A recent blog post by Skylight Cyber has brought to light a concerning cyberattack vector in the Internet of Things (IoT) realm. This attack method can turn neighboring devices of a Hikvision smart intercom into spying tools, posing a serious threat to individuals’ privacy.
Skylight Cyber researchers selected Hikvision devices for their study due to their popularity and easy availability. They focused on two intercom products, DS-KH6210-L and DS-KH6320-WTE1, and examined how these devices interacted with other devices commonly found in apartment complexes, such as door controllers, cameras, and other intercoms. By configuring port mirroring, they were able to capture all traffic entering and leaving the device, allowing for a comprehensive analysis.
The researchers discovered that executing the attack doesn’t require many tools or advanced technical knowledge. All an attacker needs is physical access to the target building and an Ethernet cable, laptop, and screwdriver. Once inside the building, the attacker can unplug the intercom’s Ethernet cable and connect it to their laptop using a regular Ethernet cable. They can then run a script available on GitHub to brute-force the admin password of any intercom device in the network. Once they gain access, they can break out of the protected shell and exploit the intercom’s functions, including the microphone.
This type of attack raises significant concerns about privacy invasion, as attackers can eavesdrop on any individual in the building who has an intercom. The team at Skylight Cyber emphasizes that although they have not seen evidence of such attacks being carried out in the wild, it is crucial to address this vulnerability promptly.
Hikvision has responded quickly to the findings and released a patch that users can download from their website. However, patching these vulnerabilities can be challenging. Skylight Cyber notes that Hikvision’s patch primarily focuses on the authentication bypass, leaving the shell escape vulnerability unaddressed. Additionally, tenants lack the necessary access to the admin password to mitigate and patch the vulnerabilities themselves, as this process requires the assistance of technicians. Consequently, updates are not applied as frequently as needed, leaving many individuals and businesses exposed to potential attacks.
Skylight Cyber believes that until the vulnerabilities are extensively patched, they may be exploited in the wild. Therefore, they have chosen not to release the full exploitation kit. To mitigate IoT security risks, businesses and property owners should consider working with reputable vendors, reviewing the security architecture of their devices, and ensuring timely patching. It is important to acknowledge that there are likely thousands of exploitable apartment buildings worldwide, leaving every apartment susceptible to eavesdropping.
In conclusion, the discovery of this cyberattack vector highlights the need for enhanced security measures in IoT devices. The potential for such devices to be used in spyware attacks is a considerable concern, and organizations should take the necessary steps to safeguard individuals’ privacy. Continued collaboration between researchers, manufacturers, and users is crucial to effectively address these emerging threats in the rapidly expanding IoT landscape.