Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HACKED appears on live cameras


  • Please log in to reply
5 replies to this topic

#1 mattcctv

mattcctv

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 21 October 2017 - 03:34 AM

y CCTV has been HACKED

Basically I noticed that my external viewing stopped working and found that I had been hacked.

All cameras colour/contrast settings set so that showing black instead of camera picture (although camera still working if reset contrast etc..

Each camera name changed to ‘HACKED’
IMG_5033-1.jpg

Network settings changed


PPPoE username and password changed
IMG_5030-1.jpg

So I googled and read that it could be down to default passwords or backdoor through the actual cams.

I reset all of the passwords, changed my network settings back, renamed the cameras back and exposed to internet again to see if it happened again as there are risks with updating firmware I might brick the cameras.

All was ok for a few days and then I was HACKED again in exactly the same way except that the cameras were mostly renamed to HACKED but one ws named Upgrade and one named firmware.

It was almost as if someone was telling me that they had hacked me and that I needed to update my firmware.

Therefore, I am now going to update firmware on cameras and DVR, reset passwords and look at my port forwarding and avoid defaults and unnecessary port forwarding rule

My Setup:
Cameras wired connections to iappollo DVR
DVR wired connection to network bridge
Bridge wireless connection to Router

Setup:
Max Connection 128
HTTP: 80
TCP: 37777
UDP: 37778
HTTPS: 443
RTSP 554

Router setup with dynamic DNS
Router port forwarding setup for Ports above.

But I have gaps in my understanding of the network settings on the dvr ports etc and have some questions.....

1. Maximum Connection 128 – is this maximum concurrent users? If so If I want to allow a maximum of 2 external concurrently would I set to 2 or do I need it higher because my router is connected and cameras are connected etc.?

2. HTTP port 80. I assume that this is to allow me to externally connect to the DVR via an internet browser? If that is the case and I only want to be able to connect via mobile phone and the mobile phone app only uses 37777, am I right in assuming that if I turn off port forwarding for port 80 on the router I can still connect via 37777 via TCP on mobile app?

3. TCP 37777, assume I need this one but should I change the number as bots likely to scan this port more often than some obscure port number? If yes Any port numbers I can not use or should use?

4. UDP 37778 – for same reason as in 2 (I only use mobile app using TCP 37777) can I get rid of port forward rule for 377778?

5. HTTPS 443 – for same reason as in 2 (I only use mobile app using TCP 37777) can I get rid of port forward rule for 443?

6. RTSP 554 - for same reason as in 2 (I only use mobile app using TCP 37777) can I get rid of port forward rule for 554?

A lot of questions but any answers will help my understanding a great deal and any other useful info would be much appreciated.

Thanks


Edited by mattcctv, 21 October 2017 - 08:56 AM.


BC AdBot (Login to Remove)

 


#2 mattcctv

mattcctv
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 21 October 2017 - 06:31 AM

I have looked at the logs and this is the first time I was hacked. The day before some IP in Russia logged in and out and then the next day was hacked by IP address in Argentina

 

IMG_5088.jpg
IMG_5089.jpg
IMG_5090.jpgIMG_5091.jpg
 
 
 
Then hacked again IP address in Ukraine. This time changing names of cameras with message to update firmware - friendly hacker?
IMG_5071.jpg
 
IMG_5093.jpg
IMG_5091.jpgIMG_5094.jpgIMG_5095.jpg


#3 toofarnorth

toofarnorth

  • Members
  • 367 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 PM

Posted 21 October 2017 - 06:49 AM

They will be hacked again.

I would lock them down behind a VPN. So in order to access them you would need to connect to it first.
No access to the VPN credentials, no access to the cameras either

Hth!

 

tfn



#4 mattcctv

mattcctv
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 21 October 2017 - 09:04 AM

Cheers toofarnorth much appreciated - is this easy to do?

 

Any links to any idiot guide on how to set this up

 

Thanks



#5 toofarnorth

toofarnorth

  • Members
  • 367 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 PM

Posted 22 October 2017 - 01:01 PM

Hello again :)

It would depend on the equipment that is used onsite.

How are things hooked up?

tfn



#6 Kilroy

Kilroy

  • BC Advisor
  • 3,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:10:42 AM

Posted 23 October 2017 - 10:50 AM

I would recommend updating the firmware (if possible).  Unfortunately there are many Internet of Things (IoT) devices that have little to no security built in.  Some of them can be secured with a firmware or software update, others must be replaced with a more secure product.

 

Do you truly need to connect to these off site?

 

Sounds like the work of a grey hat as they are making the cameras useless for remote viewing and letting you know there is a problem.

 

You might also want to do a web search of the  camera make and model and see what security problems have been made public and what/if the resolution is.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users