GalaxyGuy Posted February 20, 2016 Posted February 20, 2016 Part of the issue here is you don't need to port forward for the device to be at risk. Another part is that it isn't just this DVR, so many of them have issues. CG, I've not had time to digest the whole thread and links, but are you saying that these devices have some inbuilt malware that's opening outbound connections and allowing attackers to reverse tunnel back through ? If not, how are externals getting through the Firewall ? Quote
ElecTech Posted February 20, 2016 Posted February 20, 2016 You could still notify customers without broadcasting to the public. Even if all my customers were 100% secure, I'd still feel uneasy about such topic discussed in a public security forum. The customers that don't get notified are still vulnerable and there'll be many out there that won't. However unlikely it is to happen, it's still possible someone can gain criminal value from this topic. And that's not right no matter how you look at it. Quote
PeterJames Posted February 20, 2016 Posted February 20, 2016 CG, I've not had time to digest the whole thread and links, but are you saying that these devices have some inbuilt malware that's opening outbound connections and allowing attackers to reverse tunnel back through ? If not, how are externals getting through the Firewall ? As I understand it they are a weak way past your firewall Quote
GalaxyGuy Posted February 21, 2016 Posted February 21, 2016 Please privide info of firewall penetration without some form of punch through! Quote
cybergibbons Posted February 21, 2016 Author Posted February 21, 2016 If I embed an image link in a web page or email: http://192.168.3.101/shell?ps And you visit that site, the request will be made to the DVR and it will act on it. I can't see the response, but that doesn't matter. So you might have the DVR on another IP. WebRTC will allow me to find your PCs IP. I can then scan the rest of the IPs for the DVR, maybe checking for an image on the login page. Then change ps for the reverse shell command. The DVR will then connect to my server and allow me to control it. This would only be stopped by outbound firewalling, which is rare on home and small business networks. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
cybergibbons Posted February 21, 2016 Author Posted February 21, 2016 These attacks regularly happen against routers and are automated and embedded on far more sites than you'd imagine. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/
datadiffusion Posted February 21, 2016 Posted February 21, 2016 (edited) You could still notify customers without broadcasting to the public. Even if all my customers were 100% secure, I'd still feel uneasy about such topic discussed in a public security forum. The customers that don't get notified are still vulnerable and there'll be many out there that won't. However unlikely it is to happen, it's still possible someone can gain criminal value from this topic. And that's not right no matter how you look at it. We appear to be going round in circles on this topic. The exploits discussed here are widely available to be viewed on much more popular sites. Customers with a need for high security will already have their own IT experts (in theory) securing the network. If not, frankly that is their poor decision, not their 'physical' security suppliers, as most here will sell with a disclaimer re: open or remote access. Any business here who this sold this exact equipment* (very few, if any I would say) will of course have raised this issue with customers. It is highly unlikely this forum is a used or useful site for criminal activity. *Although I appreciate it's pretty much a universal problem, to varying degrees Edited February 21, 2016 by datadiffusion Quote So, I've decided to take my work back underground.... to stop it falling into the wrong hands
Rob Kirk Posted March 2, 2016 Posted March 2, 2016 From what I've gathered in reading, no home router is safe without an outbound firewall weather it has a dvr connected or not. Port forwarding a dvr seems to create a flag for an easy entry route for the automated hackers? Modern plug and play dvrs are just as vulnerable... HIK dvrs are ok? Hmm why tell the customer that you are creating a vulnerability in their network when the network already has a vulnerability with all these automated hacking things from abroad...unles you are port forwarding which seems old hat and not done much now. Please enlighten. Quote
sixwheeledbeast Posted March 3, 2016 Posted March 3, 2016 From what I've gathered in reading, no home router is safe without an outbound firewall weather it has a dvr connected or not. Port forwarding a dvr seems to create a flag for an easy entry route for the automated hackers? Modern plug and play dvrs are just as vulnerable... HIK dvrs are ok? Hmm why tell the customer that you are creating a vulnerability in their network when the network already has a vulnerability with all these automated hacking things from abroad...unles you are port forwarding which seems old hat and not done much now. Please enlighten. a) The DVR is providing the pivot, put simply if the DVR is not connected there would be no access to the LAN. b) Port Forwarding is opening a port through the firewall from the WAN to LAN. Therefore (in a domestic setup) if that LAN device is compromised there are no other layers of protection from other LAN devices. c) Yes d) There are no extensive tests on any DVR/NVR? Plug and play are likely to be more vulnerable than port forwarded machines. Most of these are on a P2P network which I would agree are highly likely to be more vulnerable. I mentioned my opinions of the flaws with P2P DVR's, a while back. Quote
james.wilson Posted March 3, 2016 Posted March 3, 2016 Ask the questions, make your clients aware and upgrade as a minimum I'd say Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount.
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.