A backdoor found in Hikvision security cameras has been recently exploited by hackers who were able to compromise the devices by displaying the term HACKED. Cesare Garlati, Chief Security Strategist at the prpl Foundation commented below.
Cesare Garlati, Chief Security Strategist at the prpl Foundation:
“The Hikvision camera hack is a clear indicator of why there is no such thing as a secure backdoor and should be used to advocate security by separation through hardware virtualisation. This flaw should have been located in the development stages of manufacturing and not once the device was on the open market, potentially exposing millions. IoT developers need to think more about eradicating these vulnerabilities at the development stages, which why prpl has introduced a free Security Guidance for Critical Areas of Embedded Computing document that details how developers can achieve security by separation through hardware virtualisation that would have ensured the flaw (and resulting damage) would have been contained. If this approach was used, this attack would have most certainly been avoided.”