[kwlug-disc] home security cameras
Khalid Baheyeldin
kb at 2bits.com
Wed Aug 10 20:14:38 EDT 2022
On Wed, Aug 10, 2022 at 5:15 PM Mark Steffen <mark at steffen.ca> wrote:
> I’m sure there have been vulnerabilities but if you are part of the DOD
> supply chain you are banned from using Hikvision cameras and others
> containing certain chipsets. Seems like most people are moving to Verkada
> (which has had it’s own non-security related scandals, lol).
>
Hikvision had a vulnerability where the camera is vulnerable to remote
hijacking.
https://www.forbes.com/sites/leemathews/2021/09/22/widely-used-hikvision-security-cameras-vulnerable-to-remote-hijacking/
https://ipvm.com/reports/hikvision-36260
And that flaw was patched
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/
And it is not relevant in this case, since the cameras do not have their
own internet accessible IP address.
They are isolated because there is an NVR that terminates them.
And now that I think about it, the Lorex cameras are Dahua OEM, not
Hikvision.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20220810/78038312/attachment.htm>
More information about the kwlug-disc
mailing list