Jump to content
Security Installer Community

Cheap Dvr Leaves Your Network Vulnerable To Attack

cybergibbons

By cybergibbons
in Members Lounge (Public)

 Share

Recommended Posts

al-yeti Mentor

al-yeti

Posted
Posted

Problem is mass market will raise eyebrows and say oh well I bought it now and the £300 brigade installed it so who cares

So then moving onto higher end products is where we want to see this secure

cybergibbons Newbie

cybergibbons

Posted
  • Author
Posted

it not quite a real world issue (yet)

 

I'd be very surprised if this wasn't being used already. It took less than a few hours to find the issue, and we've certainly seen attacks of this type carried out against home and business routers.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

ElecTech Newbie

ElecTech

Posted
Posted

Yeah I agree with a few of the posts, low end of the market wont care less, and chances are will never know about all this unless it hits main stream media, which I cant see happening.

 

Saying all that, you say cheaper DVR's... what's a buyer to look for to avoid this in the "expensive" DVR's....? Is there something in the spec we should be looking for that makes it less vulnerable?

al-yeti Mentor

al-yeti

Posted
Posted

CG your point is the DVR makes an open way to get to the rest of the network which for some can be disastrous , what about any DVRs being used in data sensitive companies , looks asthough any using hikvision here , what are they like in terms of security

cybergibbons Newbie

cybergibbons

Posted
  • Author
Posted

I suppose any device that has port forwarding could be used in this way. It's a bit over my head but are you saying even if not port forwarded the device can be used?

 

So, if you port-forward, it's obvious - Shodan will find the unit, and because it has a distinctive HTTP header, can be found. We can see 44k of them by this means.

 

But if I add the following HTML to a web page:

 

<IMG SRC="http://192.168.1.201/shell?[commandfor reverse shell]">, and you visit that site, the DVR will connect back to me, so I can control it.

 

That's just for one IP. so I'd use JavaScript and essentially check all likely internal IPs.

 

This is because it is lacking cross-site request forgery protection.

Yeah I agree with a few of the posts, low end of the market wont care less, and chances are will never know about all this unless it hits main stream media, which I cant see happening.

 

Saying all that, you say cheaper DVR's... what's a buyer to look for to avoid this in the "expensive" DVR's....? Is there something in the spec we should be looking for that makes it less vulnerable?

 

It's not a lack of functionality or spec really, unless they write "No backdoors! No hardcoded passwords!".

Even some fairly expensive DVRs have some issues:

http://www.theregister.co.uk/2016/02/18/blank_519070_the_pin_to_enter_to_pwn_80k_online_security_cams/

CG your point is the DVR makes an open way to get to the rest of the network which for some can be disastrous , what about any DVRs being used in data sensitive companies , looks asthough any using hikvision here , what are they like in terms of security

 

Hikvision have had problems in the past:

https://community.rapid7.com/community/metasploit/blog/2014/11/19/r7-2014-18-hikvision-dvr-devices--multiple-vulnerabilities

 

They were responsive when I spoke to them about issues with IP cameras though.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

ElecTech Newbie

ElecTech

Posted
Posted

This should be in trade only in my opinion. Yeah it might be splattered all over the web but site rules don't allow default engineer codes let alone back doors to DVRs....? I agree the issue should be raised but not in public view.

And anyway, from an installation point of view, what's the solution?

datadiffusion Newbie

datadiffusion

Posted
Posted

We don't allow engineer defaulting info as a matter of principle, anyone with half a brain could find them elsewhere in seconds more's the pity, but there you go.

 

So I don't think we need to be over protective on this subject, that's my personal opinion anyway.

So, I've decided to take my work back underground.... to stop it falling into the wrong hands

 

PeterJames Mentor

PeterJames

Posted
Posted

I get 100s of emails every week from scammers trying to get me to open attachments so that they can sneak onto my network, it wont be long until they sus there is an easier way to get peoples networks. Mind you they cant log into my bank without a pin sentry my card and pin number, they cant log into my inland revenue account without giving a stool and blood sample (they are welcome to pay my tax return anyway) they cant get any sensitive information from my computer because I just do nerdy stuff with it. They could download my movies from my home server, I think they would get board looking round my world though

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.


×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept