Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
3307 posts

Uber Geek
+1 received by user: 895

Trusted
Lifetime subscriber

  # 1782191 15-May-2017 08:29
Send private message

jnimmo:

 

It's a bit like when your building security company installs a card access system and leaves the card encryption key as the well known default,  hmmm

 

 

Or leaves a card on string next to the door scanner :P

 

 

 

 


3360 posts

Uber Geek
+1 received by user: 716

Trusted

  # 1782301 15-May-2017 09:54
Send private message

Exactly - like if i was the designer of the wannacry malware, I would have had it bitcoin mining rather than encrypting data, on every pc, security camera and DVR i can get it on.





Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




 
 
 
 


3200 posts

Uber Geek
+1 received by user: 419


  # 1782668 15-May-2017 16:00
Send private message

sbiddle:

 

Oblivian:

 

With what little knowledge I have on this other than sorting a few routing issues with a mates NVR, I take it it's referring to cameras offering a cloud connect solution and or single IP units with the dodgy chinese-english firmware that they open up

 

Rather than a single point such as an NVR being the risky part with its built in password change requirements and NAT and such

 

 

It's not just cameras - NVR's are just as risky. The issue also isn't just people seeing your cameras, it's the fact that much of the Chinese hardware has such poor code there are well known backdoors for many brands so is also being utilised for DDOS attacks. 

 

There was also even a famous hack a few years ago using NVR's for bitcoin mining.

 

 

 

 

Hrm. So using the Hikvision remote app with the router doing an external port change to non standard NATing to standard inside one is at least a start... right (hopes)


22250 posts

Uber Geek
+1 received by user: 4777

Trusted
Subscriber

  # 1782733 15-May-2017 19:31
Send private message

Not sure why people think a non standard port helps. All ports get scanned and indexed by what answers.




Richard rich.ms

3200 posts

Uber Geek
+1 received by user: 419


  # 1782749 15-May-2017 20:06
Send private message

richms: Not sure why people think a non standard port helps. All ports get scanned and indexed by what answers.

 

Well short of not putting it on for him to remotely monitor, I couldn't find any other such ideal solution to at the least deter pre-set 'default known' attempts. VPN endpoiont and client would be too-hard bin material with most generic users.

 

Everything points at firmware fixes for the open holes in Hikvisions it seems, it has the latest. The default credentials - changed on install to the point he no longer even remembers admin (but made an administration user at the time) and the cameras are all sitting behind it's own NAT. But if people wanna check up on the dog in the back yard I doub't they will be too phased.


BDFL - Memuneh
63814 posts

Uber Geek
+1 received by user: 14273

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1782753 15-May-2017 20:09
Send private message

Oblivian:

 

Everything points at firmware fixes for the open holes in Hikvisions it seems, it has the latest. The default credentials - changed on install to the point he no longer even remembers admin (but made an administration user at the time) and the cameras are all sitting behind it's own NAT. But if people wanna check up on the dog in the back yard I doub't they will be too phased.

 

 

And we know John and Jane doe are highly skilled and system administrators and know that their crappy camera has a new firmware and even know how to update it...





3200 posts

Uber Geek
+1 received by user: 419


  # 1782756 15-May-2017 20:13
Send private message

freitasm:

 

Oblivian:

 

Everything points at firmware fixes for the open holes in Hikvisions it seems, it has the latest. The default credentials - changed on install to the point he no longer even remembers admin (but made an administration user at the time) and the cameras are all sitting behind it's own NAT. But if people wanna check up on the dog in the back yard I doub't they will be too phased.

 

 

And we know John and Jane doe are highly skilled and system administrators and know that their crappy camera has a new firmware and even know how to update it...

 

 

Indeed, at least as soon as I knew one was on premesis I pointed it out and made an attempt to secure it up :) Wasn't a simple case of jane purchases a good idea and plugs in.

 

And to that point, its even harder when they sell them online as 'hikvision' then turn up in a white box and only support ONVIF protocols. Keyword nabbers clearly. Often don't have a visible model number etc to source updates


 
 
 
 


22250 posts

Uber Geek
+1 received by user: 4777

Trusted
Subscriber

  # 1782759 15-May-2017 20:17
Send private message

There are many brands that hikvision OEM for, and they then become responsible for software updates, not hik. There are some white box varients of it available out of the US, but I have not seen any locally yet. Most are resellers of ones they get from aliexpress so have whatever hacked firmware to make it english on a chinese domestic model.





Richard rich.ms

3200 posts

Uber Geek
+1 received by user: 419


  # 1782763 15-May-2017 20:20
Send private message

richms:

 

There are many brands that hikvision OEM for, and they then become responsible for software updates, not hik. There are some white box varients of it available out of the US, but I have not seen any locally yet. Most are resellers of ones they get from aliexpress so have whatever hacked firmware to make it english on a chinese domestic model.

 

 

Tis what I fear some of them are. Mostly sourced from ebay ala ali. Where I could I jumped on them and turned off most the default services so the NVR only got the RTSP feeds 


BDFL - Memuneh
63814 posts

Uber Geek
+1 received by user: 14273

Administrator
Trusted
Geekzone
Lifetime subscriber

23 posts

Geek
+1 received by user: 2


  # 1784279 18-May-2017 14:40
Send private message

"I see there are now a few of the newer models of DVR on aliexpress now use a cloud system rather than port forwards so I am thinking of getting customers to request cloud connected models now instead of the ones that require port forwards

 

So your password now gets stored on a dodgy website in china, I guess that is an improvement to an actual open port.  I wonder how long it will be before someone will be selling addresses and logins to the cameras so the crims can just take a peak and figure out your habits (blackmail you?) and even if the house has anything worth stealing in it. Maybe once you have a IOT enabled fridge they can figure out what day to call so they get a good feed as well........nice.

 

Its also not just the aliexpress stuff either, when you start to look named brands seem little if any better.  

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


27961 posts

Uber Geek
+1 received by user: 7452

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1784305 18-May-2017 15:34
5 people support this post
Send private message

And a blog post I started a long time ago that I finally got around to updating and posting.

 

 

 

https://www.geekzone.co.nz/sbiddle/8941

 

 


2008 posts

Uber Geek
+1 received by user: 411

Subscriber

  # 1786771 23-May-2017 14:20
Send private message

 Thanks for that Steve. 


1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Scientists unveil image of quantum entanglement
Posted 13-Jul-2019 06:00


Hackers to be challenged at University of Waikato
Posted 12-Jul-2019 21:34


OPPO Reno Z now available in New Zealand
Posted 12-Jul-2019 21:28


Sony introduces WF-1000XM3 wireless headphones with noise cancellation
Posted 8-Jul-2019 16:56


Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20


New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09


ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05


New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35


Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18


E-scooter share scheme launches in Wellington
Posted 17-Jun-2019 12:34


Anyone can broadcast with Kordia Pop Up TV
Posted 13-Jun-2019 10:51


Volvo and Uber present production vehicle ready for self-driving
Posted 13-Jun-2019 10:47


100,000 customers connected to fibre broadband network through Enable
Posted 13-Jun-2019 10:35


5G uptake even faster than expected
Posted 12-Jun-2019 10:01



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.