Yes, it means almost every second one we had a chance to work with. If your surveillance is few years old, the digit goes double.
Let's see what we saw in real life scenario..
While working on Implementation at VROfficePlace video analysis / access control systems, we put a goal to allow custommers simple integration with existing cameras. It was a ton easier for to save budget making an integration as simple as redirecting a camera feed.
There was a strong initiative that offer a value added penetration testing as the final product stage that most customers embraced. At the end of the day, you are implementing a technology on top of exsisting vendors and we thought it is a good idea to both stress-test and pen-test a whole eco-system.
Let me give you an example of our findings.
Almost all models of HikVision products made prior to 2017 got their encrypted config files exposed by a master password "YWRtaW46MTEK".
From there it was just about breaking EAS 128 ECB encyption in order to get a raw XOR encoded confguration. Is it enough to encrypt with EAS 128? Opinions are different as you can see. It might be for real time transmission but against a file? Anyway, your XOR key bytes are 0x73 0x8B 0x55 0x44
Ok, in February of 2019 maybe. Its a December. Anyway, here we are.
Why such a huge number? If we stick to a HikVision, they did patched the issue. However, instead of patching affected devices, models only 2 years old are completely removed from a website being unable to upgrade / apply patch. Not a best approach "act like it never happened" while most of your devices are still in operation.I put a demonstration script on GitHub to help you check if your HikVision camera expose full access. We will try to cover others as well after we communicate Vendors our findings.
Share the Fun!
Sharing is caring, and sharing is easy! made it easy!
Stay up to date with latest toughts on