A sudden change in camera’s display shocks people watching the live feed.
A loophole in the public live stream of these cameras was found, and a sudden change has happened. All the cameras now display the text ‘HACKED’ and there is no image at all, just a blank black screen. Luckily, not all the cameras are affected, just some of them, so Hikvision is now studying the possible loopholes in other cameras and trying to fix the problem in the hacked ones.
The possible leaks were mentioned earlier this year, in May to be precise. The Department of Homeland Security has said that there are a lot of remotely exploitable vulnerabilities which may be used by anybody with some knowledge of the subject to turn these security cameras into anything the cybercriminal wants.
It is reported that these exploitable vulnerabilities are of low-level, but the attacker could gain high-level access and privileges, or possibly steal confidential and sensitive information from the servers.
This year, on September 12th, a white hat researcher with the nickname Monte Crypto has bypassed these cameras, exploited the vulnerabilities and warned the user of this loophole. You can find his research here. It is mentioned that this exploit is trivial, as he mailed to the company.
Still today, this is just one of the hundreds and hundreds of exploitable devices around the world, and everybody should work in creating these devices more secure and stable, avoiding these possible loopholes (backdoors). Monte Crypto noted that this vulnerability is known since 2014, but nobody noticed it in the Hikvision devices.
This threat also appeared on Reddit, as the user ‘wolfblitzer69’ posted this image of hacked Hikvision cameras.
Hikvision is now being thoroughly researched for any additional security flaws, so these hacks can be prevented in the future. The consequences can be really severe. There are different negative repercussions of the personal installed camera with a backdoor.
That means that an attacker can get himself administrator access to the camera and use any data on camera server to exploit them in the future. Weak passwords are a no. 1 issue today in the world of cybersecurity and you should be warned.
Implementation of network access via IP address, allowing just specific IP address the communication with the server may be the solution, but the Hikvision company has already implemented the UPNP system, which gets streamed on the internet immediately.
Also, Hikvision has launched various different updates for their software, in hopes of preventing this kind of hack on other devices. You can check them Hikvision backdoor exploit in the following video: