

 

Oblivian:

 

Everything points at firmware fixes for the open holes in Hikvisions it seems, it has the latest. The default credentials - changed on install to the point he no longer even remembers admin (but made an administration user at the time) and the cameras are all sitting behind it's own NAT. But if people wanna check up on the dog in the back yard I doub't they will be too phased.

 

 

And we know John and Jane doe are highly skilled and system administrators and know that their crappy camera has a new firmware and even know how to update it...

 

 

Indeed, at least as soon as I knew one was on premesis I pointed it out and made an attempt to secure it up :) Wasn't a simple case of jane purchases a good idea and plugs in.

 

And to that point, its even harder when they sell them online as 'hikvision' then turn up in a white box and only support ONVIF protocols. Keyword nabbers clearly. Often don't have a visible model number etc to source updates


 
 
 
 


22339 posts

Uber Geek

Trusted
Subscriber

  # 1782759 15-May-2017 20:17
Send private message

There are many brands that hikvision OEM for, and they then become responsible for software updates, not hik. There are some white box varients of it available out of the US, but I have not seen any locally yet. Most are resellers of ones they get from aliexpress so have whatever hacked firmware to make it english on a chinese domestic model.





Richard rich.ms

3280 posts

Uber Geek


  # 1782763 15-May-2017 20:20
Send private message

richms:

 

There are many brands that hikvision OEM for, and they then become responsible for software updates, not hik. There are some white box varients of it available out of the US, but I have not seen any locally yet. Most are resellers of ones they get from aliexpress so have whatever hacked firmware to make it english on a chinese domestic model.

 

 

Tis what I fear some of them are. Mostly sourced from ebay ala ali. Where I could I jumped on them and turned off most the default services so the NVR only got the RTSP feeds 


BDFL - Memuneh
64235 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

23 posts

Geek


  # 1784279 18-May-2017 14:40
Send private message

"I see there are now a few of the newer models of DVR on aliexpress now use a cloud system rather than port forwards so I am thinking of getting customers to request cloud connected models now instead of the ones that require port forwards

 

So your password now gets stored on a dodgy website in china, I guess that is an improvement to an actual open port.  I wonder how long it will be before someone will be selling addresses and logins to the cameras so the crims can just take a peak and figure out your habits (blackmail you?) and even if the house has anything worth stealing in it. Maybe once you have a IOT enabled fridge they can figure out what day to call so they get a good feed as well........nice.

 

Its also not just the aliexpress stuff either, when you start to look named brands seem little if any better.  

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


28127 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1784305 18-May-2017 15:34
5 people support this post
Send private message

And a blog post I started a long time ago that I finally got around to updating and posting.

 

 

 

https://www.geekzone.co.nz/sbiddle/8941

 

 


2023 posts

Uber Geek

Subscriber

  # 1786771 23-May-2017 14:20
Send private message

 Thanks for that Steve. 


1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel expands 10th Gen Intel Core Mobile processor family
Posted 23-Aug-2019 10:22


Digital innovation drives new investment provider
Posted 23-Aug-2019 08:29


Catalyst Cloud becomes a Kubernetes Certified Service Provider (KCSP)
Posted 23-Aug-2019 08:21


New AI legaltech product launched in New Zealand
Posted 21-Aug-2019 17:01


Yubico launches first Lightning-compatible security key, the YubiKey 5Ci
Posted 21-Aug-2019 16:46


Disney+ streaming service confirmed launch in New Zealand
Posted 20-Aug-2019 09:29


Industry plan could create a billion dollar interactive games sector
Posted 19-Aug-2019 20:41


Personal cyber insurance a New Zealand first
Posted 19-Aug-2019 20:26


University of Waikato launches space for esports
Posted 19-Aug-2019 20:20


D-Link ANZ expands mydlink ecosystem with new mydlink Mini Wi-Fi Smart Plug
Posted 19-Aug-2019 20:14


Kiwi workers still falling victim to old cyber tricks
Posted 12-Aug-2019 20:47


Lightning Lab GovTech launches 2019 programme
Posted 12-Aug-2019 20:41


Epson launches portable laser projector
Posted 12-Aug-2019 20:27


Huawei launches new distributed HarmonyOS
Posted 12-Aug-2019 20:20


Lenovo introduces single-socket servers for edge and data-intensive workloads
Posted 9-Aug-2019 21:26



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.