Nyob zoo txhua leej txhua tus!
Kuv tsim cov firmware rau cov koob yees duab soj ntsuam video rau b2b thiab b2c cov kev pabcuam, nrog rau cov koom nrog hauv tsoomfwv cov haujlwm saib xyuas video.
Kuv tau sau txog qhov peb pib hauv .
Txij thaum ntawd los, ntau yam tau hloov pauv - peb pib txhawb ntau chipsets, piv txwv li, xws li mstar thiab fullhan, peb tau ntsib thiab ua phooj ywg nrog coob tus neeg txawv teb chaws thiab domestic IP koob yees duab manufacturers.
Feem ntau, cov neeg tsim khoom siv lub koob yees duab feem ntau tuaj rau peb los qhia cov cuab yeej tshiab, sib tham txog kev ua haujlwm ntawm firmware lossis cov txheej txheem tsim khoom.
Tab sis, raws li ib txwm muaj, qee zaum cov txiv neej coj txawv txawv tuaj - lawv coj cov khoom lag luam Suav ntawm qhov tsis lees paub zoo nrog firmware tag nrho ntawm qhov, thiab maj mam npog cov cim ntawm lub Hoobkas thib peb, tab sis tib lub sijhawm thov tias lawv tsim txhua yam ntawm lawv tus kheej: ob qho tib si. lub circuitry thiab lub firmware, thiab lawv tig tawm mus rau tag nrho Lavxias teb sab khoom.
Hnub no kuv yuav qhia koj txog qee tus ntawm cov txiv neej no. Ua kom ncaj ncees, Kuv tsis yog ib tus neeg txhawb nqa ntawm pej xeem flogging ntawm tsis saib xyuas "cov khoom hloov pauv" - Kuv feem ntau txiav txim siab tias peb tsis txaus siab rau kev sib raug zoo nrog cov tuam txhab, thiab ntawm no peb koom nrog lawv.
Tab sis, txawm li cas los xij, niaj hnub no, nyeem cov xov xwm hauv Facebook thiab haus kuv cov kas fes thaum sawv ntxov, kuv yuav luag ntws tom qab nyeem ntawv tias lub chaw haujlwm ntawm Rusnano, lub tuam txhab ELVIS-NeoTek, ua ke nrog Rostec, yuav muab ntau txhiab lub koob yees duab rau cov tsev kawm ntawv.
Hauv qab ntawm qhov txiav yog cov ntsiab lus ntawm yuav ua li cas peb sim lawv.
Yog, yog - cov no yog tib cov hais mav uas coj kuv ncaj ncees pheej yig thiab phem Tuam Tshoj, nyob rau hauv lub guise ntawm lawv tus kheej txoj kev loj hlob.
Yog li, cia peb saib qhov tseeb: Lawv tau coj peb lub koob yees duab "VisorJet Smart Bullet", los ntawm ib lub tsev - nws muaj lub thawv thiab daim ntawv lees paub QC (:-D), sab hauv muaj lub koob yees duab Suav modular raws li cov Hisilicon 3516 chipset.
Tom qab ua firmware pov tseg, nws sai sai tau pom tseeb tias cov chaw tsim khoom tiag tiag ntawm lub koob yees duab thiab firmware yog ib lub tuam txhab "Brovotech", uas tshwj xeeb hauv kev muab cov koob yees duab IP. Cais, kuv tau npau taws los ntawm lub npe thib ob ntawm lub chaw haujlwm no "» yog ib tug cuav cuav ntawm lub tuam txhab Ezviz, ib tug ntxhais b2c ntawm ib tus thawj coj hauv ntiaj teb Hikvision. Hm, txhua yam nyob rau hauv cov kev cai zoo tshaj plaws ntawm Abibas thiab Nokla.
Txhua yam hauv lub firmware tau dhau los ua tus qauv, unpretentious hauv Suav:
Cov ntaub ntawv hauv firmware
├── alarm.pcm
├── bvipcam
├── cmdserv
├── daemonserv
├── ntes tau
├── font
├── lib
...
│ └── libsony_imx326.so
├── rov pib dua
├── pib_ipcam.sh
├── sysconf
│ ├── 600106000-BV-H0600.conf
│ ├── 600106001-BV-H0601.conf
...
│ └── 600108014-BV-H0814.conf
├── system.conf -> /mnt/nand/system.conf
├── version.conf
└── www
...
├── logo
│ ├── ib
│ └── qrcode.png
Los ntawm cov chaw tsim khoom hauv tsev peb pom cov ntaub ntawv elvis.jpg - tsis yog phem, tab sis nrog kev ua yuam kev hauv lub npe ntawm lub tuam txhab - txiav txim los ntawm qhov chaw lawv hu ua "elvees".
bvipcam yog lub luag haujlwm rau kev ua haujlwm ntawm lub koob yees duab - daim ntawv thov tseem ceeb uas ua haujlwm nrog A / V ntws thiab yog lub network server.
