TVT Backdoor Disclosed

Published Apr 09, 2018 13:29 PM

IPVM Image

Security researcher Bashis has disclosed a backdoor in TVT video surveillance products, with TVT issuing its own 'Notification of Critical Vulnerabilities'. Bashis has found numerous vulnerabilities in video surveillance products, most notably the 2017 Dahua backdoor, which later resulted in the industry's most widespread hacking attack.

In this note, we examine the TVT backdoor and TVT's response.

*******

****** ******** **** ***************:

IPVM Image

**** *******:

********* ************** ** ******** ****** ****** configuration - ********* ***** *** ******** in ***** ****.

*** ******* ** ******** ****** *** user's ******** *** ********* **** ******* of *** ****** ** ********** **********.

** **** ** ********* ********:

IPVM Image

***** **** ************* ******* **** ****** as '****** ******', ** ****** ****** out ********* ****** *** *** ****.

Fix *********

*** **** **** ***** ** * fix *********:

*** *** ******** *** ******** **** our *******, ** ** ** *** technical ******* ** *** ***** ******* technical ******* ** *** *** ***** firmware.

*** ******* ** *** ********* ** TVT **** *** **** ***.

Impact ** ****

*** ** ********* ** *** *** has****** ** ********** / ******** (*** this **** ** **). ** **** ****** ********* **** time, ** ** ********* ** ** certain ***** ****** ** ***** ****** are ********. ********, ** *** *** that ********* **** **** **** **** immediately ** **** ** *** **** future *** ****.

TVT - ~$** ******* *****

*** ** * ******** ****** ********* *** ******** ***** ********, ** 5% ** *****'* ****. *** *******'* 2017 ******* ** ~$** ******* *** it *** * ****** ************** ** ~$360 *******.

*** ***** ************ *********, *** ** mid-tier, ******* ** ******* ** ********* or ********* *** */**** ** ** the **** ** ***** *** */** or ** *** **** ** *********.

TVT's *******

*****'* ************, **** *** *** ************ ******* defense ** ********* *** ********:

******* ** ******** ****** ******* ****** all *************, ** ****** *** *** or *** *** ** *** ****** they ***, ***** ****** *** ** us ** ** ******** ** ******* our ******* *** *******.

** ******, **** ****** *** *** worse **** ******, **** ** ****-***** passwords *** *********** ********* ** ***** text.

**** **** ***** **** '*****' ***** vulnerabilities:

** ******** ***** * *************** **** a ***** **** **** ******** ******** ******.

*** ********* ****** *** ********* *** stupid ****** *** ** ******* **** if ***** *** ****-***** ********* ** TVT's *** ****, **** ***** *** need ** '****' **** ***** **** put **** ** *****. ********, *** only '*****' **** ***** ****** ******** it *** **** **** ** **** before *** ****** **********.

Comments (18)
U
Undisclosed #1
Apr 09, 2018

*** ***** *** ******* ** **** via ******, ********* *** "*** ****" returns ~**** *********.

 

********** "****://**.***.**.**:****/***/********/*****/************.***" ***** *** *** ******** image **** *** ***** **** *** at ***** **** ** *** *****.

(1)
UE
Undisclosed End User #2
Apr 09, 2018

*** ****** **** ****** '********:' ***** more **** >****

 

** 

U
Undisclosed #1
Apr 09, 2018

******.  * *** **** **** ** do **** ***** ******* ****** ** the **** ** **** ****** ** pretty ******.  **** ** **** ************* later.

U
Undisclosed #3
Apr 09, 2018
IPVMU Certified

...** *** **** ** **** ****** is ****** ******.

*. **/****-**** *** *** **-****** ****** 

*. *** ******* ********** ****** + aviation *****

*. ****** ********* ********** *** ******

*. **** * **** ******.

(1)
(6)
U
Undisclosed #1
Apr 09, 2018

********** *******.

********* ******* ** ** **** *** attempting ** **** *** *****.

 

(7)
JH
John Honovich
Apr 09, 2018
IPVM

******* ***

** **** * **** *****? ***, evidently** ** *** * ********** *******:

(1)
DD
Dan Droker
Apr 09, 2018
LONG Building Technologies • IPVMU Certified

** ********** *** ****** **** **** they *** **** ** * ********** DIY ******** ****** *****, **** **** self ******* ****. * **** ****** past ***** ******** *** *****, *** never ***** ***** **** ** *** context ** *** ******* * **** been ******** ** **************.

U
Undisclosed #1
Apr 09, 2018

***, ********* ** ** *** * ********** *******:

******* ***** **-*** **** ***** ************ offerings.

(1)
SF
Shay Fogel
Apr 09, 2018

**** **** **** *** *** ***** to *** *** ****** (*** ******* with ****** ******** ** ******) ** an ************* **** ** ******** *** hard-coded ******** ** *** ***** **** of *** *** *********?

 

bm
bashis mcw
Apr 09, 2018

*******

(4)
UI
Undisclosed Integrator #4
Apr 09, 2018

**** *** ***** **** ***** ** what ***/***** **** *****, ** ** this ***** *** ******** ****?

bm
bashis mcw
Apr 09, 2018

****'* *** ** **** *********** ** anyone ****

(1)
UM
Undisclosed Manufacturer #5
Apr 10, 2018

*** **** ******* ** ** *******, NVRs, ** ****...** *** ** *** above?  

bm
bashis mcw
Apr 10, 2018

***** **'* ***** ***** *******, **?

***:****://**.***.***.**/****/***.****

 

U
Undisclosed #3
Apr 10, 2018
IPVMU Certified

***** **’* ***** ***** *******, **?

***** *** *****, ***** ‘*********’ *** they ******* *****?

*** ** *** ******* ** *** warehouse **** ** ******** ******** ** us ** ** *** ***** ********. Our ****** ********* ****** **** ** its ***, ***we ****** **** ********* ** **** ** ******* *** ** ********* ** ***** *******.

 

(1)
bm
bashis mcw
Apr 10, 2018

****, *** *** ****** ***** ****...

(2)
UM
Undisclosed Manufacturer #6
Apr 11, 2018

"** ******** ***** * *************** **** a ***** **** **** ******** ******** ******. * ** **** are ****** ****** *** ********, *** can ** **** ** ******* *** devices, ** **** ****** *** **** or ******* ** ************ ****-*** ** there. ** ********* *** *** * update ** ******** ** ****** *** to ***** *** *************, ** ***** to ***** *** ******** **** ** the ******."

* ***** **** *** ** **** attention ** *******, *********** ** **** did ** ***** *** ****** ********.

* *** **************, ***** ***** ****** to **** ***** ****!

UE
Undisclosed End User #2
Oct 15, 2019

*********, ** ***** **** ***** ***** (?) *** ******* ** ******* **** vulnerability.

******:****** ****

Virustotal *******

**********(*******)

**********(*******)

**********(*******/***)

(2)