Hikvision released a firmware fix in March 2017 though IPVM stats show 60%+ of Hikvision cameras are still vulnerable (detailed below).ĭHS' ranking of this vulnerability as a 10/10 is even more understandable now that the simplicity of compromising these devices has been proven. Render hundreds of thousands of connected devices permanently unusable with just one simple http call.Īnd worst of all, one can download camera configuration:Īny accessible Hikvision camera with affected firmware is vulnerable to complete takeover or bricking. Because most Hikvision devices only protect firmware images by obfuscation, one can flash arbitrary code or Obtain a camera snapshot without authentication:Īll other HikCGI calls can be impersonated in the same way, including those that add new users or flash cameraįirmware. All that needed was appending this string to Hikvision camera commands:Īs the researcher explained in his disclosure: Retrieve a list of all users and their roles: Hikvision included a magic string that allowed instant access to any camera, regardless of what the admin password was. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Inside this post, we examine how the exploit works, how it is being used, how what percentage of devices are vulnerable, and Hikvision's failure to respond to the exploit's release.
We also show using password reset tool to take over a camera: We produced the following video, showing just how simple it is to utilize this exploit to retrieve an image snapshot and system information from a camera. Plus, IPVM has set up a vulnerable Hikvision IP camera so members can test and better understand the exploit. Hikvision, again, has been silent, failing to inform and warn its dealers of this new disclosure.Hikvision's heretofore disclosure significantly misled its dealer to the severity of the backdoor.A clear majority of Hikvision IP cameras remain vulnerable.The exploit is already being repurposed as a 'tool', distributed online.The details prove how simple and fundamental the backdoor is.Key points from IPVM's analysis and testing of the exploit: Full disclosure to the Hikvision backdoor has been released, allowing easy exploit of vulnerable Hikvision IP cameras.Īs the researcher, Monte Crypto, who disclosed the details confirmed, this is:Ī backdoor that allows unauthenticated impersonation of any configured user account.
0 kommentar(er)
