Hikvison Cloud unsecure?

T

TechTobi

n3wb
Aug 5, 2018
1
0
Hannover
Hey everyone,
I have a question.
For Push notification, I‘m use the Hikvision Cloud.
Who still uses it? Is the type of integration still safe today?
 
TechTobi said:
Hey everyone,
I have a question.
For Push notification, I‘m use the Hikvision Cloud.
Who still uses it? Is the type of integration still safe today?
Click to expand...

FYI - if it is on the internet.. it can be attacked / "hacked" ...
 
  • Haha
Reactions: sebastiantombs, SouthernYankee and user8963
TechTobi said:
Hey everyone,
I have a question.
For Push notification, I‘m use the Hikvision Cloud.
Who still uses it? Is the type of integration still safe today?
Click to expand...

Comes down to if you trust the company . . .
 
  • Like
Reactions: sebastiantombs and mat200
And most here do not trust these companies regarding security. Ironic that security cameras are not very secure on the internet...

Too many instances over the years showing that the login credentials go unencrypted, data going all over the place to the cloud and then back, etc.

A general rule around here is regardless of who makes the devices, keep them off the internet.
 
  • Like
Reactions: handinpalm, sebastiantombs, SouthernYankee and 1 other person
hikvision still saves screenshots of events (you see a little picture in hikconnect) on amazon cloud server ... visible for everyone if you have the serial number.. so no its not safe to use it.. not sure what else is saved there
 
  • Wow
Reactions: sebastiantombs
Hi, I would like to ask about hikvision vulnerable version (CVE-2021-36260)? I find out a lot of devices on the internet and try to find out without exploiting if the device is vulnerable or not, but without success? Is there any option to find if the camera is vulnerable without exploiting, I would like to inform owner of vurnerable devices, but I don't want to exploit them. Is there any option please?
 
Ellesmin said:
Hi, I would like to ask about hikvision vulnerable version (CVE-2021-36260)? I find out a lot of devices on the internet and try to find out without exploiting if the device is vulnerable or not, but without success? Is there any option to find if the camera is vulnerable without exploiting, I would like to inform owner of vurnerable devices, but I don't want to exploit them. Is there any option please?
Click to expand...

Hikvision provides a list of the hardware this problem impacts on their website. Any security camera that is vulnerable to this attack has firmware to resolve the same.
 
Ellesmin said:
Is there any option to find if the camera is vulnerable without exploiting
Click to expand...
There is a big thread here started by the researcher @watchful_ip that discovered the vulnerabilty, with posts from researcher @bashis who published POC code that will check non-destructively if a device is vulnerable.
An example of testing with the POC code :

Unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware (CVE-2021-36260)

Yes.
ipcamtalk.com ipcamtalk.com
 
  • Like
Reactions: looney2ns
You must log in or register to reply here.
Top Bottom