Interview With Researcher Who Cracked Security Of 70+ DVR Brands

Author: Brian Karas, Published on Jul 07, 2016

The researcher who found an exploit in 70+ brands of DVRs, which he suspected to be the entry point hackers used to gain access to several retailers, elaborated on these hacks to us.

We got in touch with Rotem Kerner, previously a security researcher at RSA, and now co-founder of security research company Cybewrite to discuss the exploitability of embedded security devices.  

[***************] 

Old **** ******* *** * ***** ******

****** **** **** ** ***** ************* ** ******** ******* **** routinely "****** ** *** **** **** *** * *** ** people *** ****** ** **** ****". ******** ** ***** ******** devices **** ***** ******* ** ***** *******, ******** ******* *** ********* *** not **** ****** ** **** ***** ********, *** ********** ** networks, ****** ************* **** ********* ***** ***** ********.  

Now ****** ********

*** ******* ******* *** *********** *******, ******** ******* **** ***-***** *******, at ***** ** ***** *** **** *** *****. **** *** massive **** ** ** ****** ******* *** ********* ********** ** Internet-connected ******* **** **** ****** *********, *** ****, *******.

Worse ** ***** ******* ** ********

** ***** ******* ***** **** ** *** **** **** ****** and ******** **** ******* *** ************* *** **********.  **** *** **** vulnerabilities ***** ** *** ****** *********** ********** ** ***** ******/******** using *** **** ******** ******** *********.  ******* ****** ************* ****** showed ******* ******* ** ******** ****** ****** *** ******* ****** ********.

How *************** *** *****

***** ***** ****** ** *********** ******** ******, *** ***** ***** like ******* *********** **** *** **** ** *** *** ***** ** *** ********.  This **** ******** ** *** ************ ********** ** ******** * ****** ************ *** **** ***** *** ****** ******** methods **** *** ********** ** *** ************.    

********* ** **** ** *** *** *****, ************* *** ******** ***** ********, **** ********* * ********* full ** ******/*****.  **** ******* *** ** *********** ********* **** the ******* ** ******* ***** ** ******* ** ********* ** deployed ******* **** **** ** ******.

Two ****** ******* ** ******* ********

** ******* *** ** ********* ** * ****** ** ******* root ** ***** ****** ** * ***** ******* *** **** downloading **** ******** **** *** **** **** * ****** ******. This ****** ******** *** ****** ** ** **** ** *** network ****** ** *** **** (****** *******, ** **** *** internet).  ** *** *** ******* ** ***** **** ** ** done ******* *** **** ****** ** ** ********, *** ********** the ******* ** ********** ******** ** ******* ******** ** ***** that *** ********** ********.

******* *** ** *** ** ******* **** * **** ** by ********* *** ******** *** *** ****** **** *** *** exploit ***** **, *** **** ********* **** ******** **** *** unit. **** *** **** ** **** ********, ** *** ****** can *** *** *** *** **** ** ******* *** ******** themselves. *** *** ** ******** * **** ** ******* *********** firmware ** ** **** *** ******** ********* *** ********, *** then **** ** ***** **** ******* ** **** **** *** manufacturers ******* ********** ********** * ******** ******.

Securing **** *******

** ** ********** ** ***** ****** * ****** ********* ** the ********, *** *** *** ****** **** ******* ** ****** by ********* ***** **********: 

  1. ****** ******* *********, *** ********* ** *** ****** ****** **.  Simply ******** "*****" ** "*****" **** **** ****** ********** ****** ********.
  2. **** ******** ******** ***** **** ************* ********, ***** **** **** not ********* ***** *** *** ***********, ** **** ****** *** chances ** ******* ***** ********.
  3. **** ******** ******* ** ******* *** ******** **** ***** ****, assuming **** *** ************ ** ******* ** **** ******** *******.
  4. ***** *** ** *********/******** **** *** ****** **** *********, ** better *** ***** ****** ******** ****** *** ******* *** ***.

** *** ****** **** ******** ************* ************, ********** ******** ****** ** ******* *** ****** **** ** exploit.

What ************* *** **

******** ****** *** *** ******** **** *** ******** ********** *** the **** ****** ******* ** *******. ******* ** ***** ****** ** rarely ****** ** ********** *** *****, *** ** ***** **** by ******* ** **** ****** ** *** ******.

************ ******** ********* ******** ****** ************ ******* * ***** ****** ******. **** devices ** *** ****** *** ********* ** ******** ***** ****** installing ****, ******** ********* ** ****** ***** ******** ****** ***** *** turn ***** ******* **** *********** ******* ****** *****.

********** *** ******** ***** *** **** **** ** **** ********* for ******* ** ********* **** *** ***** *** **** *** exploitable **********.

