This article is no longer available publicly. Please subscribe to read.

China Surveillance Vulnerabilities Being Used To Attack China, Says China

Avatar
Charles Rollet
Published Apr 07, 2020 11:13 AM

While China video surveillance vulnerabilities have been much debated in the West in the past few years, China is now saying those vulnerabilities are being used to attack China.

IPVM Image

This news comes from the PRC's main cyber threat monitoring body, which stated a recent hacking campaign's use of longstanding vulnerabilities is "sounding the alarm" on PRC IoT security, illustrating the risk associated with devices from that country.

In this post, we examine this news, including:

  • Attack Background
  • CNCERT Gives Update on Hacking Methods, Impact
  • China Manufacturers Especially Vulnerable
  • Cybersecurity Expert PenTestPartners Feedback: DVR Vulnerability from 2016
  • CNCERT: Hack "Sounded The Alarm" on China IoT Security
  • CNCERT Recommends Manufacturers, Users Beef Up Security
  • Prior Warning: PRC IoT Devices May Be "More Susceptible"

Attack **********

** ***-********,**** ************ '*********'-********** ***-***** ********* **** ********* China ***** ************ ********* ** **** of * ***********-********* ******* ******** ******* the *** ********** ******#********:

IPVM Image

*** ******** *** ** *********** ****** on ********** *** ************* **** *********, Dahua, ** ******* (***** *** ********* claimed ** **** ***** **** ********* USA's *******, **** *** ***** ********* and ********* ****** ** *********). *** one ****************** *** ************ **********, ***** ********* a ******** ******.

CNCERT ***** ****** ** ******* *******, ******

IPVM Image

*** ***'* ***** ***** ****** *******,******,****** ** ****** ** ***** ******* *** ******* ** **** ******* campaign, ********** **** ******* **** ***** main *******:

*** ****** *********** ********* **** *** overseas [*******] ***** **** **** ***** attack ******** ****** **** ***** ***** of ***************: ****** ******* ********* ***************, malicious **** ************, *** ***** ****** vulnerabilities.

China ************* ********** **********

***** ***** ** *************** **** **** significant ****** *** ***** *** ************* ranging **** ***** ******* ************* ** smaller **** ***** ********* - *** our********* ** ***** ************ ************* *************** and ********.

****** **** ****** *** ******* **** "malicious ****" **** *** ******** ** "different ******** ** *** ***** ******". The **** ***** **** ****** *** driven ** ********** ******* **** ***** PRC ***** ************ ***-*******************.

Hack ****** ******* *********

****** ****** *.** ******* ******* **** launched ** ***,*** ** *********, ***** 10,157 ***** ****** ******** **** ******** as ****. ****** *** *** ****** specific ********* ******** ** *** ******** impact ** *** *******. *** **** of *** ** ********* ******** **** located ** *****'* ******* *********, ***** most ***** ************ ************* ***** *****.

Expert ********: *** ************* **** ****

****** *******, *** ******** ********** ******************, ******** *** ****** ****** *** told **** ***** **** *** *************** which *************** "********* ** * ****** of **** **** ** ****" ** his **** **** "****** **** *******":

IPVM Image

******* **** *** ****** ** ********** DVRs *** ***** *****:

***** **** *** ** ***** ******* then, *** ***** *** *** **** 100k. **** ** *** ***** **** we **** ****** **** **** ***** fixed, *** **** ***'*.

*** ******* ***** **** *** ****** report "***'* ****** **********" ***** **'* obvious ***** ******* ***** *** ******:

*** ****** ***'* ***** * ***** no-name *** ******* ** *** ******** like **** ******. **'* *** **** a **** - ****'** **** ***** as ******** **** *** **** *****.

**** ******* **** **** ********* ******** - *******, ** ** ******* **** such *** *************** *** ***** ***** exploited *** ***** ******* *****, *** China's *** *********.

CNCERT: **** "******* *** *****" ** ***** *** ********, ***** *******

***** ****** ****** *** ********* ** the ***** **** "*** ****", ** also **** *** ******** "******* *** alarm" ***** *** ********** *****'* *** network ******** *** [******** *****]:

*** ********* **this ****** ** ******** ************* ** *** ****. However, this attack shows that the IoT device has become an important target for hackers, and it sounded *** ***** *** *** ******* ******** of the IoT device.

****** ***** ****** *** ***** *** ongoing:

**** *** ***** ******* ****** ** this ****** *****, ****** *** **** domestic ******** ********* ****** *************** *** attack ***** ********, *** ** ** the **** ** ***********,some *************** **** *** **** ******** *** *** ***** ** ******** *********.

CNCERT ********** *************, ***** **** ** ********

****** **** ***** *************** *** ***** video ************ ************* *** ***** ** beef ** ******** [******** *****]:

*. *** ****** ************* ******strengthen *** ******* ******** ********** ** *** *******, plan ****** ******** ************ ** ******* during the development process, and embed network security protection mechanisms;

*. *** ******users ****** ******* ******** checks on multiple levels of hardware, firmware, software, applications, and network protocols before the device goes online; after the device accesses the Internet, it should be protected by technical means such as firewalls, and at the same time strengthen the Monitoring and auditing of network access behavior of connected devices.

*. *** *******Internet ** ****** ********* ************* **** ******* ******** ************ *** *** **** *******. Internet of Things users *** ********* ** ******* **********, and security awareness needs to be improved.

Prior *******: *** *** ******* *** ** "**** ***********" ** *******

* **** **** ******** *****'* *** ****** ******** *** the** ***** ******** ******** ****** **************** **** "******** ********" ** *** manufacturing **** ** "*** ******** ** entry" *** "******* ********** *********" ***** that "*******-************ *** ******* *** ******** targets *** ************ ******", ******:

******* *** ******* *** ** ***** as *********** ** ************ ****** ** those **** ***** *********,and *** ** **** ** **** *********** [emphasis added]

**********

** *** *********** *** ***-***** *******, **** ***** that *** *** **********'* ***** ****** abuses **** ** * ***** ****** for ***********-********* ******* *********.

*** ** ***** ** *****'* **** cyber ********** ****, ******* *********** ***** is ************ *************** ******** **** ********* due ** *** ***** ** ******* security *** ***** ***** ************ ********.

Comments (4)
UM
Undisclosed Manufacturer #1
Apr 07, 2020

***** **** ****** **** ***** ******* manufactured ***. ***** **'* **** ********* here *** ***** **** **** **'* not **** ** *****.

(1)
(1)
Avatar
Ross Vander Klok
Apr 07, 2020
IPVMU Certified

* ***** **** ** ********* *** can **** **** ** *** **** run.

(2)
AB
Arindam Bhadra
Apr 07, 2020

*** **** ** *** *** ***** made ************ ******* ** **** **** such *******.

MS
Mark Selent
Apr 08, 2020
IPVMU Certified

******** **** **** ** *****. ** amazes ** *** **** ** ** to **** ****** *** ** ***** a ******** ******* **** ******** *****.

(1)