Victim of Webcam Hacking 103: Ten Ways to Avoid Webcam Hacking
Mail will not be published required. It will not cost you a dime. Contact us with any questions you have for a no obligation conversation.
We don't bite! I don't specialize in technology. I specialize in using technology helping you to reach your goals! Doing business and helping businesses do business online since Al Gore invented the Internet, and before Netscape. Sitemap Nelsonecom RSS queries. Mark Zuckerberg of Facebook does it. Should you?
Data security experts say the threat is real, prevalent and worth precautionary action. Signs of paranoia about webcams are rising. Webcam peepers can be after many different things. Not all computer-savvy experts resort to webcam blocking. Or is it silly to think Hik has the ability to hack a competitor, while leaving their own product so vulnerable? I wish this was a completely ridiculous idea, but alls fair in love and war. This hypothesis is totally supposed to make you laugh, or is it I have no idea who is doing it and would not even attempt to guess with the little information we know now.
However, if there is some material analysis of the source of these attacks, we would potentially report on that. North Korea?? They have been heavily involved in Cyber attacks and Kim Jong Un hand picks kids to go into their elite cyber warfare divisions If you look with that angle, you may notice that Hikvision and Dahua are real threats to their mostly western competitors because of their prices. And recently we hear a lot about HIK and Dahua problems with hackers.
Fortunately, we always created complex passcodes and did not use default ports. I am hoping this means those clients won't be affected. Boy am I happy we stopped when we did. We've sent out some mass emails letting people know this is happening and I have spoken to a few clients So if their recorders were hacked, the camera feeds turned to black and the camera names changed to 'hacked X', they would not care? If they actually got hacked I think they might care.
When I warned them about the potential vulnerabilities they didn't seem to care that much. When we find deficiencies during fire alarm inspections we get a similar response. People for the most part just don't care that much. We have a document from the lawyer we have people sign when we make them aware of a problem and they don't want us to address it with fire alarm systems. We're working on the same thing now for our clients who don't want us to come out and upgrade firmware or replace these old cameras systems. We've made recommendations for these same clients to upgrade to a different system and offered a discount.
A few have taken us up on the offer.https://quicalkirksisic.tk/zity-outfitters-addiction-coupon.php
It's not ideal but it's a cost-effective upgrade that keeps the cameras away from the internet. Our recommendation, of course, has been to upgrade everything but no one has gone for it yet. Sadly that is the current state of the industry: most don't care or have the cyber security skills of a 7-year old, and those who care and try to make the situation better are simply shrugged off because they cause stress, and taking the free advice requires their audience to first understand what the problem is.
That would also mean they acknowledge their system has flaws. Feels bad. Most people just do not comprehend and explaining how their system is vulnerable goes in one ear and out the other. Like our industry has shown over the years, until something bad happens most people do not want to spend. Apparently this has affected FLIR as well. I noticed earlier today that I was unable to connect to it.
Upon arriving home, sure enough, it has been hacked. All of the settings were changed.
It didn't matter that I wasn't using default passwords. I had as secure of a password as you can have with only 6 digits. It took me a couple of hours tonight to get it back online. Currently I'm still on hold with FLIR to see if there are any future firmware updates or any help that they can offer.
I'm not going to be holding my breath. I know FLIR more recently has their own cloud service which eliminate the need for open ports that this hack uses. On the other hand, older FLIR units, in particular would be at risk. I am happy with Dahua. If you use IT technology, you have the risk of attacks and it dosent matter who is the manufacturer. This is the danger which is comming of success.
It does matter if the manufacturer includes a 'local only' account that has a vulnerability that allows remote attack. That is a defect, not a normal 'IT' 'thing'.
That's a bit like saying if you have someone build you a house, it's business as usual that they forgot to install one wall but covered it with a blanket and assured you everything's fine. Perhaps someone also suggested you should at least have a fence, but you ignored them because you trust the "wall". Edit: I understand that profit margins matter, and also that essentially every device has security flaws.
These are just so basic, awful flaws that they are worthy of ridicule. Maybe in the future a company will emerge that has the skill and cojones to guarantee that their unit is not susceptible to easy attacks. And if it still was, they would humbly apologize, fix, and compensate the damage 50x.
