Axis Cameras Riddled With Vulnerabilities Enabling Full Control
So you have ripped all your Hikvision/Dahua cameras out and replaced them with Axis, now what shall you be replacing them with?
Axis Cameras Riddled With Vulnerabilities Enabling Full Control
So you have ripped all your Hikvision/Dahua cameras out and replaced them with Axis, now what shall you be replacing them with?
We've got a full update on this coming, I'll update here when we publish.
This Vulnerability was already posted yesterday.
To me the issue with security vulnerabilities with any IT device is the response to the vulnerability, owning it and how quickly they can fix it. NO IT DEVICE will ever be free from vulnerabilities no matter how much testing the manufacturer does. The problem is when manufacturers don't admit vulnerabilities exist, do little or nothing to correct the issue or take forever to finally fix the issues is what has damaged the reputation of some of the manufacturers.
Well said. The type of vulnerability says a lot too. A magic query string in the URL (backdoor) makes me question everything the manufacturer knows about security and their efforts to produce and audit secure products. A complex vulnerability requiring the chaining of multiple exploits or a vulnerability in widely used libraries for protocols like SSL/TLS or RTSP are an inevitability that we should watch for and respond to accordingly.
When a pattern of low sophistication exploits emerges along with poor communication and defensiveness, it's enough to put me off before bringing politics into the discussion.
Hikvision is never going to shed criticism over government sponsorship, and I would expect the Chinese government and customers to be weary of products developed by companies with similar links to the US government for example. Heck, as a US citizen I'd be concerned about putting US government sponsored networked hardware on my network too. But taking responsibility for their mistakes, communicating them responsibly without juvenile jabs at naysayers and allowing their cyber security director to operate as more than a hood ornament would go a long way toward repairing their reputation.
Hey Sean. As the UI1 who posted about the Axis Vulnerabilities yesterday I wouldn't be throwing stones...
https://www.bleepingcomputer.com/news/security/all-that-port-8000-traffic-this-week-yeah-thats-satori-looking-for-new-bots/
I hereby would like to coin a new term
"Ax Hater"
Lol! FYI, im not an "ax hater". Just coining the term ahead of time when people start talking about swedens role in WCW1. world cyber war 1.
We posted our report on this vulnerability dislosure: Cybersecurity Startup VDOO Disclosing 10 Manufacturer Vulnerabilities Starting With Axis And Foscam
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.