HOW serious is the malware issue in Hikvision Recorders

As a seller and reseller of Security equipment, I'm wondering how serious the new malware issue in the Hikvision recorders is? Can there be any serious repercussions such as wrongful practice lawsuits?

This seems like a very large and intentional breach of security. I'd like to know anyone's thoughts on the issue.

Thanks,

Chuck

Maybe I missed something, can you share a link that would give me more information on this issue?

I just heard something about this too. There is some backdoor access built into the DVR/NVRs and maybe the cameras. I am trying to get more info on this.

If the US government can force CISCO and others to give them backdoor access there is NO doubt in my mind that China has done the same thing.

I've seen articles on IPVM.com And infosec + some other areas around this forum.

I think this is the foremost leading article on the subject.

https://isc.sans.edu/diary/More+Device+Malware%3A+This+is+why+your+DVR+attacked+my+Synology+Disk+Station+%28and+now+with+Bitcoin+Miner%21%29/17879

I just did a quick scan at IPVM, and did not see it... I will go look harder.

As a seller and reseller of Security equipment, I'm wondering how serious the new malware issue in the Hikvision recorders is? Can there be any serious repercussions such as wrongful practice lawsuits?

 

This seems like a very large and intentional breach of security. I'd like to know anyone's thoughts on the issue.

viewtopic.php?f=3&t=40308

I do not see it as anything serious. If you have the telnet port open to the world, and leave the admin password as default 12345, well... I think it is the owner's fault, not Hikvision's.

The problem with devices and security holes is that they allow would-be hackers an entry point to the network, which has a number of other (likely sensitive) devices hooked up.

This is an interesting article about how hackers are using connected devices with security holes to get access to other things on the network (the article below talks about the target breach, and claims that the entry point was through the heating and air conditioning systems for the building).

http://www.nytimes.com/2014/04/08/technology/the-spy-in-the-soda-machine.html?_r=0

I'd be more concerned about someone getting into the box (which is likely a linux server), and then pivoting off of the DVR to do something much more serious than viewing live feeds from the camera system. If the device isn't in a DMZ on the network separated from everything else, it probably opens up holes to the network...

Here is the link to the IPVM article i mentioned earlier:

http://ipvm.com/forums/forums/video-surveillance/topics/security-researcher-finds-malware-on-hikvision-dvrs

you need to have an account with them to read it, i believe.