Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Hard-coded password exposes up to 46,000 video surveillance DVRs to hacking
IDG News Service ^ | Feb 17, 2016 10:25 AM PT | Lucian Constantin

Posted on 02/17/2016 8:44:52 PM PST by Utilizer

Up to 46,000 Internet-accessible digital video recorders (DVRs) that are used to monitor and record video streams from surveillance cameras in homes and businesses can easily be taken over by hackers.

According to security researchers from vulnerability intelligence firm Risk Based Security (RBS), all the devices share the same basic vulnerability: They accept a hard-coded, unchangeable password for the highest-privileged user in their software -- the root account.

Using hard-coded passwords and hidden support accounts was a common practice a decade ago, when security did not play a large role in product design and development. That mentality has changed in recent years and many vendors, including large networking and security appliance makers, are frequently issuing firmware updates to fix such basic flaws when they are discovered by internal and external security audits.

But then there are some vendors who never learn. That appears to be the case for Zhuhai RaySharp Technology, a Chinese manufacturer of video surveillance systems, including cameras and accompanying DVRs.

(Excerpt) Read more at csoonline.com ...


TOPICS: Business/Economy; Computers/Internet
KEYWORDS: cameras; encryption; iphone; malware; nsa; passwords; security; surveillance
Much more info on the referenced site. For individuals such as I who of necessity are required to deal with security cams and computers in general, not to mention DVRs of several makes and models, this is a definite problem!
1 posted on 02/17/2016 8:44:52 PM PST by Utilizer
[ Post Reply | Private Reply | View Replies]

To: Utilizer
Remember the movie Revenge of the Nerds...?

wink, wink, nudge, nudge.

2 posted on 02/17/2016 8:47:52 PM PST by grey_whiskers (The opinions are solely those of the author and are subject to change without notice.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: grey_whiskers

3 posted on 02/17/2016 8:49:56 PM PST by gaijin
[ Post Reply | Private Reply | To 2 | View Replies]

To: gaijin

Just *who* is that actor, please? He looks familiar.


4 posted on 02/17/2016 8:51:07 PM PST by grey_whiskers (The opinions are solely those of the author and are subject to change without notice.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: All

Related:

http://news.softpedia.com/news/backdoor-in-mvpower-dvr-firmware-sends-cctv-stills-to-an-email-address-in-china-500502.shtml


5 posted on 02/17/2016 8:51:48 PM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the muzrims trying to kill them)
[ Post Reply | Private Reply | To 1 | View Replies]

To: grey_whiskers

Curtis Armstrong (born November 27, 1953) is an American actor known for his portrayal as Booger in the Revenge of the Nerds movies, as Herbert Viola on Moonlighting, as Miles Dalby in Risky Business, as famed record producer Ahmet Ertegün in the film Ray and for voicing the titular character in the show Dan Vs. He is ...


6 posted on 02/17/2016 8:52:10 PM PST by gaijin
[ Post Reply | Private Reply | To 4 | View Replies]

To: grey_whiskers

Here are a whole bunch of cameras from around the world.
https://www.insecam.org


7 posted on 02/17/2016 8:53:36 PM PST by minnesota_bound
[ Post Reply | Private Reply | To 2 | View Replies]

To: minnesota_bound
Here are a whole bunch of cameras from around the world.

I've got almost the same exact system mentioned in the article, a LOREX, looks just like the picture. I'm not worried, all the cameras are external around my home, none showing contents inside. I do use the Internet to check on my home when away, via cellphone and iPad. If I were to spot anything suspicious I can call a neighbor to check on the house. And if compromised, I have a second camera system in place. On UPS battery power if the power is cut.

8 posted on 02/17/2016 9:01:20 PM PST by roadcat
[ Post Reply | Private Reply | To 7 | View Replies]

To: Utilizer

I installed and manage two IPVMS DW Spectrum Servers and 5 dozen Cameras covering 5 buildings. Will be expanding over the next year to 8 Buildings and 80 Cams.

I really like this system. Easy to manage and expand.

