Announcement

Collapse
No announcement yet.

China/mac-address/backdoor

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • China/mac-address/backdoor

    I'm just going to throw this out there. It has been concerning me since security has gone IP.

    1. Every IP device has to have a unique identification number the mac address.
    2. Most of the world's cameras, access control boxes, security panels are made in China, Korea, Vietnam, Taiwan, etc.
    3. What is the probability these communistic, hostile countries have programmed "back doors" into every product they produce?

    Can anyone see the possible ramifications?
    I tried being reasonable, I didn't like it.

  • #2
    120 views and no takers huh?
    I tried being reasonable, I didn't like it.

    Comment


    • #3
      I don't know how probable it is, but it is certainly possible. There are two ways to do this: hardware and software. And one company may make the hardware and another company may make the software. Adding complexity, there may be many hardware manufacturers in each camera or system that make up the sum of it's parts. Additionally, there would need to be a motive or reason for doing this. "China" has no way of knowing where and how the cameras produced there will end up. It is far more likely that they don't have such a backdoor, but if you detect suspicious network traffic, you might want to take security precautions or switch cameras and notify the authorities. Why not try and find camera parts made in the US?
      Safe Small Towns

      Comment


      • #4
        Finally! There are intelligent life forms here. I have talked to several individuals in the IT industry. They say NOTHING is secure. Example, Stuxnet. The Chinese know when large shipments go out and one way would be by reversing the technical support route, anyone can determine who the end user could be. One scenario is they could leave the camera with a flaw that has to be corrected by the factory. The poor tech guy has no idea it is a ploy. It's not hard to backtrack anything if you really want to. Intel on commonly bought items such as cameras would be easy to find. The government usually puts jobs out for bids. That is easily tracked. We all know China follows all the rules. Finding a public IP address would be easy. Finding the back door through hardware and software would be the next challenge. Hard but not impossible.

        Your thoughts?
        I tried being reasonable, I didn't like it.

        Comment


        • #5
          To make the issue more complicated, sometimes backdoors are not programmed in maliciously, but for debugging purposes. The problem comes into play when a hacker discovers the backdoor exists and exploits it. This article talks about how China was initially blamed for a backdoor in a computer chip used by the US Military, but it ended up being a debugging program installed by a California-based firm: http://www.techspot.com/news/48817-c...-backdoor.html
          Safe Small Towns

          Comment


          • #6
            Originally posted by SafeSmallTowns View Post
            To make the issue more complicated, sometimes backdoors are not programmed in maliciously, but for debugging purposes. The problem comes into play when a hacker discovers the backdoor exists and exploits it. This article talks about how China was initially blamed for a backdoor in a computer chip used by the US Military, but it ended up being a debugging program installed by a California-based firm: http://www.techspot.com/news/48817-c...-backdoor.html
            Here is a scenario. Would it be any different IF China was a favored nation and ally and never ever gave us any reason to think otherwise?
            No is my answer. Power changes every day and corrupt leaders could overthrow any regime at any time. They could give vital information quickly to any subversive faction about our tactics, strength, whatever.

            Like this
            http://conservativebyte.com/2012/03/...-plan-on-iran/
            I tried being reasonable, I didn't like it.

            Comment


            • #7
              Originally posted by SafeSmallTowns View Post
              To make the issue more complicated, sometimes backdoors are not programmed in maliciously, but for debugging purposes. The problem comes into play when a hacker discovers the backdoor exists and exploits it. This article talks about how China was initially blamed for a backdoor in a computer chip used by the US Military, but it ended up being a debugging program installed by a California-based firm: http://www.techspot.com/news/48817-c...-backdoor.html
              I found this while searching other forums.

              Bit of a heads up about a bit of a disconcerting security issue in some ONVIF IP
              cameras.

              I had my eye on some low cost, Chinese OEM IP cameras because
              they have good NAS compatibility (claimed Synology). They are branded as IPS,
              Uvision, Gsvision, Sunvision, Aote among others. I was willing to put up with
              the clunky ActiveX interface because I figured I'd only have to configure them
              once and would be viewing the video through the NAS/NVR
              interface.

              Everything went fairly smoothly- I set the time, IP address,
              changed the password- and when I went to log back in it would not accept the
              same one copied and pasted. No problem- went for the old reset button and… no
              reset button.

              So I emailed the Chinese manufacturer, they asked for me to
              give their technician access to my computer via TeamViewer so he could reset it-
              I said that was not really an acceptable solution. So they sent me the default,
              hard-written to firmware, root password for their cameras so I could just
              remotely log-in and hard-reset the camera over telnet.

              That's
              right, there's a root user, but you can't change the
              password.


              Yeah- not too happy about that.

              I spent a few
              days going back and forth with them- explaining why, with these cameras in homes
              and businesses all over the world this was a Bad Thing. Either they were playing
              dumb and had to have it for the Powers That Be (as has been documented with
              other network products of similar origin), or else they truly think it's ok.
              Their attitude was basically that they had made a mistake in giving it to me-
              and not in having one in the first place. Their "fix" was a promise to change
              the hard-written root pass in future firmware revisions. Given that the password
              is sent to the camera in plaintext, it's hardly likely the new one would remain
              secret for long.

              (In case you are wondering, even after a few hard reset
              cycles the camera would still not accept a new admin password but that is no
              longer really a concern for me.)

              All this seems a bit insane. As we all
              know few LANs are very secure- wifi is not tough to crack, we all password
              protect our computers and NASs against this eventuality. As it stands, anyone
              with access to the LAN that these cameras are on can take them all offline with
              a few keystrokes, or reset the admin password, restore the original IP and leave
              anonymous access on- so the owner would never know they had been compromised. Or
              set them to forward images to an outside location.

              As far as cameras that
              are accessible via the Internet, many people will not change the cameras default
              IP- which means that even on reset it won't lose its port mapping and video
              could be viewed by anyone, anywhere. At the very least they could still disable
              it. Other than that, root is root and someone with better Linux skills could
              probably make more of it.

              I'm posting this because as we all know there
              is no security in obscurity- and if they could accidentally just email me the
              root pass this is far from obscure. People have these cameras pointed at
              playgrounds and in private homes- hoping they don't give the password to anyone
              else (or that it is not already being used) is not really an option in my
              opinion. I would never consider installing a camera with this kind of known
              backdoor- perhaps others feel differently.

              If you'd like to check your
              camera, here is the information:

              Not going to give this part

              Credit to milo****
              I tried being reasonable, I didn't like it.

              Comment

              Leaderboard

              Collapse
              Working...
              X