Should Hikvision Hack Its Own DVR's?

Going the whole hog and changing the firmware automatically is unlikely to fly in the U.S., but maybe in China it could be done for interests of national security.

Logging in and leaving a "calling card" would create a major firestorm, that would be called hacking... many other downsides as well would arise from that stunt that would land them in deep trouble...

FWIW, these paragraphs from the article above are what made me think of the OP:

So many cameras are setup to look down into cribs that it was sickening; it became like a mission to help people secure them before a baby cam “hacker” yelled at the babies. I wanted to warn and help people who unwittingly opened a digital window to view into their homes, so I tried to track down some security camera owners with the hopes of helping them change the default username and password. It is their lives and their cameras to do with as they think best, but “best” surely doesn’t include using a default username and password on those cameras so that families provide peep shows to any creep who wants to watch.

The site lists the camera manufacturer, default login and password, time zone, city and state. The results for each camera are also theoretically pinpointed with longitude and latitude on Google Maps. That can be opened in another browser window, zoomed into, converted to Google Earth, then Street View in hopes of seeing an address to take into a reverse phone look-up. It’s slightly easier if it’s a business and you see a name on a building. There may be an easier way, as it was slow and frustrating.

A, framing it as 'hacking', you wouldn't make a good marketing person...

I think there are some manufacturers who include this as a service. At the very least, they could market it as a service, saying that they are helping people.

Indeed, in the future, set auto upgrades as a feature, make it the default, allow people to opt out...

While this is definitely outside the box thinking, I do not imagine it would be well received. Here's a personal example of why this is a bad idea:

In the Win2K days I used the command net send to send a message to everyone at a medium size employer that I would be shutting down a key office printer. The message that popped up on their screen had everyone from administrators to the Director of IT scrambling around thinking they had been hacked by The Lawnmower Man. Large scale short messaging was the original purpose of net send! I could see something like this occurring on a much larger scale if Hikvision took this action.

The message that popped up on their screen had everyone from administrators to the Director of IT scrambling around thinking they had been hacked by The Lawnmower Man.

Yes, I imagine that it would not be well received by some. Though in your example, presumably the majority of people receiving the message were not concerned about the status of the printer at that instant, and therefore might only see the negative aspect. In this case it would be more like the message was "The printer has been hacked by The Lawnmower Man". Still your point stands that messengers are often shot because of the message.

So instead, maybe the camera title gets changed to a link to the predatory website that is actually showing the DVR images. The user would change their password at once and direct any negative energy to where it was deserved, the site that was exploiting them.

Hik doesn't have do it in any case, a white hat could do it also, though it could be a lot of work for all the different interfaces. It's still illegal but maybe an ethical argument can be made for it.