YOU NEED TO ACT NOW!
In a fresh announcement Hanwha, formally Samsung, have announced a massive string of Denial-of-service (DoS) attacks launched recently using the SNMP service against CCTV cameras exposed to a public network.
The attacks affect the below usage cases:
- Cameras connected to a public network
- Cameras that used and activated the SNMP protocol
So, How can I prevent my cameras being taken down?
- Update firmware with the latest version
- Disabling the SNMP service
- Using SNMP v3
- Change the SNMP community string
So, how do I SECURE SNMP:
The folks at Hanwha have been kind enough to assist and have created the following guidelines below to secure the use of SNMP.
1. Security Vulnerability Response Center (S-CERT)
Hanwha Techwin’s S-CERT department is a team dedicated to address all possible security vulnerabilities of Hanwha Techwin’s WISENET products and to respond promptly (analyze and prepare countermeasure) in the event of a security vulnerability. If your product is experiencing symptoms of security vulnerability, please contact S-CERT (firstname.lastname@example.org) with detailed product information, and instructions on how to reproduce the symptoms.
※ S-CERT does not respond to requests related to product support and features.
Please contact MyMESS.Online for general product inquiries.
2. Security Vulnerability Response Process
Upon receipt of a security vulnerability report, a Security Breach Accident Countermeasures Council is convened immediately. The goal of the Council is to analyze the content and impact of the vulnerability, prepare the resolution for the issue, and post the patched firmware on the website as soon as possible.
3. Security Vulnerability Notice Policy
The vulnerability patched firmware is uploaded to the website together with the Vulnerability Report. The details of the vulnerability (vulnerability content, affected product information / firmware version, risk, countermeasures, etc.) are not disclosed until the patched firmware is released on the website for zero-day attack prevention. Details such as attach scenarios for vulnerabilities are not disclosed to prevent imitating attacks. If multiple products are affected by the vulnerability, corresponding firmware patches will be released concurrently.