Question - To make a truly Hollywood style attack as the above video claims, how to mask the image with time stamp present ? (the video masks only the image; No time stamp is present in the demo video). That too, time stamp font colour changes when light change detected; how to achieve that?
If you're doing a planned attack and know a little bit about the camera beforehand you could likely install a pre-compiled version of Image Magick to handle encoding a dynamic timestamp on top of a static image.
There's a ton of good Image Magick examples on this site.
To take it a step further, you could download binwalk, decompile a firmware image for the camera, add in your custom IM build and timestamp manipulator and then upload a new firmware payload to the camera. While you're at it you could add a custom .cgi script on the camera that when called flips the camera from "Live" mode to "Fake Stream mode". It could even automatically take a static image from the camera at time of activation.
All this considered, I'm not sure I agree with this statement:
In my opinion, if the above hack is achieved to the proper effect, it would definitely be one of the top vulnerabilities with IP Cameras.
Camera-generated timestamps seem to mostly be used on lower-end systems with simple NVR's like the Hik unit you're using. These systems are less likely to be used in an environment that would have anything worth going to the extreme of spoofing a camera over.
Higher-end systems tend to use a VMS-generated timestamp because it's easier to keep all cameras in sync, and also because sometimes the camera network is so locked down there isn't even access to an NTP server.
Looking at it from a different angle, the more critical systems may be even easier to spoof because they're not expecting any dynamic image overlay on the cameras video stream.