Quiz On Dahua And Hikvision Backdoors

JH
John Honovich
Oct 12, 2017
IPVM

Take the 10 question quiz on Dahua and Hikvision backdoors.

Goal is to help people understand the specific technical issues and risks involved.

Feel free to post results, questions and feedback below.

UD
Undisclosed Distributor #1
Oct 12, 2017

Hi John,

 

Hikvision Europe has issued a "Hikvision Security Advisory" press release and emailed an e-newsletter with the advisory.

You cover this in your own personally written article.
https://ipvm.com/reports/hik-wave-cyber

Question 6 gives some sentiment about how Hikvision handeld it, but I can not select the answer you yourself have provided proof of.

 

Question 6 reads:

Which of the following has Hikvision done to notify impacted users?

 

 

Other than this, the questions you ask are good, the test the level of knowledge and challange the reader to be aware of what is happening.

Just question 6 is a little off :)

(1)
JH
John Honovich
Oct 12, 2017
IPVM

Good eye, you are right! I changed it to a specific fact based question on the Hikvision May 2017 ICS-CERT advisory.

UE
Undisclosed End User #2
Oct 12, 2017

 

(1)
(2)
Avatar
Brian Rhodes
Oct 12, 2017
IPVMU Certified

Good job.  You might have a future in this sort of work.

(1)
(3)
UE
Undisclosed End User #2
Oct 12, 2017

I don't consider these kind of "tests" as work, neither "wannabe research" as I perform them on my free time to improve my own "skills".

(1)
U
Undisclosed #3
Oct 13, 2017
IPVMU Certified

...I perform them on my free time to improve my own "skills".

To what end?

 

 

(1)
JH
John Honovich
Oct 12, 2017
IPVM

That's funny.

Related, scores so far are overall quite low even on basic questions like how the vulnerabilities work. I do think that's an issue for the industry as knowing (high level) how these things work would make people better understand risks and avoid the simplistic and wrong excuse that 'anything could get hacked so everything is all the same'.

UE
Undisclosed End User #2
Oct 12, 2017

If most ppl would keep up readings of these kind of "news" about this kind of stuff, it would be >95% and not <40%.

But, unfortunately I'm not surprised.

JH
John Honovich
Oct 12, 2017
IPVM

If most ppl would keep up readings of these kind of "news"

Well, interestingly, people read the news heavily, e.g., Dahua Backdoor UncoveredHikvision Backdoor Exploit, etc.

The problem seems to be going through the technical details. I think a lot of people gloss over the technical details in these articles.

(1)
UE
Undisclosed End User #2
Oct 12, 2017

Might be the truth, I don't know, and now crawling back to my cave for a while with more ARM ASM.

(1)
New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions