The newest DVR hacking methods and the solution.

Have you ever ported Forwarded one of those Netgear routers? I bet you have, many times.

What about the Netgear log, have you checked it out? It is full of attacks and scanning attempts. I would say 100 different lines taken in within an hour. 

That's how messy the cyber universe is today; Not really,  that's an example of the regular router without the DVR installed.

 

You will be surprised how one DVR installation would change the whole edifice into a hacking portal. They are loaded with examples from artisans worldwide. China, Hongkong, India, Russia almost everywhere. Waiting outside until someone opens that windows or doors, to sneak in quietly.

 

That UPNP is turning out, wide open to the public and tell them; it's UPnP enabled router to attack.

Check this out - DVR that getting one thousand thousands of attacks in real time statistics. 
https://www.shodan.io/search?query=linux+upnp+avtech

 

Hikvision has the most significant amount of installation, and attackers check daily.

Look into these targets. Your DVR might be on the list.
https://www.shodan.io/search?query=%22App-webs%22+%22200+OK%22

 

They will make the DVR a zombie, and combine all DVRs ISP traffic to a terabyte per seconds DDOS attack tool, attack some websites or business property and earn money from the job requester. It is prominent amount of income in their country.

 

According to Vangeles Stykas@medium, 

Hik-Connect reuses, or swappable cookie that loads other users' information as well.

Also, here's what these attackers get the user-info from the Hikconnect.

 

He will be watching the end-user's privacy through the cameras and share what he accumulated with other attackers.

Some owners treat the DVR password as high priority security as bank accounts, so they registered with the primary email, working cell phone number and the same passwords that mostly related to their financial statements, hacker can try to retrieve everything they want based on this fundamental information and also an essential requirement to extract more information.


 
At final, they will re-register the Hik-Connect device to their account and make the DVR inaccessible. Moreover, you probably know what's the next, that Hikvison P2P password recovery process for the customers and you realize that Hikvision refuses to support to a knock-off version DVR and won't help you.


This DVR was from someone, de-registered, email-changed. phone number
changed. so how to recover the account? If you have original Hikvision DVR, Hikvision might reset it for you.


Here comes the worst part, one day the attacker scans the DVR, and then they simply hit the prize with an end-users router with a default password.
Even Cisco business class routers.

Check this out; You can go into their router right now. 
Live list of Router with a default password
https://www.shodan.io/search?query=%22default+password%22

 

You should not be involved in this episode. 
 

We recently re-designed the netfilter system, and as long as the DVR is under Port Digger, you are automatically applying these advanced levels iptables chains that fully maximized for a DVR  that is surely enough for you to drop these attackers connection down to the ground like a slice of cake. 

You can compare the log with Port Digger and without 
and you will see 1000's of attack lines reduced to almost "0" with Port Digger MKII.

Our firewall engine is growing smarter every day and deeply inspect the packets like a human.

 


PortDigger includes Netfilter chains with 900 policies created for the DVR.

Attackers connection mostly gets dropped down already at the outset of the firewall and can't even reach to the FILTER chains.


    Leave a comment

    Please note, comments must be approved before they are published