What to do about hacked DVR? Cameras still usable?

Well, yesterday's internet outage (primarily on east coast of US) got me to pay attention to stories about hacked DVRs and security sytems, as these are apparently a big culprit in these attacks. I tried logging into my el cheapo Swann DVR (which I must admit has worked well for about a year or two) and sure enough, it was down and remained so this morning although the DVR iself is working (can see cameras on attached monitor). I discovered a few weeks ago that there is no firmware update available for my system, and while I can change the pw and have done so, the login name is hard coded. And, apparently the same Chinese company makes the firmware for most of these systems regardless of brand. So, I want to ditch this poorly designed DVR and replace it. But if possible, I would like to retain the Swann cameras I already have installed. I suspect there are many others on the forum in a similar situation, so I figured it was time to start a thread to solicit info and ideas.

In my case, I have a Swann 16-channel analog DVR (BNC connectors) with 10 Swann cameras connected to it. I think it's 720p, which is fine for my purposes. I primarily use it just to see if contractors are still on the job when we have them working on something, and for general peace of mind when we're traveling. But I don't really want to replace all 10 cameras, especially with expensive commercial or IP models. And while it might be nice to tie things into my eKeypad or Mobilinc apps, it's not a big deal if I can't - a separate app is fine. I really just need to replace the DVR with something that doesn't have these security flaws, costs no more than a few hundred bucks, AND that will work with my Swann cameras. I don't want to use a PC if possible. There is a Synology NAS always running here, but that seems designed for IP cameras and I think it requires a subscription for the cameras app, which I want to avoid.

So.... any ideas? Thanks in advance for input.

Really... your best form of defense would be to use a VPN or SSH tunnel to access the cameras and any other devices, such as your M1G. Perhaps see what is available to run on your Synology.
 
I use OpenVPN with encrypted certificates and a username/password combo and I set that up for other locations as well. Hell... even my encrypted certificates are in an encrypted container on my work and personal laptops!

Does the dvr keep a log? If it does you can look at it occasionally to see if there has been any unusual traffic instead of replacing it.
 
How do you currently access the cameras and dvr remotely? Do you use a Swann software or app that came with the unit? If that's the case and you don't think that the software is secure then you could run a pc in your home that accesses the dvr and then remote into that pc with vpn or other more secure means as video321 suggested. That way your dvr is accessed locally by the pc and is not exposed to the WAN and it is your pc that has an open port to the WAN.
 
Mike.

I have a few Foscam ip cams in the house that are exposed to the net and I checked the logs in the past few days and there was nothing unusual.
 
I wonder are TV set -top-boxes vulnerable to this ddos virus? How about the gateways that our ISP's have installed? I have looked at the log on my gateway and learned that I don't know how to read it. I didn't understand a thing.
 
Mike.

Madcodger
 
What makes you suspect that your dvr has  been hacked? This DDOS virus is usually invisible to the user and has no apparent affect on the dvr. It wouldn't normally cause you to not be able to log into or access the unit. You may have some other problem.
 
Mike.
 
EDIT
 
If you were trying to access your cameras remotely when you had the problem it could be that your Domain Name Server had been down due to the virus and not a problem with your equipment.

Hi and thanks for the replies. Perhaps I should clarify and rephrase...

I don't KNOW that my DVR has been hacked, but it has firmware that is a few years old and no ability to change the login ID (hardcoded) OR to update the firmware (nothing released from Swann). There is also no ability to change the port number, and the pw does not allow for some characters, so that makes it easier to guess (using software). Like so many of these DVRs, it was just never designed with the level of security one would want.

So let me rephrase my questions:

Does anyone know if I could "hide" the existing DVR by telling the router to ignore external port 9000 requests, and then internally mapping port 9000 to some other port number, which I would expose externally? If so, any suggestions for software and mobile app to connect to it, thus avoiding Swann's software?

Will other (more secure) DVRs work with these Swann cameras?

Anyone ever hear of third party firmware for these boxes, similar to third party software for routers?

Generally, the embedded hardware, or at least the commercially available stuff runs linux or some boiled down version of it. If that is the case, you'd need to reverse engineer what the hardware is actually capable of within the box. Generally an exercise in futility, especially on low end consumer items.
 
Port redirect is easy enough depending on your hardware, but VPN is going to be the option to go rather than use the software. User/pass and no certificates are going to be the issue when you expose to the outside world.
 
Keep in mind, Swann is not the manufacturer. They buy the hardware and rebrand it.

Here have switched over to using VPN for remote access.
 
CCTV stuff has always been ZM (analog and today IP).
 
You mention the connections are via BNC.  That tells me that they are analog.
 
I am using Axis servers for some cameras here.  Sold a few spares here on CT a couple of years ago.
 
They are built well and last forever and used ones are reasonably priced these days.
 
You could switch over to an Axis server and use a software based NVR with it.
 
Tested a tabletop touchscreen / VPN while on a weekend excursion last year at a hotel.  Worked great.
 
Many years ago used a tiny Panasonic PT camera for work project monitoring.  Have an old Pansonic PT installed today aimed at the utility section of the basement  - furnace, hotwater heater, sump pumps, etc. 

I hope that this isn't too far off topic. I found an interesting article about the ongoing ddos attack which makes me want to stay away from Chinese IP cams.
 
https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/
 
Mike

pete_c said:

Here have switched over to using VPN for remote access.
 
CCTV stuff has always been ZM (analog and today IP).
 
You mention the connections are via BNC.  That tells me that they are analog.
 
I am using Axis servers for some cameras here.  Sold a few spares here on CT a couple of years ago.
 
They are built well and last forever and used ones are reasonably priced these days.
 
You could switch over to an Axis server and use a software based NVR with it.
 
Tested a tabletop touchscreen / VPN while on a weekend excursion last year at a hotel.  Worked great.
 
Many years ago used a tiny Panasonic PT camera for work project monitoring.  Have an old Pansonic PT installed today aimed at the utility section of the basement  - furnace, hotwater heater, sump pumps, etc. 

Click to expand...

Actually, you don't even need to buy any hardware if you stay with Axis. Just a camera license and a compatible COTS.

@Madcodger
 
BTW did want to mention this but running some 16 Home Seer Touch screens running embedded Wintel on the tabletop touchscreens.  They do fine for CCTV stuff integration or proprietary wintel client viewing. 
 
Last year took a tabletop touchscreen to a weekend thing at a hotel.  Connected the home tabletop via a VPN tunnel to the mothership using wireless and it worked just fine with access to my internal network devices.   The VPN test was to see how the IPSEC VPN client worked via the hotel wireless and my LTE cellular connection.    Firewall is PFSense which has options for OpenVPN, IPSec VPN et al.  It is a much simpler and efficient set up than just a few  years back.  It has been many many years now that I have used only VPN to access my internal network.  IE: about 8 years ago worked in the UK for a few weeks and at night would play around with Homeseer via a VPN tunnel testing this or that stuff.

Sounds like I need to better understand VPNs. Will bone up over next week. Did find I can change the port on DVR, but login and pw are very limited. No more Swanns, Lorex, etc. in my future. Thanks for the replies and info.

pete_c said:

@Madcodger
 
BTW did want to mention this but running some 16 Home Seer Touch screens running embedded Wintel on the tabletop touchscreens.  They do fine for CCTV stuff integration or proprietary wintel client viewing. 

Click to expand...

Pete
 
What do you use as a Windows touchscreen? Is it Microsoft surface?
 
Mike.

My base today are modded OpenPeak tablet tops.  Hardware modded today with a new bios, SSD, RTC.
 
I have purchased every model that was ever released by Openpeak.  Parts are interchangable.
 
They run Linux Ubuntu, Windows embedded XP and W7 flavors and W10 thinned out.  These devices also have built in DECT and Zigbee. They run Squeezebox clients, Homeseer Touch, ZMNinja, KODI, et al.  They were made ahead of their time originally using an EFI boot and flash OS, Intel dual threaded Atom and motherboard.  The OpenPeak company had also started showing tablet prototypes before they quite making these. 
 

 
Mostly used for telco VOIP internet kiosks in Hotels and homes and Zigbee energy monitor beta testing for large Utility companies in the US.  The Avaya Openpeak VOIP kiosks are still being utilized in many 5 star hotels internationally.
 

 
Built in WLAN (and Bluetooth) plus Gb NIC.  I have them connected in POE mode (16 of them) and a few in wireless mode. 
 
There is also the chipset and traces for SIM sockets on the motherboard.
 
The testing involved just setting one of these on a hotel nightstand and connecting it to the home network via a VPN client; worked well.
 
I have been playing with these mostly hardware wise now for a few years.
 

 
The larger Openpeak device has speakers in the front and is wall hangable.  The larger one also has a built in miniPCie Card slot plus rest of the stuff mentioned above.
 

 
Newest hardware testing has been using a Baytrail mini PC connected to a 17" multitouch screen running W10.
 
The mini pc is velcroed to the back of the monitor and I am using a Kinect / Alexa software on it for TTS/VR and motion sensing automation.
 
A close by not soup equivalent today is the PipoX9 (~100 USD) except it is not really that nice looking (ugly looking) and I wouldn't stick it on a night stand.  (IE: use Openpeaks today on the nightstand).  This runs a dual boot W10 / Android and you can install Ubuntu 16.04 on it.
 

Pete - where do you buy Openpeak tablets? Nothing came up with a Google search.
 
Mike.