TVT Backdoor Disclosed

Author: IPVM Team, Published on Apr 09, 2018

Security researcher Bashis has disclosed a backdoor in TVT video surveillance products, with TVT issuing its own 'Notification of Critical Vulnerabilities'. Bashis has found numerous vulnerabilities in video surveillance products, most notably the 2017 Dahua backdoor, which later resulted in the industry's most widespread hacking attack.

In this note, we examine the TVT backdoor and TVT's response.

******** **************** *** ********* * ******** ** *** ***** ************ ********, **** *** ******* *** *** '************ ** ******** ***************'.****** *** ***** ******** *************** ** ***** ************ ********, **** ********** **** ***** ********, ***** ***** ******** ** ***********'* **** ********** ******* ******.

** **** ****, ** ******* *** *** ******** *** ***'* response.

[***************]

*******

****** ******** **** ***************:

**** *******:

********* ************** ** ******** ****** ****** ************* - ********* ***** and ******** ** ***** ****.

*** ******* ** ******** ****** *** ****'* ******** *** ********* take ******* ** *** ****** ** ********** **********.

** **** ** ********* ********:

***** **** ************* ******* **** ****** ** '****** ******', ** Bashis ****** *** ********* ****** *** *** ****.

Fix *********

*** **** **** ***** ** * *** *********:

*** *** ******** *** ******** **** *** *******, ** ** to *** ********* ******* ** *** ***** ******* ********* ******* to *** *** ***** ********.

*** ******* ** *** ********* ** *** **** *** **** fix.

Impact ** ****

*** ** ********* ** *** *** ********* ** ********** / ******** (*** **** **** ** **). ** **** ****** ********* **** ****, ** ** ********* to ** ******* ***** ****** ** ***** ****** *** ********. Moreover, ** *** *** **** ********* **** **** **** **** immediately ** **** ** *** **** ****** *** ****.

TVT - ~$** ******* *****

*** ** * ******** ****** ********* *** ******** ***** ********, ** *% ** *****'* ****. The *******'* **** ******* ** ~$** ******* *** ** *** a ****** ************** ** ~$*** *******.

*** ***** ************ *********, *** ** ***-****, ******* ** ******* to ********* ** ********* *** */**** ** ** *** **** of ***** *** */** ** ** *** **** ** *********.

TVT's *******

*****'* ************, **** *** *** ************ ******* ******* ** ********* *** problems:

******* ** ******** ****** ******* ****** *** *************, ** ****** how *** ** *** *** ** *** ****** **** ***, which ****** *** ** ** ** ** ******** ** ******* our ******* *** *******.

** ******, **** ****** *** *** ***** **** ******, **** as ****-***** ********* *** *********** ********* ** ***** ****.

**** **** ***** **** '*****' ***** ***************:

** ******** ***** * *************** **** * ***** **** **** 3******* ******** ******.

*** ********* ****** *** ********* *** ****** ****** *** ** realize **** ** ***** *** ****-***** ********* ** ***'* *** code, **** ***** *** **** ** '****' **** ***** **** put **** ** *****. ********, *** **** '*****' **** ***** Bashis ******** ** *** **** **** ** **** ****** *** public **********.

Comments (17)

Undisclosed #1

04/09/18 10:57am

*** ***** *** ******* ** **** *** ******, ********* *** "TVT ****" ******* ~**** *********.

********** "****://**.***.**.**:****/***/********/*****/************.***" ***** *** *** ******** ***** **** *** ***** page *** ** ***** **** ** *** *****.

Undisclosed End User #2

In reply to Undisclosed #1 | 04/09/18 03:27pm

*** ****** **** ****** '********:' ***** **** **** >****

**

Undisclosed #1

In reply to Undisclosed End User #2 | 04/09/18 11:33am

******. * *** **** **** ** ** **** ***** ******* around ** *** **** ** **** ****** ** ****** ******. Will ** **** ************* *****.

Undisclosed #3

In reply to Undisclosed #1 | 04/10/18 12:01am

...** *** **** ** **** ****** ** ****** ******.

*. **/****-**** *** *** **-****** ******

*. *** ******* ********** ****** + ******** *****

*. ****** ********* ********** *** ******

*. **** * **** ******.

Undisclosed #1

In reply to Undisclosed #3 | 04/10/18 12:09am

********** *******.

********* ******* ** ** **** *** ********** ** **** *** plane.

John Honovich

IPVM | In reply to Undisclosed #1 | 04/09/18 04:13pm

******* ***

** **** * **** *****? ***, *********** ** *** * ********** *******:

Dan Droker

LONG Building Technologies | In reply to John Honovich | 04/09/18 04:49pm

** ********** *** ****** **** **** **** *** **** ** a ********** *** ******** ****** *****, **** **** **** ******* NVRs. * **** ****** **** ***** ******** *** *****, *** never ***** ***** **** ** *** ******* ** *** ******* I **** **** ******** ** **************.

