security concern [ANSWERED]
-
Hi,
At this stage i am looking for advice, it seems i cant contact Monocle directly so this is getting posted in the forum instead.
Over the weekend i had to factory reset my Hikvision camera and upgrade the firmware. I’m ‘assuming’ it got hacked. I definitely know the admin password, which was no longer working, and when i looked in my deco AV log i saw this:
Attack from 185.103.96.135 Classification: WEB Hikvision IP Camera access bypass - 1.1 (CVE-2017-7921)
The entry appeared 3 times (against different ips’) prior to me loosing access.
So following the CVE, i factory reset the camera and upgraded the firmware but i’m concerned how this could happen? How has somebody even got to the camera to elevate perms/ gain admin access? …assuming this is whats happened. To my knowledge it sits on the LAN and is not internet facing. Plus i’ve had this camera for 3 years, it seems 2 of which the vulnerability has existed. The only 2 things that have recently changed is, 1) me creating a monocle account and adding feeds to it in an attempt to get it working with Alexa, and 2) i bought a tplink deco mesh (for home wifi) .
I have also started an email chat with them to run this issue past them.
I did a shields up test and it came back as port 80 was open, everything else shut. It appears i cant do anything about that though as its a ‘feature’ of virgins super hub 3. i.E. you cant turn it off.
I just want to be sure of a few things, that 1) my home network is secure and 2) monocle is safe to use. Hopefully there are some knowledgeable people on here from a security aspect, that can help with that. -
i’ve been doing some further reading -
https://ipvm.com/reports/hik-upnp
going to check the upnp settings when at home. Perhaps if this camera was hacked, the backdoor vulnerability was there due to firmware versions but also upnp settings allowed the external access.
EDIT: upnp is on but i guess it needs to be for the alexa to work?? Hopefully the updated firmware will prevent the backdoor occurring again.
-
Yes, usually its easier (if you are familiar with networking) to disable Upnp in your router, You would then have to manually “open ports” that you need open… I always suggest turning off upnp otherwise it will allow any bad hardware or software to open your router up to bad guys. Monocle keeps your cameras within your own network. I personally have all of my cameras on their own network (vlan) that do not have access to the internet, The monocle gateway is tied to that network and my regular network so that my amazon stuff can view cameras. Yet the cameras cant talk out to the internet, and the internet can not get to them. Upnp is not needed for alexa to work.
-
I realize this response is WAY late … but …
I personally (definitely/deliberably) disable UPNP and any P2P (peer) networking options that many cameras seem to come enabled with today.
You can even go as far as to isolate the cameras to a separate VLAN and tightly limit inbound and outbound access. Of course this is more complex than most home users will undertake. I keep my cameras on a separate VLAN that has no inbound or outbound access to the Internet. I have Monocle Gateway on the same network as my Alexa devices as it requires that the Alexa devices can establish connections to it. The Monocle Gateway does require outbound access to the Internet (to reach Monocle servers) but no inbound access. The Monocle Gateway also must be able to access the cameras on the aforementioned camera VLAN.
EDIT: upnp is on but i guess it needs to be for the alexa to work??
No, as @pir8radio suggested, UPNP is not needed for Monocle / Alexa.
Thanks, Robert