Comments (19)

Thumbnail image

Jon Dillabaugh

Pro Focus LLC | 07/07/16 02:46pm

**** *******. ** ** *** ******* *** ******** *** **** practices, ***** ***** ** ***** **** ****** ** *********. *************, of ******, **** * ***** **** ****, *** *********** **** to ** ***** **** ***. **** ****'* ****** ** ******. Sometimes * ****** ***** ** ** ****** ******. *********** *** access ** **** ****** ****** ****** *** ********** ******* ** it ** *********.

Undisclosed #1

07/07/16 04:29pm

**** **!

******** ***** **** ******:

**** ******* *** ** *********** ********* **** *** ******* ** created ***** ** ******* ** ********* ** ******** ******* **** over ** ******...

** ******* *** ** ********* ** * ****** ** ******* root ** ***** ****** ** * ***** ******* *** **** downloading **** ******** **** *** **** **** * ****** ******.

***'* *** '*******' *** ******* ** '**** ****' ** *** first *****?

****** ** ** **** *** *** ******, "**** *** ** stolen ** ***** *** *** ** ***** *** ******."

Thumbnail brk1

Brian Karas

IPVM | In reply to Undisclosed #1 | 07/07/16 04:42pm

***'* *** '*******' *** ******* ** '**** ****' ** *** first *****?

** **** *****, ***. ** **** **** * *** ********* more ** *** ******* ***** *** ********** **** **** *** uploaded ** *** ****** *** **** ******** ** *** ******. But **** *** *** ** ******* ****/***** ****** ** **** a **** ** *******.

Undisclosed #2

In reply to Undisclosed #1 | 07/07/16 04:43pm

***'* *** '*******' *** ******* ** '**** ****' ** *** first *****?

*********, *** ** * *** **, *** ******* ** **** unauthorized "****" ** *** ****. *** "*******" ** *** ******/****** you ****/**** (******* *********) ** * ****** ** ******* ************ access-often ********** *******.

Undisclosed #1

In reply to Undisclosed #2 | 07/07/16 05:26pm

*** "*******" ** *** ******/****** *** ****/**** (******* *********) ** a ****** ** ******* ************ ******-***** ********** *******.

********. ****** **** ***** ***** ** *** ****** ************* ** the **** '*******', * ***'* ***** **** ** *** ***** meaning ** *****-********.

*** ******** ** * *** * ***** ***** ******** ******* to **** **** ** * ****** *** **** * **** a *** ** *** *** ****** **** *******, *** ******* is ***** ***** ******** ******, *** ******* *****.

**** ***** *****, ***** ********* *** ******* ***** ** *** number ** ******, **** ***** ** **** **** *** *** root.

** **** ********** ****, *** ****** ** "******* ** *******" is ******* **** **** *** **** ****** ******. **** ** the ***** *******.

Undisclosed #2

07/07/16 04:47pm

**** *** *** ** *** *** *********** **** * ********** thought *** **** ********* *** **** *************. * ***** *** out ** **** *** *** ** ***** ** *** **** kind ** ******** ** ****.

jason oneal

07/08/16 11:41am

** ***** * *** ** **** ** * ****** *** already **** ***********? ** **** ********** *** **** ********* ** latest ******** ********* *** ***** **** ****** ** *** ******?

Thumbnail brk1

Brian Karas

IPVM | In reply to jason oneal | 07/08/16 12:39pm

**** ** ** ********* ********.

*** ********* ******** ****** ** **** ***** ** ** *** to **** *** **** ** * ****** *** **** ***********, especially **** ** ***** ** ****** **** ******* ***** ***** like************* *** *** *******.

********** * ****** **** **** ***** ****-********** ******** ** **** cases, ** ***'* **** *** *** ***** ******** **** *** been *****.

*** **** **** ** **** *** **** ******* *** ******** contains * ******** *****, ********* ****** *** *** ********** *****/******** needed ** *** *** ****** ** ********. ********* **************** * ******** **** *** ********* *** *******. *******, **** like ************* ******** *** ** ***** ****** * ******** *******, so ***** ********* ******* ** *** ******* **** ************ ************* and ********** *** ********* ** *** ****** *****.

* ** *** ***** ** *** ** *** ***** ***** malware ******** ** ******* *** ********* ** ** *** ***** where ** *** ******* ****** * *****/******* *** * ******** upgrade, *** ** ** *********** ******** *** **** ** *****. Hopefully ** **** *** **** ******** ******** *** **** ******** implemented ** ************* ****** *** ******* *** ***** ** **** in **** ******.

Andrew Tierney

In reply to Brian Karas | 04/08/17 09:13am

*'** *** ********* *** **** **** ******* ******* * ******** upgrade. **** ******** ******* ***'* ***** *** **********.

Michael Henderson

07/12/16 03:24pm

*********** *** ****** ******, ***** ** ** **** ** **** selling *** *** *** **** *** ***** ********* ******* *** networks **** ****** ******** ** ****. *** ****, **** ***** we *** ******** ** ** ** *** *********.

