Hackers squeeze through DVR hole, break into CCTV cameras

S

SimonH2

Joined
4 Nov 2010
Messages
6,181
Reaction score
662
Location
Cumbria
Country
United Kingdom
Don't know if anyone saw this on TheRegister :
Hackers squeeze through DVR hole, break into CCTV cameras
Miscreants can copy, delete streams and even control the device

The digital video recorders of several CCTV video cameras are vulnerable to attacks that create a means for hackers to watch, copy or delete video streams, according to security researchers.

The researchers added that unless systems are properly firewalled, security flaws in the the firmware of the DVR platform also create a jumping-off point for attacks aimed at networks supporting these devices. The hackable CCTV devices from an estimated 19 manufacturers all use allegedly vulnerable firmware from the Guangdong, China-based firm Ray Sharp.

...

Scans suggest 58,000 hackable video boxes across 150 countries are vulnerable to attack.

...
Click to expand...
In short, the DVR code has security issues which make it accessible without logging in - which wouldn't be too bad if it were just visible on it's own network. However, the device also uses uPNP to ask the router to open up a hole in any firewall and make an inbound port mapping - which then makes the vulnerable device appear on your outside internet connection. And the third bit of the jigsaw is that many (most ?) consumer routers ship with uPNP enabled by default and few users realise just what a gaping security hole this is - I always turn it off when setting up a router as it's a completely f***ing stupid feature to have on.
 
Sponsored Links
Hi Simon,

You call yourself an amateur. I don't think so. That is an excellent piece of advice just when I was about to invest in a bog standard 4 channel system. I'll call on you before making a purchase decision, that's if you don't mind. Very good post though.

Thanks very much.

CD
 
Simon, thanks for reminding me about The Register, used to read it a lot at one time then lost the link during a laptop change.

Again thank you.
 
chaindaisy said:
Hi Simon,

You call yourself an amateur. I don't think so. That is an excellent piece of advice just when I was about to invest in a bog standard 4 channel system. I'll call on you before making a purchase decision, that's if you don't mind. Very good post though.

Thanks very much.

CD
Click to expand...
Buy the Swann shore and you can experience it first hand.

For someone who claims to be trade and not knowing what bog standard kit to buy?
 
Sponsored Links
Hi Simon,

Yes, alumni is quite right, I am very much in the trade. However, I was not aware of the information you so rightly provided. It is anyone's guess whether alumni had knowledge of that same information. I doubt if alumni shall fulfill his role and explain to us in detail the negatives of a Swann system, I doubt further that he has ever seen one, since I have only heard positives as regards the Swann. And yes, I'm in the trade and never seen one. I can drive a car also, but never seen a rolls royce silver cloud.

Sorry to bother you mate.

Take care,

CD.
 
Well I can't advise on any particular unit as I know "not a lot" about them and haven't used one.
I assume a lot of installers won't be "networking people" - having come to networked cameras etc from the security side rather than the computing/networking side. That's not a criticism, just an observation - and I'm sure there are exceptions.
I've seen the same with control systems - recently I had to diagnose a problem where a customer at work has (something*) installed and when plugged into his network it caused all sorts of problems. It's clear the control guys were good at controls ('proper' PLC stuff) but just didn't understand networking - for one thing, when talking to me he always talked about the IP address, but when I looked into it there were in fact 3 items using IP to communicate. One of those items was on the same IP as the customer's PBX.

* Can't say what as it would instantly identify the guilty party.

Edit: I'm sure if I tried my hand at control systems then the roles would be reversed !
 
chaindaisy said:
Hi Simon,

Yes, alumni is quite right, I am very much in the trade. However, I was not aware of the information you so rightly provided. It is anyone's guess whether alumni had knowledge of that same information. I doubt if alumni shall fulfill his role and explain to us in detail the negatives of a Swann system, I doubt further that he has ever seen one, since I have only heard positives as regards the Swann. And yes, I'm in the trade and never seen one. I can drive a car also, but never seen a rolls royce silver cloud.

Sorry to bother you mate.

Take care,

CD.
Click to expand...
Here ya go Tolstoy. Knock yourself out.
https://community.rapid7.com/commun...sharp-cctv-dvr-password-retrieval-remote-root

You do make me laugh with your funny little comments.
 
D

DIYnot Local

Staff member

If you need to find a tradesperson to get your job done, please try our local search below, or if you are doing it yourself you can find suppliers local to you.

Select the supplier or trade you require, enter your location to begin your search.


Are you a trade or supplier? You can create your listing free at DIYnot Local

 
You must log in or register to reply here.
Sponsored Links

Similar threads

T
My £180 4CH CCTV Setup - A Review
2 3
Replies
35
Views
26K
sparkymarka
sparkymarka
Back
Top