Search results

This is why I shared it. I'm glad we agree that a mechanical switch on a device is still an airgap. Yes, and this is the software equivalent of a mechanical switch. It introduces a small amount of risk, but it is still an airgap - a conceptual one and one with a key, but one none-the-less...

I've been following the thread; you haven't actually disputed any facts, yet. You've not engaged with any of the sources I have linked. I'd be happy to learn from you, if you know more that I do, but you're not giving me that opportunity. Here's another link that proves claim 2: Secure Data...

I love to learn. Would you mind telling me statement what you are claiming is a false claim: Claim 1: Devices plugged into the uplink port on many POE NVRs, including our models, can't talk to devices plugged into the POE ports, directly. Claim 2: A component can be airgaped. Airgaps are a...

Some to All Hikvision, Dahua, and UNV POE NVRs use the IPFS method of an airgap. Most other POE NVRs do as well. We aren't the only ones who have this; this is normal in POE NVRs. On these devices, there is no physical connection between the uplink port and the POE ports. The only way to talk...

Thank you for recognizing this. This is not true. That's not the only definition of an air gap, although it is most common definition. From IPFS: "The air gap may not be completely literal, as networks employing the use of dedicated cryptographic devices that can tunnel packets over...

That's not how GPL licensing actually works. Android is open source. Not all Android apps are open source. You can't compel gmail to give you their source code, just cause gmail runs on Android. Most linux kernels aren't even totally open source. The majority of Arch linux or Debian kernels...

No, our partner doesn't publish source code. I think the only open source projects availible right now are Zoneminder, Shinobi, and ONVIF Device Manager. There's several more being worked on, but those are the only ones I know of that are currently downloadable. SAST is coming and we're working...

You! I like you!

I'm not asking them. That's far too complex for them. I'll building it into our software suite. Soon you won't have to do a VPN or open ports. P.S. we haven't settled on a reverse SSH as the best method, just something we're trying for now.

I love this. I'm glad you point this out. This is the sad state of IOT (NVRs cameras, smart speakers, smart locks, etc) currently. Stuff gets discontinued and then abandoned way too quick. I'm hoping to change this.

This isn't how the hardware works. An airgap protects the cameras from being access by something other than the NVR. All processes to the camera must originate in the NVR. So, no camera can be hacked if the NVR isn't hacked. That's how this works. I don't really know how UNV does it. That's...

Correct. Not completely correct. We're one of their largest customers. They fix bugs for us weekly. This is really no different that your scenario with Blue Iris. You guys move a lot of product and you get power because of that with the developer. That's a good thing. You help him manage his...

Additionally, I've been working with a hardware designer to create our own POE powered devices (for a separate, secret project) and I can tell you that the hardware engineers that we're working with have absolutely designed a physical barrier in these new devices. I wasn't part of the hardware...

There really is one on our NVRs. The only way to remote into a camera's web interface is to plug a PC into one of the free POE ports. If you would like, I can send you a 4 channel NVR for free and you can try to access a camera's ip address without plugging into one of the POE ports. I'd be...

Just curiously, what's ?

You are correct. I'm sorry for the miscommunication. I don't mean to imply that "plug-and-play" will set up motion, alerts, and remote viewing. By "plug and play" I mean no networking setup for the cameras: the subnet and airgap are already built into the NVR. Reasonable bitrates defaults are...

My experience with Hikvision has been the same as /u/cosmo. They plug and play with the NVRs and comes set with some reasonable defaults for recording. Older Hikvision NVRs and new cameras don't plug and play well, but that's kinda the norm when mixing old and new from anyone's offerings...

ONVIF compliance is pretty bad when it comes to enforcement. ONVIF Compliance in Plain English lists the issues. Most significantly, yes, motion and event detection in ONVIF is really poorly supported by manufacturers. ONVIF has no real enforcement mechanism other than a test which proves that...

Hi Cosmo, I have a meeting today and tomorrow with the entire UNC campus security team so I can't do a more exhaustive response until later. I will answer your question in a bit. The NVRs run on embedded linux. The viewing software runs on windows, mac, and linux. The iOS app alpha launch was...

We called and emailed our clients.

You don't even know what that upcoming release does, yet.

We did not find infected devices when we upgraded. Your fears are mostly imaginary and hypothetical. Again, it is cameras that the vast majority of hacks utilize - not NVRs. Additionally, we will happily set up VPNs for customers who want one and who know how to use one. Either way, these...

Right, but we have a very active support team and we control our own DNS. When a Hikvision vulnerability was discovered in 2015, we quickly mobilized to track, restrict access, and upgrade every device that had an issue. You complain that we cost too much, but we put a ton of effort into this...

Again, lots of claims with very little proof. Why are air gaps nonsense? Why should I be afraid of port forwarding a product with no known vulnerabilities and no history of hacking?

You're pretty quick on the insults and pretty short on the explanation. Do you mind providing an explanation of what you think we're doing that is so "shameful"? Here's what we do: 1. Cirrus won't make it so that you have to open ports or VPN, soon. (Not the next release, which will be out this...

So, the speed of your response shows that you didn't read the link I shared. If you had, you would have seen that we do share that info in the section called "NVRs are Hacked Far Less Frequently."

This is a pretty common claim that isn't accurate: here's a guide we wrote on NVR vs Camera hackswhen someone else made a claim pretty similar to this one. The major hacks on the news have been camera not NVR hacks: BASHLITE malware turning millions of Linux Based IoT Devices into DDoS botnet ...

I used it in 2017, before we decided to build Cirrus, so perhaps my info is old.

But why would I want to do this? Now my PC is insecure.

It runs on Windows; I use Mac and Linux. It doesn't self heal if Windows crashes or if my PC loses power or if Windows wants to install an update. It is pretty creative how it uses MJPEG for browse compatibility, but this makes it use a crazy amount of CPU to do what it does. This is...