*********** **** ** **** ***** ***** ********* *** ***** ******* the ******* ******** ** *** ********. ** *** ***** *** so ***** *********, ** ** **** ** ******* **** ****** to **** ****** ******** ********* ***** ***** ********.

Thumbnail image

Jon Dillabaugh

Pro Focus LLC | In reply to Michael Henderson | 07/12/16 03:36pm

***** * ***** ** ******* **** **** **********, * ***** like ** **** ***** ****** *** ****** **** ********, ** your *******?

Thumbnail marty2016

Marty Calhoun

IPVMU Certified | In reply to Michael Henderson | 04/08/17 12:39am

** **** *** ***** ** '*** *** ****', ** *** mean **** ****** ***** = ***** ******?

Michael Henderson

07/12/16 03:47pm

** ***'* *** ******, *** **, *** *** *** ******* are ********. ******* **** *** *********' ** ****** *** ***** exploits, ********* ******** ********. ** *** *** ****** *****, * system **** ** *** ********* ** *** ********, ****** ** cases ** ******* *** ***********.

*******, ***** ****** **** ****** *** ***** * *** *** can **** ** ******** **** ******* *******, *** ** *** maintaining * ******** ** **** *** ******** *** ****.

******* **** ********* ***** ******** ** ****** ** ***** ********* exploits ** **** ** *** *** ********* *********** **** **** at **** ********* * ***.

Thumbnail image

Jon Dillabaugh

Pro Focus LLC | In reply to Michael Henderson | 07/12/16 04:02pm

*** *** **** ** ******** "********* ***'* ******** ** ****** to ***** ********* ********" ** **** *** ***'*?

Michael Henderson

In reply to Jon Dillabaugh | 07/12/16 05:32pm

**** *** *****, * *** ** **-******* **** **** **** due *********. * **** ******* * ****, *** ******* * do ***. *** ******* **** *********** ** ********* * **** in ***** *** ***** ** * ************ ********,.

Thumbnail image

Jon Dillabaugh

Pro Focus LLC | In reply to Michael Henderson | 07/12/16 06:04pm

******! :)

* ****** * **** ***** *****!

Michael Henderson

In reply to Jon Dillabaugh | 07/12/16 06:07pm

******** ****. ***** ** **** **** *******, *** * **** do *** **** **** ****.

Thumbnail marty2016

Marty Calhoun

IPVMU Certified | In reply to Jon Dillabaugh | 04/08/17 12:42am

***** *** ***, *** *** *** **** ** *** **** for ****! ******** **** ***** *** **** ***** ** *** of *** "***-***********" ** **** ****.

Thumbnail brk1

Brian Karas

IPVM | 04/07/17 03:35pm

***** ** * *** ****** ***** ********, ****** "*******", **** looks ** ** ********* *** *** *******. ** *** ~***,*** vulnerable ******* **** **** **********:

*** ***/***** ******* ******* ****, ***** ******

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Most Recent Industry Reports

Importance of Sales To Integrators - Statistics on Jun 23, 2017
One of the top trends in the industry over the past few years has been the rise of across-the-board sales (e.g.: Hikvision Sales, Dahua Sale,...
Deep Learning Surveillance Startups Deep Problem on Jun 23, 2017
The undeniably good news for the video surveillance market is that we are seeing the rise of more startups than in many years. The cause of this...
Avigilon Announces RADAR-Based Presence Detector on Jun 22, 2017
RADAR is gaining momentum within physical security. Two months after Axis announced a network radar detector, Avigilon has announced a RADAR-Based...
Covert Cloud Camera Service Launching (KJB) on Jun 22, 2017
Cloud IP cameras, for consumers, has become increasingly commonplace. However, covert cameras, lag there, with few options. Now, North America's...
Manufacturers Shipping Unlicensed H.265 Products on Jun 22, 2017
While H.265 support in video surveillance is growing, IPVM's research shows that most surveillance manufacturers are shipping H.265 products with...
Uniview Low-Cost Bullet PTZ Tested on Jun 21, 2017
Uniview is offering a HD zoom bullet camera, the IPC742SR9-PZ30-32G, with an integrated pan / tilt positioner, for the price of a low-cost...
QSR Video Surveillance Best Practices on Jun 21, 2017
Fast food restaurants or QSRs (quick service restaurants), are frequent victims of crime and fraud. Because they are open late, deal with cash, and...
45 Drives 'Lowest Cost' Enterprise Storage Company Profile on Jun 21, 2017
45 Drives claims the "lowest cost per Hard Drive Slot in the industry." But who or what is '45 Drives'? What started as a product design to...
No Hack, Still Liable, Court Finds ADT on Jun 20, 2017
Recently, ADT has been in the news for a $16 million settlement for a cyber security vulnerability class action suit. One of the most important...
Resolver / PPM 2000 Incident Management Platform Profile on Jun 20, 2017
You might have seen the company whose employees wear hockey jerseys at trade shows and wondered "what do they do?" PPM 2000 has been active in...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact