Do We Need to Watch the Eyes Watching Us?

by | May 23, 2019

On May 21, 2019 the New York Times reported that the Trump Administration is considering a limit on Hikvision’s ability to buy American technology. Hikvision is one of the world’s largest surveillance camera manufacturers and is 42% owned by the Chinese government.

And on May 22, 2019, Bloomberg reported on how Hikvision might be spying on you.

Based on our research and findings on the firmware in these Chinese surveillance camera manufacturers, Dahua in particular, we believe the ban is warranted.

We have found malicious backdoor accounts embedded in the firmware of Dahua cameras, which we reported on back in November of 2017. We confronted Dahua with our findings. Their response was that the account had been removed and a new firmware was posted on their site. We could not easily find the firmware image they referenced. Dahua eventually emailed us a link to the “new” firmware image for analysis. [No, we did not click the link!]

On one hand, Dahua was correct. The account was removed. But on the other hand, we did find the same account located in a different section of the firmware image.

Attack vectors at the firmware level are becoming more common place and high profile. Embedding oneself deep within the firmware typically allowed a certain level of persistent access. Finding these persistent firmware threats involved many hours of manual analysis with tools like binwalk and a disassembler. But now with tools like the Centrifuge Platform, hours can shrink to minutes with actionable insights.

If you’re curious about your susceptibility to potential persistent firmware level attacks in your cameras, IoT devices, or perhaps components from your supply chain, let’s chat. Contact us today.

Recent Posts
Deep Dive into Binary Firmware Analysis

Deep Dive into Binary Firmware Analysis

The Centrifuge Platform is capable of analyzing binary firmware for previously unknown vulnerabilities and providing detailed reports of great use to developers and vulnerability researchers alike. This document details the interpretation of these code analysis...

The Current State of IoT Security Sucks: Blame the Manufacturers

The Current State of IoT Security Sucks: Blame the Manufacturers

The Current State of IoT Security Sucks: Blame the Manufacturers A recent 2019 Cyber Threat Report by SonicWall illustrates the alarming volume of IoT attacks that occur year-over-year. In my opinion, you can blame the manufacturers – and here’s why. Source: SonicWall...

Risk Management: Do You Need Cybersecurity Insurance?

Risk Management: Do You Need Cybersecurity Insurance?

Risk Management: Do You Need Cybersecurity Insurance? ReFirm Labs co-founder, Terry Dunlap, shares his thoughts with American Express on cybersecurity insurance, who needs it, and why. “The attacker's going to go after the low-hanging fruit, and unfortunately that's...