He found that commands sent to the device via a certain connection, port 9000, were accepted without any authentication. And worse, he was able to use that unprotected connection to retrieve the login credentials for the DVR's web-based control panel. "Anyone who can connect to port 9000 on the device can send this request and retrieve that information," said someLuser, who declined to reveal his real name when I reached him by instant message.
To compound the problem, the DVRs automatically make themselves visible to external connections using a protocol known as Universal Plug And Play, (UPnP) which maps the devices' location to any local router that has UPnP enabled-a common default setting.
SVAT DVR FIRMWARE PC
That feature, designed to allow users to remotely access their video files via remote PC or phone, effectively cuts a hole in any firewall that would expose the device to attackers, too. Rapid7's Moore confirmed someLuser's findings and traced the problem in the Swann machine to the device's firmware sold by Ray Sharp. He then used the scanning tool NMAP to dig up thousands of vulnerable machines visible on the Internet. "It’s just a boneheaded decision on the part of ," says Moore. "Fifty-eight thousand homes and businesses are exposed because of the way these things cut holes in the firewall."īy checking the web interfaces of the vulnerable devices and analyzing the Ray Sharp firmware he downloaded from Swann's website, Moore was able to identify 18 companies that seem to use the faulty code: Swann, Lorex, URMET, KGuard, Defender, DSP Cop, SVAT, Zmodo, BCS, Bolide, EyeForce, Atlantis, Protectron, Greatek, Soyo, Hi-View, Cosmos, and J2000. Update: A spokesperson for Zmodo writes in a statement that the company has developed its own firmware in models that it's sold since 2011, and claims that its in-house firmware "features a substantially higher level of security and has never been susceptible to the same intrusions as firmware developed by Ray Sharp."Īn URMET spokesperson also writes that "in 2011 an embedded encryption algorithm was implemented in URMET firmware that encrypts data before the transmission over the network thus increasing the level of security of URMET devices significantly," and that UPnP has been turned off by default in its devices. Priced at only $40, it is good to get one so that you can set up your own security system that would probably costs you few hundred bucks if hiring some professions to do that.Update 2: Both Swann and CW, the company that sells the Defender and SVAT brand of DVRs, now say they are investigating the issue.
SVAT DVR FIRMWARE FULL
To make it more perfect for surveillance system, it features an alarm system that can be activated under few conditions such as motion sensor, video loss, full hard disk space and etc. Good thing is, the frame rate is configurable between 1 to 30 frames per second without significantly affecting the video quality. The recording will be compressed to MPEG-4 format so that the whole bandwidth allocation is sufficient to cater for four video inputs simultaneously. Depending on the frame rate, it allows up to four cameras to record and store directly into your PC hard disk. Unlike traditional video capture card, the module is quite handy, about the size of pen drive with four additional composite cables for video input connectivity.
Named as Eas圜ap 4 Channel DVR, it is compatible to any USB 2.0 host interface on your laptop or UMPC (Ultra Mobile PC) for direct plug and play with up to four channels for recording. Now, the solution provided by Brando seems to be able to simplify the whole setup process. You may either need some kind of converters to plug that card into your laptop or even worst when need to open the laptop casing searching for the right connector to insert the module. So, plugging into your laptop could be a tedious process. Most of the time, the video capture cards for video recording or security surveillance system are always available in PCI or PCI-E interfaces.
0 kommentar(er)
