I dunno, stuff like this is more than just not setting a proper password:
Quote:
The US Department of Homeland Security gave the Hikvision cameras its worst / highest score - a 10.0 out of 10.0 - confirming that it is "remotely exploitable/low skill level to exploit" for "improper authentication." Moreover, DHS additionally confirmed a "password in configuration file", scoring it a critical 8.8 out of 10.0.
|
https://ipvm.com/reports/hik-backdoor
Quote:
Any Hikvision manufactured camera connected to a network can be deactivated, activated, reset, or even locked out by Hikvision (majority owned by the Chinese ruling party). Some numbers suggest this could include up to 40% of all security cameras in the United States, but it’s impossible to really know how many it really is.
|
https://np.reddit.com/r/technology/c...reepy/dx0ljfi/
Quote:
Drew explained that the hackers found a vulnerability, which affects most of DAHUA's cameras, that allows anyone to take full control of the devices' underlying Linux operating system just by typing a random username with too many characters.
The hackers then planted malware on the devices to turn them into bots and use them for both DDoS attacks as well as for extortion campaigns using ransomware., Drew said. The malware targets specifically Linux devices and is part of a family that previously went by the names Lizkebab, BASHLITE, Torlus and gafgyt, according to Level 3 and others who have been investigating the attacks.
|
https://motherboard.vice.com/en_us/a...et-brian-krebs
Not a big fan of this kinda stuff.