IP Surveillance Cameras and Firmware Security
Is It Time to Ban Hikvision, Dahua, and Others?
In May 2019 the New York Times reported the Trump Administration considered a limit on Hikvision’s access to buy American technology. The IP surveillance camera maker is one of the most used brands in the world and is one of the world’s largest surveillance camera manufacturers. According to the Wall Street Journal, Hikvision is 42% owned by the Chinese government.
IP Surveillance Cameras and Your Privacy
There have been other reports, one by Bloomberg, explaining how Hikvision might be spying on you. At ReFirm Labs, our research and findings on the firmware in these cameras showed the ban is warranted.
ReFirm Labs Findings on Dahua Surveillance Cameras
We found backdoor accounts deep in the firmware of Dahua cameras which we reported about in November 2017. We contacted Dahua with our findings and their response explained the account had been removed and a new firmware was posted on their site. We couldn’t find the firmware update they referenced. Dahua finally emailed us a link to the “new” firmware image for analysis. [No, we did not click the link!]
Dahua IP Surveillance Cameras Continue to Have Firmware Vulnerabilities
On one hand, Dahua was correct. The backdoor account was no longer present. But, we did find the same backdoor account located in a different section of the firmware image. This is not good at all.
Firmware vulnerabilities are now common and they are making headlines. Finding firmware threats involve hours of analysis using tools like binwalk and a disassembler. But with the Centrifuge Platform, hours can shrink to minutes with actionable insights.
Contact ReFirm Labs About IoT Firmware Security
There is a focus on the susceptibility for IoT devices to be the gateway for hackers to access networks. Companies are finding they now have additional threat vectors they need to protect against data breaches or against theft of sensitive information. Finally, companies are acknowledging the vital importance of firmware security.
If you’re curious about your susceptibility to potential persistent firmware level attacks, let’s chat. Contact us today!
Part 4 of our series on firmware security analysis focuses on how to exploit the vulnerability Evan discovered in his analysis of the camera firmware.
Source code analysis produces a large amount of “false positive” results, which is one of the biggest complaints we hear against source code analyzers.
In part two of our firmware analysis, we discovered a potential overflow in the administration server, alphapd. It appears if you send a long string in the WEPEncryption field to wireless.htm, it can cause a buffer overflow.