Undisclosed #1

In reply to John Honovich | 04/09/18 05:03pm

***, *********** ** *** * ********** *******:

******* ***** **-*** **** ***** ************ *********.

Shay Fogel

04/09/18 10:45am

**** **** **** *** *** ***** ** *** *** ****** (not ******* **** ****** ******** ** ******) ** ** ************* just ** ******** *** ****-***** ******** ** *** ***** **** of *** *** *********?

bashis mcw

In reply to Shay Fogel | 04/09/18 05:48pm

*******

Undisclosed Integrator #4

In reply to bashis mcw | 04/09/18 06:30pm

**** *** ***** **** ***** ** **** ***/***** **** *****, or ** **** ***** *** ******** ****?

bashis mcw

In reply to Undisclosed Integrator #4 | 04/09/18 11:33am

****'* *** ** **** *********** ** ****** ****

Undisclosed Manufacturer #5

04/10/18 12:35pm

*** **** ******* ** ** *******, ****, ** ****...** *** of *** *****?

bashis mcw

In reply to Undisclosed Manufacturer #5 | 04/10/18 04:53pm

***** **'* ***** ***** *******, **?

***:****://**.***.***.**/****/***.****

Undisclosed #3

In reply to bashis mcw | 04/10/18 11:49am

***** **’* ***** ***** *******, **?

***** *** *****, ***** ‘*********’ *** **** ******* *****?

*** ** *** ******* ** *** ********* **** ** ******** properly ** ** ** ** *** ***** ********. *** ****** upgrading ****** **** ** *** ***, ***we ****** **** ********* ** **** ** ******* *** ** ********* ** ***** *******.

bashis mcw

In reply to Undisclosed #3 | 04/11/18 05:06am

****, *** *** ****** ***** ****...

Undisclosed Manufacturer #6

In reply to bashis mcw | 04/11/18 12:51am

"** ******** ***** * *************** **** * ***** **** **** 3******* ******** ******. * ** **** *** ****** ****** *** firmware, *** *** ** **** ** ******* *** *******, ** even ****** *** **** ** ******* ** ************ ****-*** ** there. ** ********* *** *** * ****** ** ******** ** proper *** ** ***** *** *************, ** ***** ** ***** the ******** **** ** *** ******."

* ***** **** *** ** **** ********* ** *******, *********** as **** *** ** ***** *** ****** ********.

* *** **************, ***** ***** ****** ** **** ***** ****!

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Hacking

April 2018 IP Networking Course on Apr 19, 2018
This is the last chance to register for our IP Networking course. Register now. NEW - 2 sessions per class, 'day' and 'night' to give you double...
P2P 'Fail To' 'Quick And Steady Access' - Hikvision Defends Port Forwarding on Apr 02, 2018
Following criticism of Hikvision's ongoing port forwarding recommendation (e.g., Hikvision Hardening Guide Recommends Port Forwarding and Hikvision...
Stats: Disclosing Vulnerabilities Responsibility? Researcher or Manufacturer on Mar 30, 2018
Getting prompt and appropriate information on vulnerabilities is important for integrators and end users to ensure that their systems are best...
Hanwha / Kaspersky Vulnerability Dispute Examined on Mar 29, 2018
IT media ran numerous reports in the past month featuring two prominent companies - Hanwha (previously part of mega manufacturer Samsung) Techwin...
Hikvision HQ Contradicts Cybersecurity Director on Mar 07, 2018
Hikvision HQ has contradicted Hikvision USA's Director of Cybersecurity, Chuck Davis. Davis - Don't Put Cameras On The Internet Davis made a...
New Whole Foods Installs Hackable Access Control (Upgraded) on Feb 21, 2018
Whole Foods has built a reputation for high quality. And their 2017 Amazon acquisition has increased that, plus added deep pockets for buying...
Remote Network Access for Video Surveillance Guide on Feb 21, 2018
Remotely accessing surveillance systems is key in 2018, with more and more users relying on mobile apps as their main way of operating the system....
IP Cameras Default Passwords Directory on Feb 09, 2018
Below is a directory of 50+ manufacturer's default passwords. Note: Change Default Passwords Leaving default passwords is dangerous and makes it...
Simplisafe 'All New' Generation 3 Tested on Feb 08, 2018
Feared by the traditional alarm industry, Simplisafe has launched its 'all new' Generation 3 platform that they declare is "Stronger. Faster....

Most Recent Industry Reports

May 2018 Camera Course on Apr 20, 2018
Save $50 on early registration until this Thursday, the 26th. Register now (save $50) for the Spring 2018 Camera Course This is the only...
Global Real-Time Video Surveillance - EarthNow on Apr 20, 2018
A new company, EarthNow, with backing from Bill Gates, Airbus and more, is claiming that: Users will be able to see places on Earth with a delay...
Dedicated Vs Converged Access Control Networks (Statistics) on Apr 20, 2018
Running one's access control system on a converged network, with one's computers and phones, can save money. On the other hand, hand, doing so can...
April 2018 IP Networking Course on Apr 19, 2018
This is the last chance to register for our IP Networking course. Register now. NEW - 2 sessions per class, 'day' and 'night' to give you double...
Rare Video Surveillance Fundraising - Verkada $15 Million on Apr 19, 2018
Fundraising in video surveillance (and the broader physical security market) has been poor recently. Highlights are few and far in between...
'Best In Show' Fails on Apr 19, 2018
ISC West's "Best In Show" has failed. For more than a decade, it has become increasingly irrelevant as the selections exhibit a cartoon level...
Security Camera Cleaning Frequency Statistics on Apr 18, 2018
150+ integrators told IPVM how often they clean cameras on customer's sites and why.  Inside we examine their answers and break down feedback...
Worst Access Control 2018 on Apr 18, 2018
Three access control providers stood out as providing the most problems for integrators. In this report, we analyze the answers to: "In the...
Axis VMD4 Analytics Tested on Apr 17, 2018
Axis is now on its 4th generation of video motion detection (VMD), which Axis calls "a free video analytics application." In this generation, Axis...
Arecont CEO And President Resign on Apr 17, 2018
This is good news for Arecont. Arecont's problems have been well known for years (e.g., most recently Worst Camera Manufacturers 2018 and starting...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact