AVTECH DVR Vulnerability (Severity: High)
Updates 20 March 2017 , 3:40pm
AVTECH had just release firmware patches for their newer IP Cameras, NVR and TVI-DVR models.
Firmware Fix Issued for Malware Targets
AVTECH is aware of the recent cyber attack news that hackers have been doing with several of our main competitors. To bring up the security level for AVTECH customers and to prevent exposing to any potential risk, AVTECH strongly recommends customers to change the default passwords before having their devices to be set online.
At the same time, AVTECH has issued new firmware updates for our recorders (DVRs & NVRs) and IP cameras to prevent possibility for the hackers to make attempts to your devices.
The firmware fix is now available on AVTECH official website, www.avtech.com.tw, for the following models which are determined as the affected ones:
For Older DVR Models, we are also rolling out replacement programme for customer to upgrade their DVR to brands that Singapore Police/Cisco are using.
Updates 20 March 2017
http://news.thewindowsclub.com/new-linux-malware-attacks-avtech-iot-devices-88739/
A new malware that targets Linux-based Internet of Things (IoT) devices has been detected by Search-Lab, a Security research and development firm. This Linux ARM malware called as ELF_IMEIJ.A exploits a vulnerability in devices from AVTech, a surveillance technology company.
As an AVTech user, you can do the following to protect your device,
- Change the default admin password (All our Devices are installed with the default password changed)
- Never expose the web interface of any Avtech device to the internet (Disable Remote Viewing through Internet)
Vulnerabilities on AVTECH CCTV equipment had been found.
Symantec had also issued an update on Norton Security Suites to block certain functionality of the DVR from computers trying to access the system. If you face issues logging to your AVTECH system from the internet, that could also be a possible reason.
LAKSON had stop using AVTECH Equipment with internet viewing since 2015 for installation work and and switched to other brands. These includes brands which is used by Singapore Police/Cisco and is installed in various high security installation such as SMRT, Esplanade, etc.
For customers on maintenance contract, actions had been taken to secure their equipment from unauthorised access. This include replacing their AVTECH equipment with other brand/models. From our records, there’s no longer any customers who have AVTECH equipment installed by us which is under warranty as well.
If you are using AVTECH CCTV equipment, please contact your vendor to ask about security update patches/replacement options.
You may also wish to purchase replacement equipment for your AVTECH CCTV System. Click here to see more options.
Reference :- https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=29982
For more information, you can also read up on this.
https://www.exploit-db.com/exploits/40500/
Timeline
2015.10.19: First attempt to contact with Avtech, but we did not receive
any response
2016.05.24: Second attempt to contact Avtech without any response
2016.05.27: Third attempt to contact Avtech by sending e-mail to public
Avtech e-mail addresses. We did not receive any response.
2016.xx.xx: Full disclosurePOC
—
POC script is available to demonstrate the following problems [3]:
– Unauthenticated information leakage (capabilities)
– Authentication bypass (.cab, nobody)
– Unauthenticated SSRF on DVR devices
– Unauthenticated command injection on DVR devices
– Login captcha bypass with login=quick or manual cookie creation
– CloudSetup.cgi command injection after authentication
– adcommand.cgi command injection after authenticationA video demonstration is also available [1], which presents some of the
above problems.Recommendations
—————
Unfortunately there is no solution available for these vulnerabilities
at the moment. You can take the following steps to protect your device:
– Change the default admin password
– Never expose the web interface of any Avtech device to the internet
HiDDNS (Hikvision DDNS) Not Working – 2017-02-22
HiDDNS/Hikvision DDNS/www.hik-online.com Problem
Currently at 22 Feb 2017 3.20pm ,
The system is currently back online.
We’ll continue to monitor it.
Currently at 22 Feb 2017 3.20pm ,
Free DDNS Services provided by Hikvision is not working.
If you have problem connecting remotely to your CCTV system, here are some temporary workaround.
Use Direct IP Connection
- Get someone where the system is installed to visit http://checkip.dyndns.com.
- Take note of the IP displayed.
- Change your Settings on your application to use the direct IP instead.
Here’s how to do it on your mobile app (iVMS-4500)
The CCTV system is still working and recording.
For customers on Dynamic IP plan from your ISP (Starhub/Singnet/M1), you are using the HiDDNS from HIKVISION to keep track of your current ip address.
As the HiDDNS Server is not working, you are unable to connect to your current IP from internet and therefore cannot connect to your CCTV System.
If you would like to reduce reliance on free manufacturer’s DDNS, you can consider the following
- Switch your internet plan to a Static IP Plan. Your IP will not change, and you can always use the IP to connect.
- Subscribe to alternative DDNS Services such as Dyndns.com or NoIP.com. These paid services have a higher SLA than free services provided by the manufacturer.
Manufacturer had already been notified. We’ll keep you updated.
CCTV Analytics for your Existing CCTV System
As a business owner, have you ever wonder about these ?
- How many people visited my store today ?
- Which is the busiest time of the day for my store ?
- Where should i place more profitable product in my store to ensure more customers saw them ?
- Do I have enough counter staffs to minimize waiting time for my customers ?
- Am I missing customers by opening my store too late ?
Answer these questions and many more utilising your existing CCTV System for free !
Using our proprietary techniques , we are able to add analytics features to your existing CCTV systems to answer those questions that you had been wondering about your store.
Make use of Data Analytics to improve on the productivity and efficiency of your businesses to increase profits while reducing cost.
System is under Beta Testing now and we are collecting insights into the business that most business owners doesn’t realised until the they saw the analytics reports.
Some details examples are :-
People Counting – Analyse traffic flow into your stores at different days/time periods. Know when to deploy your staffs to minimise staffing cost.
Movement Activities :- Analyse amount of activities in various part of the store. You may wish to place items you want to promote in those areas.
Queue Threshold Counting :- Analyse period of the day where the queue of your store hit a certain threshold. You might want to consider opening up additional counters during those period.
Works are in progress to enable regular comparison reports to be compile across different outlets for comparison. Analyse why certain high traffic stores have lower revenues.
These are current/future reports that we are working on as well.
Without concrete data, business owners are not able to make factual decision on their business.
Our proprietary technique allow customers to make use of their existing equipment to captured these data without having to purchase or install additional equipment to do so.
Currently, the system is undergoing trial so all interested participant will get at least a 1 Year Free Subscription to the system.
If you find that the data captured are useful to your business operation, we have also have equipment to profile and analyse customers with more accuracy. These including returning customers, walk by customers, time customer spent in the stores, etc.
Contact us if you are interested in the trial.