Too bold? For those who know they suck, it would be. This would be a death sentence to anyone making that statement. There are many, many super smart people out there who are bored and do this type of thing for entertainment. This was just a script-kiddie attack by someone who figured out how to adapt the local-only account flaw into a script that has been around bugging dahua stuff for a few years now it used to create a "system" account and in the account notes said something like "You've been hacked".
In considering the alternatives, this was not malicious. As far as I have heard, footage has not been lost, hard drives have not been formatted to erase footage, and only the live preview windows were altered, not the actual recorded content. It could actually be considered a nudge to wake people up and try to get them to secure their equipment and maybe put a bug in the manufacturer's ear to get them to actually give half a hoot about security, which they won't because they: a just don't care, b won't add to the cost and detract from the profits or c just don't know how.
I agree, some automated script like this is probably just "for teh lulz" and while providing amusement for the initiator, it hopefully also wakes someone up to the security problems. Nelly's Security has issued a notice about the hack :. They blame if on default passwords but they leave out the critical point that it was a vulnerability that allowed remotely using the 'local only' account. All the reports we have had so far were from customers who left their passwords default. Some of our larger previous customers who used alot of Dahua in the past who routinely changed their passwords were not affected as much as other customers who never changed their passwords.
So far, we've only had one report of a guy saying that he is very positive that he changed the password to the account so its possible that even machines with changed passwords were vulnerable. Due to the onslaught of inquiries we received yesterday regarding this issue, we wanted to get something up as quick as possible and give a brief overview of the issue for our customers with the information that we have received to get them back up and running as soon as possible without going into deep depths of the technical aspects of how and why the hack occurred as we are still learning ourselves.
We will update the site as needed and plan on continuing to educate our current customers about best practices on how to keep their products secure. I've given up along time ago about getting any relevant information from Dahua so unfortunately we have to figure this out the hard way. Sean, I see in your instructions that you are not recommending changing the default port. Is it the difficulty of getting port forwarding configured in the firewall? So far we only had 1 compromised unit and by coincidence its the only one using Dahuas p2p service.
In this device the log shows that the admin account was compromised. Ive double check, and the password was not the default, our password is still operational. The attack also included changing the network settings. I have a Uniden Scanner Radio and monitor my local emergency agencies. Sometimes I hear an alarm dispatch to one of my customer's homes or businesses. The other night I heard a local police department being dispatched to a home to investigate a suspicious activity. The dispatcher said the homeowner has multiple cameras around her home and noticed the monitor is displaying the word "hacked" on all of her cameras.
Chances are, this is one of the affected systems and this gives you an idea of how some of your clients will be reacting to the problem. Some people may think they're being targeted or stalked, and may not realize it's happening globally. We don't know if this was a DIY install or something installed by an integrator, not that it makes a big difference. I don't know what a law enforcement agency would do in this type of matter, they may just document the call with a brief report, especially if the person had the cameras installed because they were, or are currently being, stalked or harassed.
I find it sort of cool you were eavesdropping an emergency report of this particular hack in the wild. I see your point. My counterpoint is that if the client's sole requirement for a security system is that it is cheap It is a risk on their part, measured appropriately or not. No one hires a 5'2" lbs bodyguard, at any price, for good reason. Also, much less likely to do so if they also work for a frenemy on the side.
But a good guard company wouldn't hire a 5'2" lb guard. By hiring them and offering them to their customers they are vetting it as an appropriate solution. If they were offering this individual as a clown and they were then offered a jobs as a guard, then it is the customer's fault. But dahua is offering products that look like professional security products and marketing them to professional customers. It ends up being buyer beware but a small customer who doesn't do lots of research or have experience with this would have no idea, except that they can't pronounce the name or identify the logo.
Too bad it only works on clueless people. Apparently it works for everyone because both dahua and hik continue to use this tactic time after time after time without fail. They just don't care, it will blow over in a few days and they'll have another sale and it will all be water under the bridge until the next time it happens. I do agree with 12 that many dealers will blow over in a few days, and these guys will do more sales, etc.
On the other hand, I still think it is going to be damaging. These issues are going to make it harder and harder for Dahua and Hikvision to get into the enterprise market IMO. In the last couple of weeks, I am starting to see some changes in our healthcare customers. Before we worked either with security or facilities but in the last couple of weeks IT is getting involved and wants to know everything. One of our customers just handed all physical security to there new CSO who promptly started to do pen tests on the network and showed his bosses how easy it is to clone their access cards.
