Subscriber Discussion

Larger Company Installing DVR Units And Leaving Them On Internet With Default Credentials

Undisclosed Integrator #1

•Mar 08, 2020

I was just curious what you would do. I went to a client site today after a modem needed to be replaced. The ISP didn't match the default IP scope, so I changed it back. I didn't install their camera system and I'm not sure I could have beat their price as they were using pretty obscure units. They asked me to get their cameras working again since they had been using port forwarding and that was cleared with the new modem. I scanned the network. One of the recorders was set to DHCP. I set it to static and setup port forwarding. I made sure the client could connect. They could. I also asked them if the camera installer provided the client with the default credentials without making sure they were changed from default. The client said the credentials were provided to them. Yes, I will be changing the credentials from default.

The port I believe was changed from default...but close enough to port 80. It got me thinking how many other recorders have been left in my area at default credentials using the same port the camera installer utilized. It turns out that I was able to login to half of the recorders in my area using the default credentials, both residential and commercial locations. I'm sure there are many more and I could refine the search results to only that brand of recorder.

******** *************** **** **** ***** **** times ** **** ****. *************, **** isn't ** *** **** ******** *** port ********** *** *** ***** ****. This ** * ****** ************ ******* making ****** **** *********. ***** ******* business ** *********. * **** **** bad *** *** ******** **** **** likely *** ** **** ***** ******** was **** ** **** * ********** state.

* ******* * **** *** ******** that ** ***** **** ******* ***********. However, **** *** ** ** * steel **** ***, ** *******, *** a ***** *** **** * ******* on ** *** ***'* ********* ** the ********. ** **** ***** **** that, **** *** ***** ** **** steal *** ******** ** **** *****.

Reactions:

(3)

John Honovich

•Mar 08, 2020

IPVM

** ***** *** **** * *** able ** ***** ** **** ** the ********* ** ** **** ***** the ******* ***********, **** *********** *** commercial *********.

***. **** ** *** *****? *** a *** ** ***** ********* **** allow ******* ********* ** ** **** anymore?

*** *** ***** *** *** ************ company **?

Reactions:

Undisclosed Integrator #1

•Mar 08, 2020

In reply to John Honovich

* *********. ** *** **** **** I *** *******. * ***** ** state **** ** *** ********* ** my **** ** *** ***** **** of * ***** ******. **'* ***** bad, *** ***** ** **** ****** alone, *'* **** * ***** **** many **** ** ** ****.

*** ************ ********. **** ***'* ****** ** ** an ***. ** ***************, *** ****** ****** *** **** 2017. * *** **** ******** * mention ** ***************.

*********** ****** *** ****** *******, "** course **’* * **** *****. *** projects **** ******* ********* **, *** hospital, ****, *******," *'* *** **** how ******** **** ****** ** ***** the ********* *** ***** ***. ***** UI ***** ********* *** ***** **** really ****, **** **** ******* ******** on *** ********.

Reactions:

Undisclosed Integrator #1

•Mar 11, 2020

In reply to John Honovich

** * *** **** **** ********* and ********* * **** ** ******** recorders. ***** ****, * **** ********* that * ******* *** ***** ** more **** * ****** ****** **** company **** ***** ********* ***** ***** office ********* ***.

**** ****** ** **** **** **** using *** ********* *** **** *****, but *** ** ***** * ***** seemed ** **** *** **** **** to ******* ** **** ****** ** change *** *******. * ****'* **** any ** ***** *** ******** ** the ******* ***** ** ** ** that ***** ****** ********* **** **** with ******* ***********.

** *** ** *** ************ *******. Here ** * ****** **** **** one ** ***** ******** ******* ******* at *** ** ***** *** **** signs. ** ****** ** **** ** find *** *******. * *** ** at *****, *** * ****** ** confirm **** * ******* ** *** during *** ***.