IP Surveillance Cameras and Firmware Security
Is It Time to Ban Hikvision, Dahua, and Others?
In May 2019 the New York Times reported the Trump Administration considered a limit on Hikvision’s access to buy American technology. The IP surveillance camera maker is one of the most used brands in the world and is one of the world’s largest surveillance camera manufacturers. According to the Wall Street Journal, Hikvision is 42% owned by the Chinese government.
IP Surveillance Cameras and Your Privacy
There have been other reports, one by Bloomberg, explaining how Hikvision might be spying on you. At ReFirm Labs, our research and findings on the firmware in these cameras showed the ban is warranted.
ReFirm Labs Findings on Dahua Surveillance Cameras
We found backdoor accounts deep in the firmware of Dahua cameras which we reported about in November 2017. We contacted Dahua with our findings and their response explained the account had been removed and a new firmware was posted on their site. We couldn’t find the firmware update they referenced. Dahua finally emailed us a link to the “new” firmware image for analysis. [No, we did not click the link!]
Dahua IP Surveillance Cameras Continue to Have Firmware Vulnerabilities
On one hand, Dahua was correct. The backdoor account was no longer present. But, we did find the same backdoor account located in a different section of the firmware image. This is not good at all.
Firmware vulnerabilities are now common and they are making headlines. Finding firmware threats involve hours of analysis using tools like binwalk and a disassembler. But with the Centrifuge Platform, hours can shrink to minutes with actionable insights.
Contact ReFirm Labs About IoT Firmware Security
There is a focus on the susceptibility for IoT devices to be the gateway for hackers to access networks. Companies are finding they now have additional threat vectors they need to protect against data breaches or against theft of sensitive information. Finally, companies are acknowledging the vital importance of firmware security.
If you’re curious about your susceptibility to potential persistent firmware level attacks, let’s chat. Contact us today!
One of our favorite new capabilities in the Centrifuge Spring ‘20 release is Firmware Differencing. This is how to compare two binary files quickly and efficiently for Linux, QNX, and VxWorks. But that’s not all it compares!
With all of these certification standards and compliance regulations, conducting product cyber-security assessments quickly becomes very complicated and expensive. Here’s how to save time and money.
GHIDRA may be the preferred tool of choice for analyzing RTOS firmware images. We will demonstrate identification of a published vulnerability as a case study.