The newest DVR hacking methods and the solution.

Have you ever ported Forwarded one of those Netgear routers? I bet you have, many times.

What about the Netgear log, have you checked it out? It is full of attacks and scanning attempts. I would say 100 different lines taken in within an hour. 

That's how messy the cyber universe is today; Not,  that's an example of the regular router without the DVR installed.


It will surprise you how one DVR installation would change the whole building into a hackers gateway. It will infestation with all the bots from worldwide. China, Hongkong, India, Russia almost everywhere. Waiting outside until someone opens that back-doors, to sneak in.


That UPnP is turning out, wide open to the public and tell them; it's UPnP enabled router to attack.

Check this out - DVR that getting one thousand thousands of attacks in real time statistics.


Hikvision has the most significant amount of installation, and attackers check daily.

Look into these targets. Your DVR might be on the list.


They will make the DVR a zombie, and combine all DVRs ISP traffic to a terabyte per seconds DDOS attack tool, attack some websites or business property and earn money from the job requester. It is a prominent amount of income in their country. it 


According to Vangeles Stykas@medium

Hik-Connect reuses, or swappable cookie that loads other users' information.

Also, here's what these attackers get the user-info from the Hikconnect.


He will watch the end-user's privacy through the cameras and share what he accumulated with other attackers.

Some owners treat the DVR password as a high priority security as bank accounts, so they registered with the primary email, working cell phone number and the same passwords that mostly related to their financial statements, a hacker can try to retrieve everything they want based on this fundamental information and also an essential requirement to extract more information.

At final, they will re-register the Hik-Connect device to their account and make the DVR inaccessible. You know what's the next, that Hikvision P2P password recovery process for the customers and you realize that Hikvision refuses to support to a knock-off version DVR and won't help you.

This DVR was from someone, de-registered, email-changed. phone number
changed. so how to recover the account? If you have original Hikvision DVR, Hikvision might reset it for you.

Here comes the worst part, one day the attacker scans the DVR, and then they hit the prize with an end-users router with a default password.
Even Cisco business class routers.

Check this out; You can go into their router right now. 
Live list of Router with a default password

Once you read this article, and what you imagine now is happening.

And in the upcoming next episode, it should not involve you in any position.
Let us get you out of the scene.

We recently re-designed the net filter system, and as long as the DVR is under Port Digger, you are automatically applying these advanced levels iptables chains that fully maximized for a DVR  that is surely enough for you to drop these attackers connection down to the ground like a slice of cake. *Shattered*

You can compare the log with Port Digger and without 
and you will see 1000s of attack lines reduced to almost "0" with Port Digger MKII.

Our firewall engine is growing smarter every day and deeply inspect the packets like a human.


PortDigger includes Netfilter chains with 900 policies created for the DVR.

Attackers connection mostly gets dropped already at the outset of the firewall and can't even reach to the FILTER chains.


UPDATE: 2019 September 13th.
After a year from this article, Port Digger 6 does DPI.

    Older Post Newer Post

    Leave a comment