cybergibbons Posted February 17, 2016 Share Posted February 17, 2016 I looked at a cheap DVR and found some really quite serious issues. If you port-forward to this, an attacker - and not a skilled one - can take complete control of the device and do what they want on your network. https://www.pentestpartners.com/blog/pwning-cctv-cameras/ I wouldn't trust any DVR to be honest. Expect more like this in the near future. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment Share on other sites More sharing options...
al-yeti Posted February 17, 2016 Share Posted February 17, 2016 Even if secure passwords are setup? Quote Link to comment Share on other sites More sharing options...
cybergibbons Posted February 17, 2016 Author Share Posted February 17, 2016 Even if secure passwords are setup? There's absolutely no requirement to use a password on this. I can make it connect back to my server and control it just by entering a URL on it. Or I could get you to visit a site with the URL on it. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment Share on other sites More sharing options...
Adi Posted February 17, 2016 Share Posted February 17, 2016 I looked at a cheap DVR and found some really quite serious issues. If you port-forward to this, an attacker - and not a skilled one - can take complete control of the device and do what they want on your network. https://www.pentestpartners.com/blog/pwning-cctv-cameras/ I wouldn't trust any DVR to be honest. Expect more like this in the near future. Interesting read. Quote I really can't be ar**** with it anymore. Link to comment Share on other sites More sharing options...
PeterJames Posted February 17, 2016 Share Posted February 17, 2016 I wouldn't trust any DVR to be honest. Not even if its on a vpn or vlan? Quote Link to comment Share on other sites More sharing options...
Adi Posted February 17, 2016 Share Posted February 17, 2016 The way i read it doesnt. It seemed to me you need a fire wall for outgoing stuff to have any chance of helping the matter. Quote I really can't be ar**** with it anymore. Link to comment Share on other sites More sharing options...
al-yeti Posted February 17, 2016 Share Posted February 17, 2016 No one cares anyway Quote Link to comment Share on other sites More sharing options...
cybergibbons Posted February 17, 2016 Author Share Posted February 17, 2016 Not even if its on a vpn or vlan? If you are very strict about it, then it can be safe. When you are on the VPN connecting to the DVR, you must not browse any other sites, otherwise the attack could be carried out against it. All outbound access from the DVR needs to be blocked. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment Share on other sites More sharing options...
cybergibbons Posted February 17, 2016 Author Share Posted February 17, 2016 No one cares anyway They should. It's essentially the same as letting someone come into your business and plug in a computer to the network. Quote I have a blog, some of which is about alarm security and reverse engineering:http://cybergibbons.com/ Link to comment Share on other sites More sharing options...
MrHappy Posted February 17, 2016 Share Posted February 17, 2016 They should it not quite a real world issue (yet) Quote Mr Veritas God Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.