Are Dahua and Hikvision cameras a security risk?
- Thread starter jeremylatz
- Start date
fenderman
Staff member
- Mar 9, 2014
- 36,891
- 21,407
every camera is...unless you take the proper precautions...start reading the forum
In the age of "script kiddies" is there anything truly unhackable, new code (Nintendo Switch) and old things get hacked all the time? Security vulnerabilities are always being identified on tons of platforms, usually the general security arguments are "keep your stuff patched and updated" and "defense in depth" guidelines (like put your fully patched system behind a firewall, and put anti-virus and anti-malware software on it).
Pivot to the IP camera, black-box NVR, PTP Cameras (the stuff you can buy off the shelf at Best Buy), smart appliances and even consumer routers (which almost everyone in the world with an Internet connection has) and you start to see why these are ripe targets for bad actors:
Pivot to the IP camera, black-box NVR, PTP Cameras (the stuff you can buy off the shelf at Best Buy), smart appliances and even consumer routers (which almost everyone in the world with an Internet connection has) and you start to see why these are ripe targets for bad actors:
- Some vendors don't provide patches or patch aggressively to address vulnerabilities for your <insert random internet-connected device here> ?
- How often would a typical consumer patch or update their <insert random internet-connected device here> even if the vendor provided those patches for free and regularly? A certain percentage of the population just wants to plug it in and have it work.
- there is typically very little effort required and potential for even financial gain for the bad actor to takeover your equipment. See https://hotforsecurity.bitdefender....webstresser-shut-by-crime-agencies-19802.html was just reading over lunch.
- Once they compromise one device inside your firewall, they can more easily scan for other vulnerable devices on your typical simple consumer network because they've reduced your layers of defense.
I'm curious what the extent of the risks are. Is it just that somebody could get images off your camera and mess with its configuration? Or could it be something like the camera hacks into your PC and sends all your account numbers and passwords out, forwards audio from your smart TV's microphone, gives full access to your network, or anything along those lines.
mat200
IPCT Contributor
- Jan 17, 2017
- 16,118
- 27,080
HI Tigerwillow
Yes - all those and more...
Think of your cameras like... working cars in a bad neighborhood full of delinquent teens who have time and energy to do whatever they want and there are no police around, only private security protecting some of the cars they are paid to protect ( as in not your car ).
Or think of your vacant house on a lot someplace where delinquents pass by... what could they use it for? A crack pad? drug den? brothel? vandalize it? a meth lab? ...
Your CPU / computer power and your internet connection is what is of significant value - just like a bank robber may want to steal your car to rob a bank, someone may want to harness the power of your cameras and internet connection to do similar in the cyber world.
There are two big issues. First, it gives potential attackers a beachhead on your network. "A man on the inside", so to speak. They can use the camera as a platform to probe the rest of your network. The second issue is that it can be conscripted into a botnet. So the next time you hear that some popular web site was overwhelmed by several terabits per second of junk traffic, taking it off the net, your camera or NVR may have played a role in that.
Another potential use for your camera, NVR, NAS, PC or whatever else they can find on your network would be to mine cryptocurrency. Your device runs hot, uses a lot of power, runs slowly, maybe eventually overheats and burns out, but of course that's not their problem.
This is why my cameras live on their own private network segment, unable to reach out to the Internet on their own and definitely not visible from the Internet.
fenderman
Staff member
- Mar 9, 2014
- 36,891
- 21,407
that is meaningless drivel. They have the same security risk as any other china camera and that is why you need to never expose ANY ip camera or NVR to the internet.
So this 'Willie Howe' just posted this video on 8/2, bitches about paying IPVM any dues and yet @fenderman was able to tell all IPCT forum members about the Hikvision issue 5 months ago, here , as reported by IPVM?
I have been watching this forum for several months an have learned a lot!! Where to by the cameras (Andy), type, placement, nvr vs BI (not yet there) and most important - Security.
As most people here, I have also placed my cameras and nvr behind its own vlan, and needs to be VPN to be reached. I love this forum, and have spent hours on searching trough old post.
My sharing of the YouTube clip was simply because I came over it...
As most people here, I have also placed my cameras and nvr behind its own vlan, and needs to be VPN to be reached. I love this forum, and have spent hours on searching trough old post.
My sharing of the YouTube clip was simply because I came over it...
Thanks for sharing!
Later on, when my plate isn't so full, I'd like to review his instructional videos re: networking. I would like so much to be able to point newbs to a place where they can quickly hear/see networking basics, essential to setting up & maintaining IP cams, NVR's, VPN's etc....even just their own PC's. It's not easy guiding someone through a process when a) they don't know basic terms and b) they don't know how to examine or change the IP of their PC.
It's not their fault in most cases, they just never needed to know or had no reason to "get into it." If they're on this forum, they do now.
Last edited: