what the heck is Hikvision trying to do loading software to my hard drive when I haven't installed any...

Joined
Sep 19, 2015
Messages
945
Reaction score
1,211
Location
Naples Fl
new Hikvision cameras in months? what is Hikvision upto? I have lost three Hikvision cameras at once a couple of months ago and I suspect hikvision bricked them, perhaps this is a clue
 
Last edited:

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,432
Reaction score
47,556
Location
USA
Are your cams on the internet? Seems weird they would have placed a timed file on a camera that doesn't have access to the internet, but then again they also recently quit allows cams to rollback firmware, so maybe this is how they plan to sell more cams by bricking the existing ones....
 
Joined
Sep 19, 2015
Messages
945
Reaction score
1,211
Location
Naples Fl
Are your cams on the internet? Seems weird they would have placed a timed file on a camera that doesn't have access to the internet, but then again they also recently quit allows cams to rollback firmware, so maybe this is how they plan to sell more cams by bricking the existing ones....
I am thinking either that or payback for the ban on Hikvision cameras to government agencies in the US after all the DoS attacks. the funny thing is I have the cameras all blocked from going out but not the pc with SADP and I have not bought a hikvision camera in 3 years
 

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
24,432
Reaction score
47,556
Location
USA
Certainly strange that this would pop up so many years later, but I guess anything is possible with software. That would suck to wake up one morning and find out your isolated from the internet cameras bricked themselves.
 

Mike A.

Known around here
Joined
May 6, 2017
Messages
3,825
Reaction score
6,377
Think I have less trust in the browser plug-ins and utility programs than even the cams.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
I am thinking either that or payback for the ban on Hikvision cameras to government agencies in the US after all the DoS attacks. the funny thing is I have the cameras all blocked from going out but not the pc with SADP and I have not bought a hikvision camera in 3 years
Before you go on a rant with all your conspiracy theories why don't you Google the message you're getting and you'll see it's been around for years and it simply a leftover prior installation. Geez
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
for the same reason I don't trust the FBI after Ruby Ridge and Waco.
They why dont you toss all your cams in the trash and start fresh with a company you trust. Let us know what that is. You panic in unfounded bullshit. Hikvision could not have remotely brick your cams. Its interesting they chose you. I have a few hundred hiks in service, none of them were bricked. If you dont uninstall plugins or ivms completely, yes you will get a popup.
 

Broachoski

Getting comfortable
Joined
Jun 21, 2019
Messages
589
Reaction score
1,409
Location
USA
The only time I "LOST" several cameras at once was when I changed routers so my assigned IP's to each cam were no longer applicable.
 
Joined
Sep 19, 2015
Messages
945
Reaction score
1,211
Location
Naples Fl
The only time I "LOST" several cameras at once was when I changed routers so my assigned IP's to each cam were no longer applicable.
those cameras went offline no video and in the course of checking it out all three cameras had Hikconnect enabled which I did not do and when I disabled it and rebooted my login was no longer valid and I was unable to recover it. so yeah I think it was Hikvision
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
those cameras went offline no video and in the course of checking it out all three cameras had Hikconnect enabled which I did not do and when I disabled it and rebooted my login was no longer valid and I was unable to recover it. so yeah I think it was Hikvision
Sounds like you dont know what you are doing. You certainly enabled hik connect or reset the camera and forgot to disable it. The camera does not magically do this. Again, You are the only one making these accusations. Why did all your cameras not brick. Why are there 10's of thousands of hik cameras among forum members that have not had this issue. You are inept and blaming it on hik.
 
Joined
Sep 19, 2015
Messages
945
Reaction score
1,211
Location
Naples Fl
nope, I have not reset my cameras, but I have slowly been buying Dahua cameras from Andy.
I do have a lot of things happen to me like I have been shot twice, stabbed twice, blown out of a burning building, almost killed by a GSD. I had my first gaming mb start launching DoS attacks against government agencies and I tried to report it but everyone blew me off till the Navy sent me a cease and desist letter. So I called them and told them that I had been trying to disable it, the down loaded 2 programs traced it back to NK and China, contacted asus, with no luck they did not care, wound up disabling the nic and putting one in.

I started using Cameras when someone killed one of my golden.that was used Axis for 1300 that ran on BNC network, it was good in the day but it really sucked at night.

here is an idiot stealing my trump sign and peeing on my mailbox stealing my trump sign

yes a lot of strange things happen to me and I try to share so it does not happen to others
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
nope, I have not reset my cameras, but I have slowly been buying Dahua cameras from Andy.
I do have a lot of things happen to me like I have been shot twice, stabbed twice, blown out of a burning building, almost killed by a GSD. I had my first gaming mb start launching DoS attacks against government agencies and I tried to report it but everyone blew me off till the Navy sent me a cease and desist letter. So I called them and told them that I had been trying to disable it, the down loaded 2 programs traced it back to NK and China, contacted asus, with no luck they did not care, wound up disabling the nic and putting one in.

I started using Cameras when someone killed one of my golden.that was used Axis for 1300 that ran on BNC network, it was good in the day but it really sucked at night.

here is an idiot stealing my trump sign and peeing on my mailbox stealing my trump sign

yes a lot of strange things happen to me and I try to share so it does not happen to others
You need professional psychiatric help.
 
