Our ProActive System monitor hundreds of different brand/models of CCTV Equipment daily to monitor their operating status.
During the past 2 weeks, we are gradually alerted to multiple remote viewing failure on multiple CCTV system under our ProActive Monitoring system.
These failure happens with different customers on different ISP.
ProActive System is able to analyse the failure captured and it isolate the failure to a single brand, AVTECH.
The AVTECH systems detected as having issues are multiple systems installed over the course of last 6 years, different model, different firmware with different installation date. Systems are installed on multiple different sites with different network setup, internet router, ISP.
With these information captured, our engineers are able to determine the issues down to security flaws present in the AVTECH Firmware are being exploited. Checks with TrendMicro isolate the issues caused to the malware ELF_IMEIJ, which are specifically targeting AVTECH surveillance equipment.
As such, we are able to send out an high priority email alerts to all customers on mailing list advising them on steps to take to prevent their system from being infected, guides to removal of the infected firmware and also how to prevent further attacks. Alternatively are also presented to customers whose equipment which the manufacture no longer release firmware patches for.
During the initial internal testing of our proprietary ProActive Monitoring Data Analytic system in 2015, it had already identify the weakness of AVTECH and see the potential attacked that could happens. With that knowledge we had ceased to use AVTECH equipment in our installation project since 2015 and had by 2016 migrate all our maintenance and subscription customers to using other brands. This prove to be a decision well made with the aid of our ProActive Monitoring system when malware ELF_IMEIJ infected thousands of AVTECH equipment and prevented our customers who kept their system updated from having their AVTECH CCTV system turn into botnets.
Register for Trial if you are interested to get your system on board. It’s free.
We’ll soon be adding in Analytic Features to enable you to monitor your customers flow through your stores using your existing equipment for free !
Updates 20 March 2017 , 3:40pm
AVTECH had just release firmware patches for their newer IP Cameras, NVR and TVI-DVR models.
Firmware Fix Issued for Malware Targets
AVTECH is aware of the recent cyber attack news that hackers have been doing with several of our main competitors. To bring up the security level for AVTECH customers and to prevent exposing to any potential risk, AVTECH strongly recommends customers to change the default passwords before having their devices to be set online.
At the same time, AVTECH has issued new firmware updates for our recorders (DVRs & NVRs) and IP cameras to prevent possibility for the hackers to make attempts to your devices.
The firmware fix is now available on AVTECH official website, www.avtech.com.tw, for the following models which are determined as the affected ones:
For Older DVR Models, we are also rolling out replacement programme for customer to upgrade their DVR to brands that Singapore Police/Cisco are using.
Updates 20 March 2017
A new malware that targets Linux-based Internet of Things (IoT) devices has been detected by Search-Lab, a Security research and development firm. This Linux ARM malware called as ELF_IMEIJ.A exploits a vulnerability in devices from AVTech, a surveillance technology company.
As an AVTech user, you can do the following to protect your device,
- Change the default admin password (All our Devices are installed with the default password changed)
- Never expose the web interface of any Avtech device to the internet (Disable Remote Viewing through Internet)
Vulnerabilities on AVTECH CCTV equipment had been found.
Symantec had also issued an update on Norton Security Suites to block certain functionality of the DVR from computers trying to access the system. If you face issues logging to your AVTECH system from the internet, that could also be a possible reason.
LAKSON had stop using AVTECH Equipment with internet viewing since 2015 for installation work and and switched to other brands. These includes brands which is used by Singapore Police/Cisco and is installed in various high security installation such as SMRT, Esplanade, etc.
For customers on maintenance contract, actions had been taken to secure their equipment from unauthorised access. This include replacing their AVTECH equipment with other brand/models. From our records, there’s no longer any customers who have AVTECH equipment installed by us which is under warranty as well.
If you are using AVTECH CCTV equipment, please contact your vendor to ask about security update patches/replacement options.
You may also wish to purchase replacement equipment for your AVTECH CCTV System. Click here to see more options.
For more information, you can also read up on this.
2015.10.19: First attempt to contact with Avtech, but we did not receive
2016.05.24: Second attempt to contact Avtech without any response
2016.05.27: Third attempt to contact Avtech by sending e-mail to public
Avtech e-mail addresses. We did not receive any response.
2016.xx.xx: Full disclosure
POC script is available to demonstrate the following problems :
– Unauthenticated information leakage (capabilities)
– Authentication bypass (.cab, nobody)
– Unauthenticated SSRF on DVR devices
– Unauthenticated command injection on DVR devices
– Login captcha bypass with login=quick or manual cookie creation
– CloudSetup.cgi command injection after authentication
– adcommand.cgi command injection after authentication
A video demonstration is also available , which presents some of the
Unfortunately there is no solution available for these vulnerabilities
at the moment. You can take the following steps to protect your device:
– Change the default admin password
– Never expose the web interface of any Avtech device to the internet
HiDDNS/Hikvision DDNS/www.hik-online.com Problem
Currently at 22 Feb 2017 3.20pm ,
The system is currently back online.
We’ll continue to monitor it.
Currently at 22 Feb 2017 3.20pm ,
Free DDNS Services provided by Hikvision is not working.
If you have problem connecting remotely to your CCTV system, here are some temporary workaround.
Use Direct IP Connection
Here’s how to do it on your mobile app (iVMS-4500)
The CCTV system is still working and recording.
For customers on Dynamic IP plan from your ISP (Starhub/Singnet/M1), you are using the HiDDNS from HIKVISION to keep track of your current ip address.
As the HiDDNS Server is not working, you are unable to connect to your current IP from internet and therefore cannot connect to your CCTV System.
If you would like to reduce reliance on free manufacturer’s DDNS, you can consider the following
Manufacturer had already been notified. We’ll keep you updated.
As a business owner, have you ever wonder about these ?
Answer these questions and many more utilising your existing CCTV System for free !
Using our proprietary techniques , we are able to add analytics features to your existing CCTV systems to answer those questions that you had been wondering about your store.
Make use of Data Analytics to improve on the productivity and efficiency of your businesses to increase profits while reducing cost.
System is under Beta Testing now and we are collecting insights into the business that most business owners doesn’t realised until the they saw the analytics reports.
Some details examples are :-
People Counting – Analyse traffic flow into your stores at different days/time periods. Know when to deploy your staffs to minimise staffing cost.
Movement Activities :- Analyse amount of activities in various part of the store. You may wish to place items you want to promote in those areas.
Queue Threshold Counting :- Analyse period of the day where the queue of your store hit a certain threshold. You might want to consider opening up additional counters during those period.
Works are in progress to enable regular comparison reports to be compile across different outlets for comparison. Analyse why certain high traffic stores have lower revenues.
These are current/future reports that we are working on as well.
Without concrete data, business owners are not able to make factual decision on their business.
Our proprietary technique allow customers to make use of their existing equipment to captured these data without having to purchase or install additional equipment to do so.
Currently, the system is undergoing trial so all interested participant will get at least a 1 Year Free Subscription to the system.
If you find that the data captured are useful to your business operation, we have also have equipment to profile and analyse customers with more accuracy. These including returning customers, walk by customers, time customer spent in the stores, etc.
Contact us if you are interested in the trial.
Do note that HIKVISION has some change in policy of their HiDDNS Services.
The message had appeared last Friday evening and had cause checking issues with ProActive Monitoring services for DVR that uses HiDDNS services. We had updated our server software and it’s now working.
For Customer using iVMS-4200, iVMS-4500, Internet Browser to view the CCTV System, it’s working as normally and is not affected.
To Our Valued Customers,
HiDDNS (www.hik-online.com) is a Dynamic Domain Name Service provided by Hikvision to our customers for remote access demands during the past years. As the use base continues to grow, a new platform with enhanced supporting capacity is extremely expected. To meet this certain needs, Hikvision is now introducing a cloud-based service for extranet access called Hik-Connect, which integrates Dynamic Domain Name Service and alarm push notification service.
This means that the current HiDDNS (www.hik-online.com) is determined to discontinue providing the following services in designating steps.
|December 30th 2016||HiDDNS Web Portal (user account management system) will be closed.||HiDDNS user account registration and login block.
Per device’s HiDDNS functionality is not affected. Users will continue to be able to access each device via domain URL or through iVMS-4200/iVMS-4500 client software.
|February 16th 2017||New devices can no longer be registered using current HiDDNS platform.||Previously registered devices will continue to function on HiDDNS platform.|
Due to this change, all our customers using the HiDDNS service need to migrate to Hik-Connect. Alternatively, customers still have the option to use any other third-party DDNS, such as DynDNS, NO-IP and PeanutHull.
Hikvision will do its utmost to assist all customers to change smoothly to this service. Please feel free to contact our local technical support team or email firstname.lastname@example.org for assistance. We do apologize for any inconvenience caused by this convert and thanks again for your continuous support!
Hangzhou Hikvision Digital Technology Co., Ltd. with its subsidiaries
If you are having problem accessing your CCTV System remotely and you are using Singtel Fibre Broadband, do note that Singtel Fibre Broadband is currently (6 Dec 2016) not working in most area. You’ll not be able to access your CCTV System remotely as it require a working internet connection.
SINGAPORE: Telco Singtel said on Saturday (Dec 3) that some customers may be experiencing difficulties in accessing their fibre broadband services. It encouraged those affected who are also its mobile subscribers to use mobile broadband instead and that it will waive mobile data charges for today.
