Today lots of Hikvision customers dvr/nvrs, used till now with default password (12345), seem to have changed password by themselves. We are HiKVision OEM partner. These DVRs will have been hacked. Over the last week we have had over 150 customer DVRs that have been hacked and the password changed. I just experienced my first one this week. On January 22, 2013, a researcher going by the name someLuser detailed a number of security flaws in the Ray Sharp DVR platform. These DVRs are often used for closed-circuit TV (CCTV) systems and security cameras.
In a 2010 post on a CCTV forum a user complained about the password existing in a DVR product from QSee, one of the 55 vendors listed in the RaySharp firmware. He didn't even need to reverse.
Hard-Coded Password Exposes Video Surveillance DVRs To Hacking (csoonline.com) 41 Posted by yaelk on Wednesday February 17, 2016 @06:14PM from the hackers dept.
Posted by2 years ago
Archived
Greetings! So, I'm working on porting/updating linux for my dvrs (nightowl zeus-dvr, for those interested) and have made a bit of progress to that end (currently have a booting linux 4.8-rc4 kernel and busybox userspace, working on drivers right now), and was hoping to receive some additional help from those in the community in gathering information information on what dvr's are physically the same/similar.
Useful information would include:
Make and model of the DVR
Current firmware for the device (either downloaded from the manufacturers/distributors or extracted from the device itself)
Internal photos (preferably of high enough quality to identify what chips are used)
Features supported
Ideas would also be good, as right now its mostly just dealing with hardware support (ethernet driver is being mean :<), and someone with embedded web dev know-how would be amazing as well (never did much of that).
[EDIT] Well looks like this markdown doesn't like me
4 comments
Up to 46,000 Internet-accessible digital video recorders (DVRs) that are used to monitor and record video streams from surveillance cameras in homes and businesses can easily be taken over by hackers.
According to security researchers from vulnerability intelligence firm Risk Based Security (RBS), all the devices share the same basic vulnerability: They accept a hard-coded, unchangeable password for the highest-privileged user in their software -- the root account. Free download vodacom airtime voucher hack programs wifi free.
Using hard-coded passwords and hidden support accounts was a common practice a decade ago, when security did not play a large role in product design and development. Image resizer online free. That mentality has changed in recent years and many vendors, including large networking and security appliance makers, are frequently issuing firmware updates to fix such basic flaws when they are discovered by internal and external security audits.
But then there are some vendors who never learn. That appears to be the case for Zhuhai RaySharp Technology, a Chinese manufacturer of video surveillance systems, including cameras and accompanying DVRs.
RaySharp DVR devices provide a Web-based interface through which users can view camera feeds, manage recording and system settings and use the pan-tilt-zoom (PTZ) controls of connected surveillance cameras. Gaining access to this management interface would provide an attacker with full control over the surveillance system.
The DVR's Web interface is powered by an embedded Web server which runs on a Linux-based OS -- the firmware. When analyzing the CGI scripts that handle user authentication for the Web interface, the RBS researchers found that they contained a routine to check if the user-supplied username was 'root' and the password 519070.
'If these credentials are supplied, full access is granted to the web interface,' the RBS researchers said a report scheduled to be published Wednesday.
RaySharp claims on its website that it ships over 60,000 DVRs globally every month, but what makes things worse is that it's not only RaySharp branded products that are affected.
The Chinese company also creates digital video recorders and firmware for other companies which then sell those devices around the world under their own brands. The RBS researchers confirmed that at least some of the DVR products from König, Swann Communications, COP-USA, KGUARD Security, Defender (a brand of Circus World Displays) and LOREX Technology, a division of FLIR Systems, contain the same hard-coded root password.
And those are only the confirmed ones. A separate CGI script in RaySharp-supplied firmware contains a list of 55 vendor names that supposedly use the firmware, so the number of companies with potentially affected products is much larger.
Using the Shodan search engine for Internet-connected devices, the RBS researchers found between 36,000 and 46,000 DVR devices that they believe are vulnerable to this issue and are directly exposed to Internet attacks. About half of them are located in the United States and most of the others in the U.K., Canada, Mexico and Argentina, the researchers said.
Ray Sharp Dvr Password Hack Download
Because RBS did not have the resources to test all available models with all firmware versions from all potentially affected vendors, they've decided to make the information public so that users can easily test for themselves whether their DVR device is affected or not.
At the very least, a DVR that accepts root and 519070 as username and password should not be exposed directly to the Internet. If remote access is needed, this should be achieved by connecting into the local network first through a VPN. For good measure, the devices should not be available on internal network segments that allow untrusted computers either, such as public Wi-Fi.
Ray Sharp Dvr Password Hack Password
Given previous incidents where people created websites that allowed users to watch video feeds from thousands of insecure cameras on the Internet, the likelihood of unauthorized access to these DVRs is high. In fact, this might have already occurred.
After discovering the hard-coded root password, the RBS researchers searched for it on the Internet and found a few user reports mentioning it as far back as 2010. Those reports claimed that the password worked for any username, but in RBS' tests it only worked for root.
In a 2010 post on a CCTV forum a user complained about the password existing in a DVR product from QSee, one of the 55 vendors listed in the RaySharp firmware. He didn't even need to reverse engineer the firmware to find it, as it was listed in the product's official documentation as a method of regaining access to the device if the user-configured password was lost or forgotten.
This suggests that in older RaySharp firmware the hard-coded string was intended as a sort of recovery key as part of a poorly designed password reset feature. Based on RBS' latest findings, it appears that the company decided to restrict it to the root account in newer versions, which doesn't make any difference from a security perspective and is just as bad.
And this is not the only basic security flaw found in RaySharp firmware over the years. In early 2013, a security researcher found an easy way to take control of DVR devices from an estimated 19 manufacturers that used RaySharp firmware by connecting to the devices over TCP port 9000.
Free download lagu whitney houston one moment in time. RaySharp did not respond to a request for comment about the hard-coded root password discovered by RBS.
The security firm found the issue back in September and, due to the large number of potentially affected vendors and products, it decided to rely on the U.S. Computer Emergency Readiness Team (US-CERT) for coordination.
As far as RBS knows, Defender is the only vendor which informed US-CERT that it released a patched version of the firmware at the end of September. The RBS researchers confirmed that this firmware version no longer contains the CGI scripts that check for the hard-coded password.
A couple of other affected vendors, including Swann, hinted that they were working on their own patches, the RBS researchers said in their report, but overall the vendor response to this issue was inadequate.
'Consumers should be aware that when buying especially lower-end devices made in China, there is a significant risk of the devices having serious flaws that won't ever be addressed,' said Carsten Eiram, chief research officer at RBS via email.
The researcher added that based on his years of experience with finding and reporting vulnerabilities, vendors from China and Taiwan are far behind companies from Europe or the U.S. when it comes to taking security seriously and responding to vulnerability reports.
Ray Sharp Dvr Password Hacks
'It remains a huge concern that researchers keep finding hardcoded credentials and similar basic vulnerabilities in devices like surveillance cameras and DVRs/NVRs,' Eiram said. 'We install cameras in our homes and businesses to feel safe and know what goes on. That trust and feeling of safety is violated when it turns out that these products are not really made with security in mind and as a result can be turned against us and compromise our privacy.'
PC World Evaluation Team Review - MSI PS63 More from MSI Gaming Australia