Tam sim no hais txog qhov thiab backdoors:
1. Lub backdoor hauv bvipcam yog qhov yooj yim heev: strcmp (password,"20140808") && strcmp (username,"bvtech"). Nws tsis yog neeg xiam oob qhab, thiab khiav ntawm qhov chaw nres nkoj uas tsis yog neeg xiam oob qhab 6000
2. Hauv /etc/shadow muaj tus password zoo li qub thiab qhib telnet chaw nres nkoj. Tsis yog tus haib tshaj MacBook brute-forced no lo lus zais nyob rau hauv tsawg tshaj li ib teev.
3. Lub koob yees duab tuaj yeem xa tag nrho cov passwords khaws tseg los ntawm kev tswj hwm interface hauv cov ntawv ntshiab. Ntawd yog, los ntawm kev nkag mus rau lub koob yees duab siv lub log rov qab los ntawm (1), koj tuaj yeem pom cov passwords ntawm txhua tus neeg siv tau yooj yim.
Kuv ua tag nrho cov manipulations tus kheej - qhov kev txiav txim yog pom tseeb. Thib peb-tus nqi Suav firmware, uas tsis tuaj yeem siv txawm tias siv rau hauv cov haujlwm loj.
Los ntawm txoj kev, kuv pom nws me ntsis tom qab - nyob rau hauv nws lawv tau ua ntau qhov tob hauv kev kawm qhov hauv cov koob yees duab los ntawm brovotech. Hmmm.
Raws li cov txiaj ntsig ntawm kev ntsuam xyuas, peb tau sau cov lus xaus rau ELVIS-NeoTek nrog txhua qhov tseeb pom. Hauv kev teb, peb tau txais cov lus teb zoo los ntawm ELVIS-NeoTek: "Lub firmware rau peb lub koob yees duab yog ua raws Linux SDK los ntawm cov chaw tsim khoom lag luam HiSilicon. Vim cov controllers no yog siv nyob rau hauv peb lub koob yees duab. Nyob rau tib lub sijhawm, peb tus kheej software tau tsim nyob rau sab saum toj ntawm SDK, uas yog lub luag haujlwm rau kev sib cuam tshuam ntawm lub koob yees duab siv cov ntaub ntawv pauv cov txheej txheem. Nws yog ib qho nyuaj rau cov kws kuaj xyuas tshwj xeeb kom paub, vim peb tsis muab cov hauv paus nkag mus rau cov koob yees duab.
Thiab thaum soj ntsuam los ntawm sab nraud, kev xav yuam kev tuaj yeem tsim. Yog tias tsim nyog, peb npaj txhij los qhia rau koj cov kws tshaj lij txog tag nrho cov txheej txheem ntawm kev tsim khoom thiab firmware ntawm cov koob yees duab hauv peb cov khoom. Nrog rau kev qhia qee qhov firmware qhov chaws. "
Lawm, tsis muaj leej twg qhia qhov chaws.
Kuv txiav txim siab tsis ua hauj lwm nrog lawv ntxiv lawm. Thiab tam sim no, ob xyoos tom qab, cov phiaj xwm ntawm lub tuam txhab Elvees los tsim cov koob yees duab pheej yig Suav nrog pheej yig Suav firmware nyob rau hauv lub guise ntawm Lavxias teb sab kev loj hlob tau pom lawv daim ntawv thov.
Tam sim no kuv tau mus rau lawv lub vev xaib thiab pom tias lawv tau hloov kho lawv cov kab koob yees duab thiab nws tsis zoo li Brovotech lawm. Wow, tej zaum cov txiv neej paub thiab kho lawv tus kheej - lawv tau ua txhua yam ntawm lawv tus kheej, lub sijhawm no ncaj ncees, tsis muaj firmware leaky.
Tab sis, alas, qhov kev sib piv yooj yim tshaj plaws Lub koob yees duab "Lavxias teb sab". muab tau.
Yog li, ua tau raws li tus thawj: cov koob yees duab los ntawm ib tus neeg muag khoom tsis paub meej.
Qhov no mileight zoo dua li brovotech li cas? Los ntawm qhov kev pom kev ruaj ntseg, feem ntau yuav, tsis muaj dab tsi - kev daws teeb meem pheej yig.
Tsuas yog saib ntawm lub screenshot ntawm lub vev xaib cuam tshuam ntawm qhov kev ncua deb thiab ELVIS-NeoTek koob yees duab - yuav tsis muaj qhov tsis ntseeg: "Lavxias teb sab" VisorJet koob yees duab yog clone ntawm lub koob yees duab mileight. Tsis tsuas yog cov duab ntawm lub vev xaib sib cuam tshuam, tab sis kuj yog lub neej ntawd IP 192.168.5.190 thiab cov duab kos duab. Txawm tias lub neej ntawd lo lus zais zoo ib yam: ms1234 vs en123456 rau lub clone.
Hauv kev xaus, Kuv tuaj yeem hais tias kuv yog leej txiv, kuv muaj menyuam hauv tsev kawm ntawv thiab kuv tawm tsam kev siv cov koob yees duab suav nrog cov firmware leaky Suav, nrog Trojans thiab backdoors hauv lawv txoj kev kawm.
Tau qhov twg los: www.hab.com