In a Facebook post at 9.43am, the company said: “Our engineers are working to resolve the problem. Thank you for your patience.”
In a subsequent update at 11.55am, the company said on Facebook that its engineers are still investigating the cause of the disruption. “Please bear with us as we try to resolve the problem,” it wrote.
In its 1.30pm update, Singtel said its engineers continue to work to resolve the broadband outage issue. In the meantime, it will waive mobile data charges for those affected on Saturday and apologised for the disruption.
First in the CCTV security industry, we will be launching our ProActive Warranty very soon.
All business customers under current warranty will be automatically upgraded to our ProActive Warranty in phases once it’s launch. All new installation with onsite warranty will automatically be included in our ProActive Warranty services.
What is ProActive Warranty ?
For most equipment warranty, customer need to monitor their own equipment and contact their vendors when the equipment breakdown.
Lakson had developed a monitoring system that enables automated regular daily checks of your systems. It’ll highlight systems that shows abnormal operating status and enable the customers or vendor to take remedial action to rectify that.
This enable Lakson to offer ProActive Warranty to customers instead of the outdated ReActive Warranty.
Never again, you have to endure missing footage due to faulty system that goes unnoticed for months. If your CCTV System is important to you, this is one feature you cannot do without.
Data Analytic Features
Using your existing equipment, we are able to also able integrate analytic features such as
Our CMS System is developed with an open interface. This means that even if your system is NOT supplied or installed by Lakson, you can also add them in if the equipment are supported. We are constantly adding new features and supported equipment to the list.
Due to the numerous brands/models in the market, we also have to focus effort in certain brand/models of equipment to offer the greatest compatibility and functionalities to our customer. As such, we have subsidied equipment available in our online store to customers who wish to get their system on board our ProActive monitoring platform.
Customer : Bibimbap Outlet
Reference No : #888448
Sympton : CCTV DVR Offline for > 3 Days. Customer didn’t opt for active monitoring, so monitoring is only done passively.
Problem : Internet Router reset to factory default by Singtel.
Resolution : Reconfigure Internet Router
Others : When the CCTV system comes back online, the CMS also detected that the DVR was powered off for a period of 3 days in between with no recording. Customer have no idea that the DVR was powered off. Customer will look into that to prevent accidental/tampering of DVR.
Benefits : Without the CMS to analyse the CCTV System, the DVR being switched off in between will not be highlighted and brought to attention. Otherwise, this procedure lapse or tampering with the CCTV system will not be noticed and future reoccurance might result in important cctv footage not recorded due to tampering with the system.
On 8th June, Customer highlighted that he is unable to login to his CCTV System.
From the log chart, we are able to see that the system had been offline since 4th June. However, we can still see that there are IP updates from the DVR on the 5th June.
This usually signified that the required internet router’s port forwarding setting had been removed.
Upon checking, customer confirmed that Singtel had came and did a reset/replacement of the internet router, which was the root of the problem.
Without this history log chart, it’ll be harder to identify the root of the issues.
We arranged for a reconfiguration of the internet router and got the system back up online.
When the system came back online, the CMS highlighted that there is problem with the recording of the system.
Upon taking a closer look, it’s discovered that there are missing recordings for a period of 4 days. This problems would had gone unnoticed if not for the CMS.
The missing recording incident had been feedback to customer and customer will take note of operation procedure to avoid the CCTV system from being switched off accidentally /purposely in the future.
Customer : Subway Outlet
Reference No : #231011
Sympton : CCTV DVR Offline for > 3 Days
Problem : Internet Router reset to factory default
Resolution : Reconfigure Internet Router
Benefits : Customer does not check on the CCTV system on a daily basis. The CMS pick up the problem before customer realise there is problem with the internet router, allowing us to resolve the issues within a short period of time.
On 10 June, from our CMS system, we had detected that the CCTV System had been offline for > 3 days since 8 June 2016.
Customer was alert about the issues, but did not replied.
On 11 June, we had went down to check on the internet router and found that the internet router configuration had been reset back to factory default.
Reconfiguration is done on the internet router to allow customer to view online again.
The system is back online. At a glance, we are also able to determined that there’s around 26 days of recording in the system, within our safety parameters of 21 days.
However, on the 13th of June, the CMS detect that the Subway’s CCTV is offline again and it’s highlighted again.
Customer is able to do a configuration on the router based on the previous information sent to him, and got the system back up and running again.
System had been detected to be functioning well.
Customer is looking into why the router’s configuration was reset on multiple occasion.
The CMS doesn’t only work with system that we had installed since 2008.
If you had your CCTV System installed by the following vendors, most likely our CMS system would support it.