Joined
Sep 19, 2015
Messages
945
Reaction score
1,211
Location
Naples Fl
'Moobot' Botnet Targets Hikvision Devices via Recent Vulnerability
By Ionut Arghire on December 09, 2021


Tweet


A Mirai-based botnet dubbed 'Moobot' is attempting to exploit a recently addressed vulnerability that affects many Hikvision products, according to Fortinet’s FortiGuard Labs.
Tracked as CVE-2021-36260 and affecting over 70 cameras and NVRs from Hikvision, the critical-severity bug can be exploited to gain root access and completely take over vulnerable devices, without any form of user interaction.
Hikvision released patches for the vulnerability on September 18 and, shortly after, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) alerted organizations, urging them to apply the fixes immediately.
Now, Fortinet warns that attackers are attempting to exploit the vulnerability to deploy various payloads that allow them to probe devices or extract sensitive data.
Among them, Fortinet security researchers identified a downloader that attempts to drop the Mirai-based Moobot malware onto vulnerable appliances. The threat was designed to ensnare devices into a botnet capable of launching distributed denial-of-service (DDoS) attacks.
The malware’s analysis revealed elements from Satori, another botnet based on the Mirai code, as well as an attempt to hide its malicious process on the infected device.
Once it has retrieved a command and control (C&C) server address from its configuration, the threat sends out heartbeat packets, and then waits to receive commands from the server. Based on these commands, it can launch DDoS attacks on specific IP addresses and port numbers.
The received command also specifies the flood method that should be used in the attack. Moobot supports SYN, UDP, ACK, and ACK+PUSH floods.
Fortinet researchers were able identify the telegram channel “tianrian” as being employed for offering a DDoS service. Created in June 2021, the channel started the service in August and continues to operate.
“CVE-2021-36260 is a critical vulnerability that makes Hikvision products a target for Moobot. Although a patch has been released to address this vulnerability, this IoT botnet will never stop looking for a vulnerable endpoint. Because of this, users should upgrade affected devices immediately,” Fortinet concludes.
Related: CISA Warns of Hikvision Camera Flaw as U.S. Aims to Rid Chinese Gear From Networks
Related: Cloudflare Battles 2 Tbps DDoS Attack Launched by Mirai Botnet
Related: Mirai Botnet Starts Exploiting OMIGOD Flaw as Microsoft Issues More Guidance
 
Joined
Sep 19, 2015
Messages
945
Reaction score
1,211
Location
Naples Fl
I have no clue, it showed up Saturday on the machine I run BI on, when I set up a camera I use my older machine as it has two monitors on it so I can bounce back and forth between screens while working. had it happened on that machine I would have associated it with an update from hik but who knows
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
'Moobot' Botnet Targets Hikvision Devices via Recent Vulnerability
By Ionut Arghire on December 09, 2021


Tweet


A Mirai-based botnet dubbed 'Moobot' is attempting to exploit a recently addressed vulnerability that affects many Hikvision products, according to Fortinet’s FortiGuard Labs.
Tracked as CVE-2021-36260 and affecting over 70 cameras and NVRs from Hikvision, the critical-severity bug can be exploited to gain root access and completely take over vulnerable devices, without any form of user interaction.
Hikvision released patches for the vulnerability on September 18 and, shortly after, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) alerted organizations, urging them to apply the fixes immediately.
Now, Fortinet warns that attackers are attempting to exploit the vulnerability to deploy various payloads that allow them to probe devices or extract sensitive data.
Among them, Fortinet security researchers identified a downloader that attempts to drop the Mirai-based Moobot malware onto vulnerable appliances. The threat was designed to ensnare devices into a botnet capable of launching distributed denial-of-service (DDoS) attacks.
The malware’s analysis revealed elements from Satori, another botnet based on the Mirai code, as well as an attempt to hide its malicious process on the infected device.
Once it has retrieved a command and control (C&C) server address from its configuration, the threat sends out heartbeat packets, and then waits to receive commands from the server. Based on these commands, it can launch DDoS attacks on specific IP addresses and port numbers.
The received command also specifies the flood method that should be used in the attack. Moobot supports SYN, UDP, ACK, and ACK+PUSH floods.
Fortinet researchers were able identify the telegram channel “tianrian” as being employed for offering a DDoS service. Created in June 2021, the channel started the service in August and continues to operate.
“CVE-2021-36260 is a critical vulnerability that makes Hikvision products a target for Moobot. Although a patch has been released to address this vulnerability, this IoT botnet will never stop looking for a vulnerable endpoint. Because of this, users should upgrade affected devices immediately,” Fortinet concludes.
Related: CISA Warns of Hikvision Camera Flaw as U.S. Aims to Rid Chinese Gear From Networks
Related: Cloudflare Battles 2 Tbps DDoS Attack Launched by Mirai Botnet
Related: Mirai Botnet Starts Exploiting OMIGOD Flaw as Microsoft Issues More Guidance
This proves that you're nuts.. you claimed that your cameras were not accessibile via the internet. It's funny that you're buying a whole bunch of dahua cameras now... Why don't you Google those cameras and see how many vulnerabilities there are... In fact I'm spying on you right now.
 

fenderman

Staff member
Joined
Mar 9, 2014
Messages
36,897
Reaction score
21,250
I have no clue, it showed up Saturday on the machine I run BI on, when I set up a camera I use my older machine as it has two monitors on it so I can bounce back and forth between screens while working. had it happened on that machine I would have associated it with an update from hik but who knows
They are targeting you. You know too much. Be afraid. Be very afraid. I would get the tin foil hat on asap and go off grid for a few months.
 
Top