What to do about hacked DVR? Cameras still usable?

They are only available as used or new old stock as they were made from around 2009 to 2012 or so.
 
Read about the O2 Joggler Openpeak device here ==> O2 Joggler
 
Domestically Avaya, Verizon were pushing the DECT / VOIP tabletop Kiosks.  Here purchased new old stock of these devices with one DECT phone. 
 
verizon.jpg
 
I have only seen pictures / videos of the Openpeak tablets from various electronic shows.
 
openpeaktablet.jpg
 
Cisco was pushing an energy savings table top which monitored your electricity (meter) and thermostat via Zigbee.  (I have a few different power companies prototypes that were being tested).
 
cisco.jpg
 
You can purchase them used or new stock for between $5 and around $50 with an average price of around $35.
 
The descriptions of the devices sold typically refer to the small tablet as a Joggler and the larger table top as a VOIP / Video Kiosk.
 
Openpeak provided a sunset bios such that the devices would continue working after 2012.
 
pete_c said:
They are only available as used or new old stock as they were made from around 2009 to 2012 or so.
 
Read about the O2 Joggler Openpeak device here ==> O2 Joggler
 
Domestically Avaya, Verizon were pushing the DECT / VOIP tabletop Kiosks.  Here purchased new old stock of these devices with one DECT phone. 
 
 
 
I have only seen pictures / videos of the Openpeak tablets from various electronic shows.
 
Cisco was pushing an energy savings table top which monitored your electricity (meter) and thermostat via Zigbee.  (I have a few different power companies prototypes that were being tested).
 
attachicon.gif
cisco.jpg
 
You can purchase them used or new stock for between $5 and around $50 with an average price of around $35.
 
The descriptions of the devices sold typically refer to the small tablet as a Joggler and the larger table top as a VOIP / Video Kiosk.
 
attachicon.gif
verizon.jpg
 
Openpeak provided a sunset bios such that the devices would continue working after 2012.
Click to expand...
 
and are you able to load your own operating system and software and treat it like a windows pc?
 
and are you able to load your own operating system and software and treat it like a windows pc?
 
Yes.  I use some (16) as Homeseer 3 touchscreens (mini kiosks) with SAPI running wintel (XP, W7 and W10).
 
They run the HAI Wintel Omnitouch Pro client just fine.
 
Others are Squeeze box players (linux or wintel) and KODI devices.
 
If my security camera NVR/DVR is hacked, what can the hacker do with it other than viewing the camera? Can the hacker insert malware into my router or computers attached to it?

Thanks!
 
Pcarfan said:
If my security camera NVR/DVR is hacked, what can the hacker do with it other than viewing the camera? Can the hacker insert malware into my router or computers attached to it?

Thanks!
Click to expand...
 
Hackers can insert custom firmware that allows them full access to your entire network.  By using the hacked NVR as a gateway, they can come in through that and access all internal resources on your network.  I have a Lorex system that had the widespread vulnerability, but I've always only accessed it remotely through a VPN.  I know it is vulnerable, but it's never been open to the outside world so I don't really worry about it (although I am still going to replace it with BlueIris).
 
JonW said:
 
Hackers can insert custom firmware that allows them full access to your entire network.  By using the hacked NVR as a gateway, they can come in through that and access all internal resources on your network.  I have a Lorex system that had the widespread vulnerability, but I've always only accessed it remotely through a VPN.  I know it is vulnerable, but it's never been open to the outside world so I don't really worry about it (although I am still going to replace it with BlueIris).
Click to expand...
I've read similar things on the internet. But, are you 10p% sure this is correct. Can you do it? I have zero knowledge of such things, so I cannot discern what's fact and fiction when it comes to this. I would like first hand knowledge from people who've had this happen or those who has the knowledge and tell me they can do it.

I am also planning to do VPN. My router (Asust RT 66) can set up VPN. Setting up a VPN on the router is easy, but then to make it work with the conjunction of my devices looks tricky.
 
Pcarfan said:
I've read similar things on the internet. But, are you 10p% sure this is correct. Can you do it? I have zero knowledge of such things, so I cannot discern what's fact and fiction when it comes to this. I would like first hand knowledge from people who've had this happen or those who has the knowledge and tell me they can do it.

I am also planning to do VPN. My router (Asust RT 66) can set up VPN. Setting up a VPN on the router is easy, but then to make it work with the conjunction of my devices looks tricky.
Click to expand...
 
I have 2 cheap camera's I bought during Christmas rush in either 2014 or 2015. I made the mistake of not checking if they'd work directly with Linux (my preferred OS). So I get them and discover they really only work with a phone OS (not even a tablet). So I go about investigating what I can do with them. And after about 2 weeks I've figured out how to get them to stream, login on camera as root, completely block them from getting out to the internet and how to install and compile a new embedded Linux OS on the camera. I've got a backup of the original firmware so I can restore it but more importantly. I pretty much pwn that camera. I did this over the IP network.
 
