Hikvision Intercoms Allow Snooping on Neighbors

  /     /     /  
Publicated : 23/11/2024   Category : security

Hikvision Intercoms Allow Snooping on Neighbors


The intercoms are used in thousands of apartments and offices across the world, and they can be used to spy on targets through the other devices they connect to.


A concerning Internet of Things cyberattack vector has been uncovered — one that can turn the neighboring devices of a Hikvision smart intercom into spying devices. 
In a recent blog post on the attack, researchers at Skylight Cyber warned that the potential of such devices to be used in spyware attacks should be of concern for businesses and organizations because an attacker could potentially gain access to an individuals life,
denying their privacy
.
Hikvision devices were specifically chosen for this research because theyre readily available and because the brand is popular. Researchers tested on two intercom products, DS-KH6210-L and DS-KH6320-WTE1; among other things, they tested the devices inside an apartment to observe how they would interact with other devices found in a normal complex, such as door controllers, cameras, and other intercoms. Port mirroring was configured within the device to allow the researchers to capture all traffic entering and leaving the device.
Completing an attack isnt all that difficult to do, 
according to Skylight Cyber researchers
, as a potential attacker doesnt actually need all that many tools to conduct a malicious act. 
An attacker would need network access to deploy this attack, and given that these systems are generally not connected to the Internet, this means physical access to the target building, says Adi Ashkenazy, CEO at Skylight Cyber. Once you have physical access, you need to connect to an Ethernet port, which can be done through either an apartment in the building or the lobby.
He adds, In terms of equipment, you just need an Ethernet cable and a laptop, and wed throw in a screwdriver for good measure. The overall level of expertise required to deploy the attack is quite low.
In a situation in which an apartment building or office uses Hikvision devices, specifically its intercoms, and someone has an interest on spying — eavesdropping — on a tenant, the attacker would need to unplug the intercoms Ethernet cable from the wall and instead plug the device into a laptop, using a regular Ethernet cable. At this point, the individual would have the necessary network access to begin this covert breach. 
Then, you run a script thats available on our GitHub to brute-force the admin password of any target device in the network (your neighbors intercoms), Ashkenazy says. Once you have the admin password, you log in to the target intercom device and break out of the protected shell, in one of several ways [covered in the research]. 
By running a single command from a laptop, an individual can gain complete access to a device and can use any of its functions, including the microphone.
Should an attacker with a cable, laptop, and screwdriver on hand manage to brute-force a path to an admin password and break the protected shell, securing unrestricted access, the worst-case scenario is that they would be able to open the microphone on the device. 
Once you have [that] level of access, you can eavesdrop on anyone else in the building that has an intercom, Ashkenazy adds.
The upside is that the team has not seen evidence of such attacks in the wild, and 
Hikvision has applied a patch
that can be downloaded on its website. However, obstacles to patching remain.
Hikvision [was] quite quick to respond, so hats off to them on that. However, as far as we know, they have been selective in terms of the fix, focusing on the authentication bypass, and leaving the shell escape in place, according to Skylight Cyber. 
Furthermore, a potential tenant wouldnt be able to mitigate and patch themselves because of their lack of access to the admin password, so patching is serviced by technicians and the process is manual, meaning that these updates are not applied as often as necessary. So its a good bet that many individuals and businesses will continue to remain exposed.
We believe that this might be exploited in the wild until this is patched to a significant extent, which is why we didnt release the full exploitation kit, the researchers add.
Moving forward, businesses and property owners have options for mitigating 
IoT security risks
 — whether its working with reputable vendors, reviewing the security architecture of the products, or making sure that they are regularly patched, as Skylight Cyber notes. Just to be clear —  there are likely thousands of apartment buildings around the world that are currently exploitable, meaning that every apartment in the building is susceptible to eavesdropping.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Hikvision Intercoms Allow Snooping on Neighbors