IP Surveillance Cameras and Firmware Security
Is It Time to Ban Hikvision, Dahua, and Others?
In May 2019 the New York Times reported the Trump Administration considered a limit on Hikvision’s access to buy American technology. The IP surveillance camera maker is one of the most used brands in the world and is one of the world’s largest surveillance camera manufacturers. According to the Wall Street Journal, Hikvision is 42% owned by the Chinese government.
IP Surveillance Cameras and Your Privacy
There have been other reports, one by Bloomberg, explaining how Hikvision might be spying on you. At ReFirm Labs, our research and findings on the firmware in these cameras showed the ban is warranted.
ReFirm Labs Findings on Dahua Surveillance Cameras
We found backdoor accounts deep in the firmware of Dahua cameras which we reported about in November 2017. We contacted Dahua with our findings and their response explained the account had been removed and a new firmware was posted on their site. We couldn’t find the firmware update they referenced. Dahua finally emailed us a link to the “new” firmware image for analysis. [No, we did not click the link!]
Dahua IP Surveillance Cameras Continue to Have Firmware Vulnerabilities
On one hand, Dahua was correct. The backdoor account was no longer present. But, we did find the same backdoor account located in a different section of the firmware image. This is not good at all.
Firmware vulnerabilities are now common and they are making headlines. Finding firmware threats involve hours of analysis using tools like binwalk and a disassembler. But with the Centrifuge Platform, hours can shrink to minutes with actionable insights.
Contact ReFirm Labs About IoT Firmware Security
There is a focus on the susceptibility for IoT devices to be the gateway for hackers to access networks. Companies are finding they now have additional threat vectors they need to protect against data breaches or against theft of sensitive information. Finally, companies are acknowledging the vital importance of firmware security.
If you’re curious about your susceptibility to potential persistent firmware level attacks, let’s chat. Contact us today!
Backdoored firmware found in the supply chain of video surveillance chips from HiSilicon (a subsidiary of Huawei) allows remote access via Telnet.
A few days ago I decided to reverse engineer my router’s firmware image with binwalk. I’ve bought the TP-Link Archer C7 home router. Not one of the best, but good enough for my needs.
On February 4th, 2020 we deployed a new analyzer to the Centrifuge Platform, our automated firmware analysis platform which detects the presence of the Cable Haunt vulnerability in eCos-based firmware images.