Who Is Hacking Hikvision Devices?

any private network connected to internet is connected via gateway (people call them Gateway-Routers) and these simple devices promises to have a builtin firewall. which block the traffic from Outside to Inside, provide access through NAT to the Device on the Inside from Outside

How far and how much can you trust these sub 100 USD Gateway Firewall. Its also clearly understand able that utm devices (Unified threat management) are not economical solution.

"MarketsandMarkets expects that the global unified threat management market is estimated to be $2584.6 million in 2014 and is expected to grow to $4445.7 million in 2019. This represents an estimated Compound Annual Growth Rate (CAGR) of 11.5% from 2014 to 2019. In the current scenario, NA is expected to be the largest market on the basis of spending and adoption for the unified threat management solutions and services."

I would suggest that a simple, workaround is access the Inside only through VPN and not use NAT at all. again please remember even VPN are not hack proof, I recommend OpenVPN or SSL VPN. Implementation of VPN is quite easy, there are devices like ASUS RT-N16 (+100 USD) or FVS318G etc.

at the device head, use VPN Server and on your device use VPN Clients to create the tunnel. While creating the tunnel you could disable access to Local Network devices and just Tunnelled NAT to your DVR, hence only the DVR is accessible and not the cameras.

By using a VPN Tunnel, you create a secure tunnel into your private network, hence the gateway is configured to block all access. This resolves the most basic issues way of securing your device, keep it away from Internet access. I have documented "How To" at http://tskamath.pactindia.net/?s=VPN

Most hackers ( in this case Wanabe /apprentice hackers) do this to sharpen their skills. embedded Linux devices are easy to learn of of and are the majority of devices out there.

Guess what cameras are embedded Linux devices.

I strongly suggest even if you dont understand the technical aspects of this video you watch it for the thought process of a hacker.

Hacking a camera 2013 blackhat

Some thing to point out

1. he targets cheap cameras because he cant afford to buy a high end one

2. firmware cracking is simple given the list of tools out there. unless its encrypted.

3. Shodan has a list of free cameras to practice on.

4. most of them copy and paste firmware across models including OEM's

so take a guess which camera's are going to be hit most often. Oh look all the ones we keep seeing in the news and forums here.

how many high end camera manufacturers cameras do you see getting hacked anywhere of any high end brand? oh that right its almost not existent. wonder why? Oh look that are are starting to release some sort of Cyber security measures in all their brands, encrypted firmware so hackers have to first crack the Firmware before they can poke around the guts of a camera with out having to buy one. encrypted streams and connections from the camera to the NVR to the Internet. Forcing users to enter a new user and password on first boot, etc etc .

ChinaCams are being targeted because they are cheap, easy, and plentiful to hack whether for experience or botnet, end users who buy direct dont care about security so hacker can practice on them first before moving on the crack locked down ones installed by security companies. 

Trust me if I had the money and was in the position to do "corporate sabotage" China cams would be broadcasting porn to schools flooding you tube streams of live feeds of people property, showing live streams of china, and what ever else I could to to damage them.

no one throws money for "corporate sabotage" just to put in a fake account and leave.

Where is the inside job option on the poll?

Why would it be an inside job? That does not make sense to me but I'd be curious to hear your theory.

If not sarcastic you must also like to play chess!

I'm unsure 100% with Hikvision devices, but with Dahua devices if you simply reset credentials, they may be overwritten by the OS level, if the exploit went as far to do so. So, you reset defaults, reboot, and return to an exploited device. 

I cant say with any certainty that Hikvision devices operate in the same manor, but I suspect the firmware section of the device is only a minor part and uploading firmware isn't likely to do anything to disrupt other parts of the OS and storage. 

To check for yourself, look at the size of the download of the firmware file. If it seems small and normal, that's just the "firmware app".

If it is like some of the newer Dahua downloads, where they are 100MB files, that is more likely the entire OS and firmware in one download. They still get applied in different ways. But they are separate. 

Attila,

To be fair, I do not know of any manufacturer that has an on board ethical hacking team. I may be wrong, but I don't think any IP camera manufacturers have this sort of personnel on staff. Usually, IP camera makers hire a 3rd party company to do this type of work.