No default root user or passwords. :)


9 posted on 02/17/2016 9:06:52 PM PST by VRWCarea51 (The original 1998 version)
[ Post Reply | Private Reply | To 1 | View Replies]

To: roadcat

Post the ip addresses for the cameras here and we can watch over your place : )


10 posted on 02/17/2016 9:26:23 PM PST by minnesota_bound
[ Post Reply | Private Reply | To 8 | View Replies]

To: Utilizer

M4L security cams


11 posted on 02/17/2016 9:36:24 PM PST by Scrambler Bob (As always, /s is implicitly assumed. Unless explicitly labled /not s. Saves keystrokes.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: minnesota_bound

I would not click on that link, that site is scanning your router and connections and anyone else who clicks those kind of links. Just letting you know


12 posted on 02/17/2016 10:02:44 PM PST by arl295
[ Post Reply | Private Reply | To 7 | View Replies]

To: Utilizer

when I saw the number 46,000 I realized this was not a major manufacturer. Lorex is very low end in the industry.

The largest manufacturer of IP CCTV equipment makes their own brand and numerous other brands as well. Their default passwords are 12345. But they advise the installer the change them


13 posted on 02/17/2016 10:08:47 PM PST by arl295
[ Post Reply | Private Reply | To 1 | View Replies]

To: minnesota_bound
Post the ip addresses for the cameras here and we can watch over your place : )

Thanks for the offer! But you would be bored to death. No naked women walking by, sadly. I have seen people stealing packages from neighbor's homes, vandals in a car damaging a neighbor's car, and drunk misfits doing misdeeds (banging on cars) as they walk by (called in to cops and caught). Plus you learn all the comings and going habits of neighbors. I think the presence of cameras do cause thieves to think twice and go elsewhere.

14 posted on 02/17/2016 10:50:46 PM PST by roadcat
[ Post Reply | Private Reply | To 10 | View Replies]

To: arl295

It may be very low in the industry, but you should remember that more and more cheap ChiCom chips are appearing in many areas as time goes by, and far too many of them appear to have “backdoors” installed by default as soon as they come off of the assembly line.

The day may come when you are upgrading your systems and you then come to find that the equipment you are “upgrading” to (or even “patching” your current systems to) will be in the background sending data to sites you would not wish them to, such as for instance mainland China...


15 posted on 02/17/2016 10:53:12 PM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the muzrims trying to kill them)
[ Post Reply | Private Reply | To 13 | View Replies]

To: Utilizer

That has always been a major concern since most of our computer hardware is made in China. Well everything is made in China these days that is electronic related.

The largest manufacture of IP CCTV equipment is a company that most people probably never hear of. But they probably heard of or seen the brands on the shelf.


16 posted on 02/17/2016 10:59:35 PM PST by arl295
[ Post Reply | Private Reply | To 15 | View Replies]

To: roadcat
I have seen people stealing packages from neighbor's homes...

This alone would make a High-Definition security system something to aspire to as far as I am concerned. All too often, I see vids of individuals making off with packages dropped off by carriers (FedEx, UPS, Ontrac) and then being taken by assorted individuals (of a certain calibre) from their destination points (sometimes by neighbors, even) and far too many times even the vids of the crimes being committed are not enough to bring the miscreants to justice.

Something like this is an issue that needs to be addressed in order to maintain the integrity of the data collected, not to mention not allowing anyone else access to it (the data as well as the raw vidfeeds) at their whim.

17 posted on 02/17/2016 11:07:26 PM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the muzrims trying to kill them)
[ Post Reply | Private Reply | To 14 | View Replies]

To: arl295

I wonder if you had Windows 10 and a camera it would be allowed by Microsoft to turn on the camera and YOU would be on the internet!!


18 posted on 02/18/2016 6:19:23 AM PST by minnesota_bound
[ Post Reply | Private Reply | To 12 | View Replies]

To: Utilizer

BKMK


19 posted on 02/18/2016 6:27:39 AM PST by Faith65 (Isaiah 40:31)
[ Post Reply | Private Reply | To 1 | View Replies]

To: minnesota_bound

A piece of tape fixed that


20 posted on 02/18/2016 7:26:36 AM PST by arl295
[ Post Reply | Private Reply | To 18 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson