HikConnect **********
********** ** *********'* ****** cloud **********/****** *******. ** has ******* *** * number ** *****, ***** in ***** ** *****, and ***** ***** ******** ************* *** found ** ***** ********* DDNS ******************* ************ *********, ********* *** **** promoting **********.
**** **********, * ****** connection ** **** **** one's ********* ******* (*********, cameras, ***.) ** *********'* cloud *******. ** ** so, *** ******* * HikConnect *******. **** ****, the ********* ****** ** remotely ********** ***** *** cloud *******.
Vulnerability *********
*** ************* ** ******** since ** ****** **** access ** ******* ********* to **********. *** *********** found * *** ******:
(*) **** **** **** to ****** * ****** that **** **** *** logged ** ** ** changing *** **** ** on *** ****** *** their *******, ** **** note:
***** ******** *** *** user ** **** *** first ***** ****** ** the ****** ***** ** AS_UserID ***…****, ** *** see *** ***** *******.
(*) ***** *****'* '******' feature **** **** **** to ***** ***** "***** or *****" ** *** the **** ** *** then ****** *** ******:
** ***** **** ***** you **** * **** as * ****** *** can ***** *** *** you *** * ******* which **** *** *** (wanted) **** **!
**** **** *** **** user **, **** ***** return ** **** (*) and ****** **** ******** person's ******.
3 *** ***
*** ********** **** **** Hikvision ***** *** ************* within * **** ** them ******* ********* *** vulnerability ******. ********* **** they *** "*** ***** of *** ****** ** malicious ***" ** *** vulnerability.
***** ********* *** *** explain *** **** ***** it, ****** ********* ** IPVM **** ***** ********* the *************, *** ******** guess ** **** **** are ******** *** ****** server ****, ****** **** simply ******** *** **** ID ** ** ********.
Not ******* ********** *******
***** ***** *** *********** concerns ***** *********'* ******* government *********, **** ** certainly *** * ****** in ****. ***** **** is * ***** *******, Hikvision *** **** ****** to *** ******* *** any ****** *********. ** they **** ** ****** those *******, **** ** not **** *** '********', they ****** *** ****** directly. **** ** *** unique ** *********, ** that ** * *********** design ******** ** ***** services (******* ******* ** Hikvision). *******, ***** *** Chinese's **********'* *********, *** concerns *** **** ***********.
Compared ** **** ********
*******-**** *********** ***** ** **************, in **** ** ******** direct ***** ****** ** devices **** * ****** command ******. **** *************, by ********, ******** ********* issues. ** *** ***** hand, *** ******** ******** having ******* ****** ** the ****** (***** ** the ****** *** *** exposed ** *** ******** would ** *******). **** HikConnect, *** ************* *** be ******** ****** *** device *********.
Risks ** ***** ********
************, ************ ************* **** recommended **** **********, ***** has *** *********** ******** of ****** ******* ******* to ****** *******. ***** services *** **** ****** that, ** *** ****** that **** ******* **** forwarding (******, ****,********* ********* ** ********* port ***************** ********** **** **********'* ***********/*****).
*******, ** **** ******** shows, ***** ******** **** their *** *****, ** creating * ****** ***** of ******* / *************. Instead ** ****** ******* IP ********* ****** *** world, ** ******** ***** concentrate *** ******* ** a ****** ****** *** get ****** ** ******** of ********* ** *******. Stykas *** ******** *** white *** *********** *** responsibly ******** ****. ****** could ** ***** *** found **** ************* *** used ** ** ******* devices.
Comments (12)
John Honovich
This morning, 2 emails featuring Hikvision USA about the same time.
Special Bulletin:
And another sale:
Certainly, today's timing is coincidental but also fitting.
Create New Topic
Michael Gonzalez
04/26/18 01:57am
Seems to me that cloud and security are a contradiction in terms, kind of like Hikvision and security for that matter.
Create New Topic
John Honovich
CSO Online article: Critical Hikvision flaw could be remotely exploited to hijack cameras, DVRs and accounts
Create New Topic
bashis mcw
Good find!
Continue the research and include also other vendors, I'm sure you will find more.
Create New Topic