Skip to content
View in the app

A better way to browse. Learn more.
Security Installer Community

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Cheap Dvr Leaves Your Network Vulnerable To Attack

cybergibbons
in Members Lounge (Public)

Featured Replies

I looked at a cheap DVR and found some really quite serious issues. If you port-forward to this, an attacker - and not a skilled one - can take complete control of the device and do what they want on your network.

 

https://www.pentestpartners.com/blog/pwning-cctv-cameras/

 

I wouldn't trust any DVR to be honest.

 

Expect more like this in the near future.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 
  • Replies 77
  • Views 13.5k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Posted Images

Even if secure passwords are setup?
  • Author

Even if secure passwords are setup?

 

There's absolutely no requirement to use a password on this. I can make it connect back to my server and control it just by entering a URL on it.

Or I could get you to visit a site with the URL on it.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

I looked at a cheap DVR and found some really quite serious issues. If you port-forward to this, an attacker - and not a skilled one - can take complete control of the device and do what they want on your network.

 

https://www.pentestpartners.com/blog/pwning-cctv-cameras/

 

I wouldn't trust any DVR to be honest.

 

Expect more like this in the near future.

 

 

Interesting read.

I really can't be ar**** with it anymore.

 

I wouldn't trust any DVR to be honest.

 

 

Not even if its on a vpn or vlan?

The way i read it doesnt.

 

It seemed to me you need a fire wall for outgoing stuff to have any chance of helping the matter.

I really can't be ar**** with it anymore.

No one cares anyway

  • Author

Not even if its on a vpn or vlan?

 

If you are very strict about it, then it can be safe.

When you are on the VPN connecting to the DVR, you must not browse any other sites, otherwise the attack could be carried out against it.

All outbound access from the DVR needs to be blocked.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 
  • Author

No one cares anyway

 

They should. It's essentially the same as letting someone come into your business and plug in a computer to the network.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

They should

it not quite a real world issue (yet)

Mr th2.jpg Veritas God

Create an account or sign in to comment
Go to topic listing

Recently Browsing 0

  • No registered users viewing this page.

Important Information

By using this site, you agree to our Terms of Use.

I accept

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.