Foscam user please read and update your firmware!!

[thewireguys 3]

http://storageservers.wordpress.com/2013/04/13/wireless-ip-cameras-can-easily-be-hijacked-over-internet-says-research/

[buellwinkle 0]

The study points out wireless cameras but I didn't read one exploit relevant to WiFi. They were all related to allowing network cameras to be port forwarded. If you port forward you cameras, you are exposing them to hacking, so you have to be careful in setting a password and never port forward Dahua cameras, most back doors I've seen in any IP product. First they give you 3 standard userids that you can't delete and I bet most people never change the password on admin userid 888888 with the clever password of 888888, secondly, they don't have password on ONVIF commands, anyone can view your camera, thirdly, they have an easily accessible Linux shell password, just telnet into the camera. I've hacked a bit in my day and I've never seen anything as easy to hack as a Dahua. I don't even think Foscam comes close. I think it's embarrassing for a country that produces some of the best hackers in the world . The camera with the best security I've used is AVTech, uses captcha to prevent password cracking programs from getting to your camera and I wish all cameras have that option. Also Panasonic and Axis cameras make you chose a userid and password at first boot.

[thewireguys 3]

I've hacked a bit in my day and I've never seen anything as easy to hack as a Dahua.

[dexterash 0]

The study points out wireless cameras but I didn't read one exploit relevant to WiFi. They were all related to allowing network cameras to be port forwarded. If you port forward you cameras, you are exposing them to hacking, so you have to be careful in setting a password and never port forward Dahua cameras, most back doors I've seen in any IP product. First they give you 3 standard userids that you can't delete and I bet most people never change the password on admin userid 888888 with the clever password of 888888, secondly, they don't have password on ONVIF commands, anyone can view your camera, thirdly, they have an easily accessible Linux shell password, just telnet into the camera. I've hacked a bit in my day and I've never seen anything as easy to hack as a Dahua. I don't even think Foscam comes close. I think it's embarrassing for a country that produces some of the best hackers in the world . The camera with the best security I've used is AVTech, uses captcha to prevent password cracking programs from getting to your camera and I wish all cameras have that option. Also Panasonic and Axis cameras make you chose a userid and password at first boot.

So and so, since:

-888888 and 666666 are only "local" users, so no access from Internet

-telnet is only vulnerable if you forward telnet's port... but this can happen to 50% of the embedded systems out there

-OnVif bugs were in a test version, but people used it as a release

-captcha is Ok, but, for example, you can't brute force a DAHUA since after 3 atempts it will block the user for a period of time or until reset; and, of course, as you do know, there are already captcha-bypassing algos

 

But mostly problems do appear due to bad usage/user involvement: Wireless IP security should be a NO from start (but they all users want this, since most hate cables runing through their houses), changing default passwords should be the first thing you do when you install a camera(and this should happen to anything password-protected) and there are more...

 

Of course, bugs are and can be in any system. (for example, how buggy is a Windows based DVR/surveillance system?)

[buellwinkle 0]

You are correct on the 888888 userid, I tried it remotely just now and you get invalid password and you do get temporary locked out after a few attempts. But I can still use ONVIF with no password and telnet into the camera. Yes, you have to open those ports up but how many people get overwhelmed with configuring their router and open up all ports out of frustration? Then you have internal security issues, a company installs these cameras and all employees on the LAN can view the cameras and use that for theft, spying on co-workers, don't know, it seems like a scary thought that a camera company the size of Dahua takes security so lightly.

 

So you say I should install newer firmware yet Dahua neither supports, services, warranties their products sold in the U.S. So I have no source for official firmware other than what people post here and I tried that once and bricked the camera.

[ssmith10pn 0]

Opening the port does nothing. You have to forward the port to that device. And if the device doesn't have the gateway in it, it still wont work.

[dexterash 0]

Of course you can telnet into the camera, but the "scariest" thing you could do is to delete all configs (you cannot change passwords easily - they are hashed and salted as i do remember; on DVRs, they sure are).

 

A company installing these cameras should use dedicated IPs or, even better, VLANS or any sort of separation (even IP filtering, since it's supported by all devices). Newer versions will support also MAC filtering.

 

DAHUA supports very well their resellers. They do not support end-users. It's a scary job to support all (lack of knowledge, a bunch of options on devices, solutions to implement, ways of interconnecting etc).

 

Your source for firmware should be your seller, whomever that is.

[dexterash 0]

Opening the port does nothing. You have to forward the port to that device. And if the device doesn't have the gateway in it, it still wont work.

I suppose he was referring to DMZ. Anyway, DMZ only works on one IP, so that's not a big issue.

[ssmith10pn 0]

Opening the port does nothing. You have to forward the port to that device. And if the device doesn't have the gateway in it, it still wont work.

I suppose he was referring to DMZ. Anyway, DMZ only works on one IP, so that's not a big issue.

 

No,

He was talking about opening up the telnet port on the router and someone coming in from the outside. Unless the telnet port is forwarded to the specific IP of the camera and the camera has the gateway configured Telnet will not work from outside the LAN.

 

That is what NAT is all about.

[dexterash 0]

Opening a port is done by a service/server listening to that port. (or a firewall rule)

When he said "open up all ports out of frustration" I supposed he said DMZed the IP.

 

Later observation: Port forwarding works, if it's done in a RTFM way.

For example, never forward in TCP+UDP mode if port is TCP asigned.