Re-branded IP cameras and DVRs sold by over 100 companies can be easily hacked, researchers say.

According to zdnet.com

By  for Zero Day

 

Millions of security cameras, DVRs, and NVRs contain vulnerabilities that can allow a remote attacker to take over devices with little effort, security researchers have revealed today.

All vulnerable devices have been manufactured by Hangzhou Xiongmai Technology Co., Ltd.(Xiongmai hereinafter), a Chinese company based in the city of Hangzhou.

But end users won’t be able to tell that they’re using a hackable device because the company doesn’t sell any products with its name on them, but ships all equipment as white label products on which other companies put their logo on top.

Security researchers from EU-based SEC Consult say they’ve identified over 100 companies that buy and re-brand Xiongmai devices as their own.

 

All of these devices are vulnerable to easy hacks, researchers say. The source of all vulnerabilities is a feature found in all devices named the “XMEye P2P Cloud.”

 

for more details please visit : zdnet.com

 

SEC Consult says it was able to track down more than a hundred other vendors that bought Xiongmai white-label devices and put their logo on top. The list includes names such as: 9Trading, Abowone, AHWVSE, ANRAN, ASECAM, Autoeye, AZISHN, A-ZONE, BESDER/BESDERSEC, BESSKY, Bestmo, BFMore, BOAVISION, BULWARK, CANAVIS, CWH, DAGRO, datocctv, DEFEWAY, digoo, DiySecurityCameraWorld, DONPHIA, ENKLOV, ESAMACT, ESCAM, EVTEVISION, Fayele, FLOUREON , Funi, GADINAN, GARUNK, HAMROL, HAMROLTE, Highfly, Hiseeu, HISVISION, HMQC, IHOMEGUARD, ISSEUSEE, iTooner, JENNOV, Jooan, Jshida, JUESENWDM, JUFENG, JZTEK, KERUI, KKMOON, KONLEN, Kopda, Lenyes, LESHP, LEVCOECAM, LINGSEE, LOOSAFE, MIEBUL, MISECU, Nextrend, OEM, OLOEY, OUERTECH, QNTSQ, SACAM, SANNCE, SANSCO, SecTec, Shell film, Sifvision / sifsecurityvision, smar, SMTSEC, SSICON, SUNBA, Sunivision, Susikum, TECBOX, Techage, Techege, TianAnXun, TMEZON, TVPSii, Unique Vision, unitoptek, USAFEQLO, VOLDRELI, Westmile, Westshine, Wistino, Witrue, WNK Security Technology, WOFEA, WOSHIJIA, WUSONLUSAN, XIAO MA, XinAnX, xloongx, YiiSPO, YUCHENG, YUNSYE, zclever, zilnk, ZJUXIN, zmodo, and ZRHUNTER.

Cheap-shit cameras go on the outside of the house, viewing public areas. Decent cameras go inside the house, or pointing at private outdoor sections. Always keep the firmware updated. Always change the default passwords. Always turn UPnP off on your router.

For ultra-private areas, either have no cameras or roll your own weird solution with a Linux SBC, USB webcam and motion with access via a VPN or something.

I would never have imagined that a profit-driven company selling cheap tat in foreign countries would not bother to deal with the issues their customers have.

I would also never imagine in my whole life that such a company would ever repeat the trick on a gullible public with a different name.