Hello and welcome to the Thursday, September 25th, 2025 edition of the Sands International

Storm Centers, Stormcast.

My name is Johannes Ulrich, recording today from Las Vegas, Nevada.

And this episode is brought you by the sands.edu credit certificate program in

cybersecurity engineering. Today I wrote up a diary about some recent attacks that we have seen

against Hickvision camera systems. These usually target DVRs, network connected video recorders

that various analog cameras connect to.

You have written well as early as back in 2014 about vulnerabilities in these systems.

This latest rash of exploit attempts that I've seen, I would probably qualify it more as

a brute force attempt.

They're using the username admin and the password 1-1. So not even 1-2, 3, 4, 5, 6,

which tends to be the default password for many of these equation systems, at least

the older ones. One of the problems with these systems is that

they often don't come with a full keyboard, but you basically use a mouse and an on-screen

keyboard that usually defaults to a numeric keypad in order to change your password. Haven't looked

at more recent devices and what changes have been made, it's usually

easier to change the password via the web application, but in order to get to that point,

you first have to set a password using that on-screen keyboard. Anyway, if you have a Hakevision

system still around, make sure you secure and patch it properly.

There is a possibility that this also attempts to exploit some older specific vulnerabilities.

But at this point, I really think it's just essentially proof-forcing,

which also is a little bit simpler here because the username and password is just encoded in Base 64

...