Jump to content
Sign in to follow this  
SECUCHUCK

HOW serious is the malware issue in Hikvision Recorders

Recommended Posts

As a seller and reseller of Security equipment, I'm wondering how serious the new malware issue in the Hikvision recorders is? Can there be any serious repercussions such as wrongful practice lawsuits?

 

This seems like a very large and intentional breach of security. I'd like to know anyone's thoughts on the issue.

 

Thanks,

Chuck

Share this post


Link to post
Share on other sites

I just heard something about this too. There is some backdoor access built into the DVR/NVRs and maybe the cameras. I am trying to get more info on this.

 

If the US government can force CISCO and others to give them backdoor access there is NO doubt in my mind that China has done the same thing.

Share this post


Link to post
Share on other sites
As a seller and reseller of Security equipment, I'm wondering how serious the new malware issue in the Hikvision recorders is? Can there be any serious repercussions such as wrongful practice lawsuits?

 

This seems like a very large and intentional breach of security. I'd like to know anyone's thoughts on the issue.

 

viewtopic.php?f=3&t=40308

I do not see it as anything serious. If you have the telnet port open to the world, and leave the admin password as default 12345, well... I think it is the owner's fault, not Hikvision's.

Share this post


Link to post
Share on other sites

The problem with devices and security holes is that they allow would-be hackers an entry point to the network, which has a number of other (likely sensitive) devices hooked up.

 

This is an interesting article about how hackers are using connected devices with security holes to get access to other things on the network (the article below talks about the target breach, and claims that the entry point was through the heating and air conditioning systems for the building).

 

http://www.nytimes.com/2014/04/08/technology/the-spy-in-the-soda-machine.html?_r=0

 

I'd be more concerned about someone getting into the box (which is likely a linux server), and then pivoting off of the DVR to do something much more serious than viewing live feeds from the camera system. If the device isn't in a DMZ on the network separated from everything else, it probably opens up holes to the network...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×