I would not want to be the guy trying to sell him Hikvision or Dahua. We are seeing some pretty significant pushes in the cyber security items that ride or touch the client network:. All welcome changes with the possible exception of 2 simply due to the time Carbon Black adds when updating servers. These are both enterprise accounts. I believe the news on hacks may be starting to shake them.
I guess you're right, at least in the sense that it works way too often. Perhaps imprisoning people with absolute disregard for their ignorant and damaging behavior would deter others from doing the same mistake too often. But hey, it's not like the same doesn't happen in any other sector, including geopolitics, so I'm not holding my breath. Most of our hacked machines have had no actual local accounts but may have had default admin passwords we have had some reports where all passwords were changed too!
Also we actually 1st started to experience reports from recorders that only had P2P setup so this is a concern too going forward I only use Chinese made products on standalone networks. I use Axis if the network is connected to the internet. Who would have thought that exposing a device to the internet with default passwords was a bad idea!?! To be fair, they were probably just following the instructions: change default admin password, check. Set up port forwarding, check. I would agree. I have one customer that had a Dahua DVR with all default passwords.
The reason for this is that the owner keeps it in a steel lockbox with a custom steel bar with a padlock. While I don't know all specifics of those Dahuas, it doesn't sound unlikely that someone might just buy a recorder, set it up per the Quick Start Guide , reach page 20 where it says:. Fair enough, they do that. That is, they change the password of the admin account that is bolded in the manual, since the "" account is defined as "local only".
It's plausible someone believes that and just leaves that as default, in case of dementia or something else. On the same page they repeat:. For your own safety, please change your administrator default password after your first login. This makes it sound a bit like the admin account is the one to care of and gives a mixed signal, not making it clear that also the "local" passwords should be changed.
Victims of Webcam Hacking 103 Ten Ways to Avoid Webcam Hacking Prices Across Sites :
The main fault though is the poor implementation of "local only" for the "" account, as far as I've understood the issue. I have only had one Dahua DVR hacked so far. It was on older firmware using port and Every other unit only has Time of hack was a. EST Sunday. All passwords were not default and no passwords appeared to have been changed after the hack. Kyle, to that end, you agree that the hacks are exploiting something beyond default passwords? For sure. I would like to know if the hack was through HTTP port. That was true for this DVR.
Kyle, good feedback. We did get more detailed comments from Dahua overnight but we are still in the process of talking to them and will pass along your input as well as ask some more questions and report back here when we have more details to share. A suggestion would be to use the P2P option with the qr code and an app such as easy4ip. I have heard that the refresh rate is slower than accessing your NVR via port forwarding but this solution I believe is far safer.
What are your thoughts on this John? Slower access I tried it with two customers as a test when it was first available Thank you for your feedback Kyle. It is appreciated. It is unfortunate that we live in a world where people feel the need to be destructive with other peoples property. These hackers get a buzz out of this kind of destructive challenge when they could be using their intelligence and creative abilities to make our world a much better place.
The manufacturer, installer and customer unfortunately wear the brunt of these childish games.
- Americas Millennium War: A Personal Introduction to Global Terrorism!
- Ransomware - Wikipedia.
- Webcam Watcher Program v2.2.
- I See You Typing.
- Mark Zuckerberg Puts Tape Over His Laptop Webcam and Microphone – Does That Mean You Should Too??
Heading out to fix two more units this morning. They were not my installs. Default everything on these units upon install. Never even changed a single setting. Plug and run. I agree. They have step by step instructions from IC Realtime, but still want a professional to come do the work instead. I told them my business partner was out with appendicitis and they would have to settle for me instead. Sitting now at a tidy And this is off their 52 week high of a market cap of nearly 12 Billion USD.
What's interesting is the five years prior to the publicity Dahua received during the Mirai Botnet exposure, Dahua's stock traded flat , doing essentially nothing for five years. Immediately following the Mirai incident? The stock soared. In , Dahua realized a value of 4. Their stock late and early bounced around between 9 and 10 Chinese RMB or about 1. If you are a senior executive at Dahua with company stock, I would imagine you're hoping and praying for more bad press.
The bad news is that your webcam is a weak link in your PC security. The good news is that you can fix that weak link with some pretty basic steps. Follow these steps:. It comes with SafeBytes software and can enhance your security and privacy. You should have at least one software program like this installed on your system. You can defend yourself from Avoid downloading suspicious email attachments. Use a fully-updated browser with modern security features Chrome, Firefox, Edge, etc.