Jump to content
Security Installer Community

Recommended Posts

Posted

Part of the issue here is you don't need to port forward for the device to be at risk. Another part is that it isn't just this DVR, so many of them have issues.

 

CG, I've not had time to digest the whole thread and links, but are you saying that these devices have some inbuilt malware that's opening outbound connections and allowing attackers to reverse tunnel back through ?   If not, how are externals getting through the Firewall ?

Posted

You could still notify customers without broadcasting to the public. Even if all my customers were 100% secure, I'd still feel uneasy about such topic discussed in a public security forum.

The customers that don't get notified are still vulnerable and there'll be many out there that won't.

However unlikely it is to happen, it's still possible someone can gain criminal value from this topic. And that's not right no matter how you look at it.

Posted

CG, I've not had time to digest the whole thread and links, but are you saying that these devices have some inbuilt malware that's opening outbound connections and allowing attackers to reverse tunnel back through ?   If not, how are externals getting through the Firewall ?

As I understand it they are a weak way past your firewall

Posted

If I embed an image link in a web page or email:

http://192.168.3.101/shell?ps

And you visit that site, the request will be made to the DVR and it will act on it. I can't see the response, but that doesn't matter.

So you might have the DVR on another IP. WebRTC will allow me to find your PCs IP. I can then scan the rest of the IPs for the DVR, maybe checking for an image on the login page.

Then change ps for the reverse shell command. The DVR will then connect to my server and allow me to control it. This would only be stopped by outbound firewalling, which is rare on home and small business networks.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

Posted (edited)

You could still notify customers without broadcasting to the public. Even if all my customers were 100% secure, I'd still feel uneasy about such topic discussed in a public security forum.

The customers that don't get notified are still vulnerable and there'll be many out there that won't.

However unlikely it is to happen, it's still possible someone can gain criminal value from this topic. And that's not right no matter how you look at it.

 

We appear to be going round in circles on this topic.

 

The exploits discussed here are widely available to be viewed on much more popular sites.

Customers with a need for high security will already have their own IT experts (in theory) securing the network. If not, frankly that is their poor decision, not their 'physical' security suppliers, as most here will sell with a disclaimer re: open or remote access.

Any business here who this sold this exact equipment* (very few, if any I would say) will of course have raised this issue with customers.

It is highly unlikely this forum is a used or useful site for criminal activity.

 

*Although I appreciate it's pretty much a universal problem, to varying degrees

Edited by datadiffusion

So, I've decided to take my work back underground.... to stop it falling into the wrong hands

 

  • 2 weeks later...
Posted

From what I've gathered in reading, no home router is safe without an outbound firewall weather it has a dvr connected or not.

 

Port forwarding a dvr seems to create a flag for an easy entry route for the automated hackers?

 

Modern plug and play dvrs are just as vulnerable...

 

HIK dvrs are ok?

 

Hmm why tell the customer that you are creating a vulnerability in their network when the network already has a vulnerability with all these automated hacking things from abroad...unles you are port forwarding which seems old hat and not done much now. Please enlighten.

Posted

From what I've gathered in reading, no home router is safe without an outbound firewall weather it has a dvr connected or not.

 

Port forwarding a dvr seems to create a flag for an easy entry route for the automated hackers?

 

Modern plug and play dvrs are just as vulnerable...

 

HIK dvrs are ok?

 

Hmm why tell the customer that you are creating a vulnerability in their network when the network already has a vulnerability with all these automated hacking things from abroad...unles you are port forwarding which seems old hat and not done much now. Please enlighten.

 

a) The DVR is providing the pivot, put simply if the DVR is not connected there would be no access to the LAN.

b) Port Forwarding is opening a port through the firewall from the WAN to LAN. Therefore (in a domestic setup) if that LAN device is compromised there are no other layers of protection from other LAN devices.

c) Yes

d) There are no extensive tests on any DVR/NVR?

 

Plug and play are likely to be more vulnerable than port forwarded machines.

 

Most of these are on a P2P network which I would agree are highly likely to be more vulnerable.

I mentioned my opinions of the flaws with P2P DVR's, a while back.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.