So what could I do with it? I can spy on your network, I can use the camera as an attack vector to other devices. I can use the camera as a reflector (A goes through your camera to B and vice versa). That makes tracing difficult to anything but the camera and can tie up law enforcement for weeks scrutinizing you  Well I could use it in a DDOS attack (sold for pennies per host). Or sell it as a click generator (again pennies per host). Now a single camera can't do much but a couple of million? That's a lot of traffic. If I throttle my traffic you'll be none the wise.
 
If I can reverse engineer such things in 2 weeks, the more professional can do a lot more. Now I'm not a bad guy and I haven't given it much thought and I've come up with the above. I can come up with more but I hope I've made my point.
 
Oh, one more thing, I do have physical access to the camera, but didn't use it to hack into my cameras. If I could pwn the server they talk to (the original phone OS related software) I could hack any camera connected to the service.
 
Here went and upgraded firewall to using PFSense / IPSec VPN. 
 
I do recall helping one neighbor with 3 business offices (plus two homes) and CCTV in every location.  His main concern was access via multiple smart phones and he had upgraded his ISP routers.  I looked and saw no security / default passwords was in place.  I am guessing that the installation company was well versed in the local CCTV configuration but really had no clue relating to the internet and routers et al.
 
BTW here lost the hard drive on my PFSense firewall early Saturday morning.  The OS is mostly running in RAM and can run fine via a USB stick.  Making it now more solid state with a small 32Gb SSD (or two) as I have done with my NAS4Free box a few years back.  NAS4Free box has 16Gb of RAM, LSi controller and a 32Gb SSD boot drive.  With PFSense box utilize a UPS (USB connection) and GPS/PPS with a serial connection; rest of the stuff was easy (snort, PFBlocker, et al).
 
Biggest issue is, as Pete alluded to, exposing systems and the end user's "production" network to the outside world. No reason to put cameras on the WWW or expose them if there is an NVR on the WWW.
 
Same as the "big" issue with Teamviewer a while back....not a "hack" but the end user had silly U/P set up on their connection.
 
Yeah relating to neighbor ....it was all about the happiness and simplicity of access and the trust that no one would every look.
 
pete_c said:
Here went and upgraded firewall to using PFSense / IPSec VPN. 
 
I do recall helping one neighbor with 3 business offices (plus two homes) and CCTV in every location.  His main concern was access via multiple smart phones and he had upgraded his ISP routers.  I looked and saw no security / default passwords was in place.  I am guessing that the installation company was well versed in the local CCTV configuration but really had no clue relating to the internet and routers et al.
Click to expand...
 
Pete how do you protect from the inside out? Other than being wary of any new device. I'm going to have to build a DMZ (wireless, great another SSID et al).  I've started to look at netflows but that's not protection.
 
Sorry for your loss (slightly tongue in cheek).
 
Just want to leave this here... from 2013! The tools are much more developed today, more sophisticated, easier to use...
 
https://www.youtube.com/watch?v=B8DjTcANBx0
 
linuxha said:
I did this over the IP network.
Click to expand...
 
Well, let's not get too carried away.
 
What you did "over the IP network" was gaining root access to a Linux system most likely by guessing the root password.  After that, if one is careful, one would be able to replace Linux software with a custom one: by scp'ing a tarball for example -- that's nothing special and any Linux sysadm worth his or her salt does that on a daily basis. However, one tiny mistake would have rendered the system inaccessible due to an unavailable network interface, for example or a kernel mismatch or a thousand  other different reasons. So, without physical access to the box the likelihood of converting even a wide open Linux system to a network traffic sniffer for example is pretty minuscule.
 
My point is that a camera as an example of a Linux system is as secure as any other exposed poorly protected  Linux box -- there's nothing special about them except that the manufacturer may not have spent enough time and thought on rather trivial security issues like using a more secure password. There's no value in raising security hysteria -- media is already quite good at it. Rather, providing information about what exactly is vulnerable would server a useful purpose indeed.
 
A VPN in one's router is quite adequate and easy way  to protect a home network.
 
Pete how do you protect from the inside out?
 
Using PFSense with two WAN and 4 LAN interfaces / VPN access and managed switches (well 3 24 port switches in place today).
 
Just recently added PFBlocker (geo IP blocking) to PFSense.  PFBlocker blocks outgoing requests.
 
Read about PFBlocker here ==>  MaxMind and here ==> PFBlocker.
 
BTW PFSense is free and it'll run BSD on just about any computer Intel / AMD / ARM based CPU.
 
You must log in or register to reply here.

Similar threads

I
Network problems viewing IP cameras
Replies
7
Views
321
Ira
I
I
Raspberry Pi questions
Replies
5
Views
197
NormandyHA
NormandyHA
J
Starlink, Static IP and DDNS settings problem
Replies
6
Views
2K
pete_c
pete_c
pete_c
Securing the Smart Home Network: The Risks of the IoT
Replies
3
Views
178
sic0048
S
I
Security camera location in relation to flood lights
Replies
6
Views
431
Ira
I
Back
Top