IP Camera Passwords - Axis, Dahua, Samsung

Author: Ethan Ace, Published on Oct 15, 2014

IP cameras are famous / infamous for weak default passwords that can lead to major problems. See our IP Cameras Default Passwords Directory for examples.

However, in the last few years that is starting to change.

In this note, we look at password procedures for Axis, Dahua and Samsung, explaining why and which are strong, moderate or weak.

** ******* *** ****** / ******** *** **** ******* ********* that *** **** ** ***** ********. *** *** ** ******* ******* ********* ********* *** ********.

*******, ** *** **** *** ***** **** ** ******** ** change.

** **** ****, ** **** ** ******** ********** *** ****,******** *******, ********** *** *** ***** *** ******, ******** ** weak.

[***************]

Strong: *******

** ***** **** ****** ******** *******, ******* *** **** *** things ** ******* ******** ********:

  • *****, ***** **** ****** * ******** **** *** ****** ** first ****** ** ******** ** ** ******* *********. ***** ** no ******* ********.
  • ******, *** ***** ******** **** ** ** ***** * ********** and ****** *** ******* *****, ** **** ** *** ***** below. ***** ***** ** *** ***** *******'* ******* ******* ******** ("4321") ** ** ****.

********* **** ***** *** **** ***** ***** ******* *** **** the ***** ******** ********* ** ********, *** **** ** *** more ****** **** ****** ********** ** "****."

Moderate: ****

**** ******* *** ***** *** **** ** ****** * ******** upon ***** *****. *******, "****" ** ***** ********, *** ***** functions ** * ******* ********, **** ***** **** ** ******* to *** ****** ****** *** ******** ******** ***** ** ********. This ***** ** **** ****** **** **** ***** ****** ***** "pass" ******* *******, *** ** *** ****** ** *****.

Bosch: ********

******** ** *.** ********, ***** ******* ***** ** *** * password, **** **** ***** ********* **** ********** ** *** ******'* web *********. **** **** ** ******** ** *** ** ******* and **** ** ********, ****** ******* ** *********, ***** ***** users ** *** ***.

******** ** ***** ***** ** *** ******** ***** ****, **** a ***** ******* ******** "********." **** **** *** ******** ** this ******* *** * ********** **** *** ******** ********* *** lowercase *******, *******, *** * ******* *********, *** *** ***** only ******** ** "******." ****** ********* ******* ** ********** *** a *** ** ***** *****.

****:***** (*** *********)

************ ******* ** *****/*****, **** ******** ** ******, *** ************* not ** *** ******** ***** ** *******. ** ******** ********, Dahua ******* (*** ****) ******** *** ******** ***** ***** *** be *******, *****  ****** (**** ***** ******) *** ****** (**** ****). *******, ** newer ******** (**/** ****), ***** ******** ** ****** *****, **** admin *** **** ******* ** *******.

***** **** *** **** ***** ** ****** *** ******** ****** the ***** *****, *** ******** ******** ******** ***************, **** *****. However, ********* *** **** ******* ******* *** ********, ** ******* characters, ******* ***** ** ******** ****** ** ****** * ****** password.

************, ***** ******* **** ** ****** ** ****** ***** ** ******** failed ***** ******** *** ****, **** *****. **** ** ******** in ** *******, **** **** *** ****** ** ******** ********. This ** ***** ******** **** ******** ******* ******** ******, ******** intruders ** *** **** *** ******* *********.


******

*** **** ******** ** ************* ***** *** ******* ********* ******* forcing ***** ** ****** **** ** *****, *** **** **** we **** **** ******* ******* ***** ** ******* ****. *** **** common *********** ******* *****/*****.

***** *** **** * *** ******** ** ************ *** *********** in ******** ******** **'** **** ** *** ****** *****. *******, feel **** ** *** ****** ** *** ******** *****.

****

**** ** ***** ******** ***** ******* ******* ********* *********, ****** **% ** ***** **** **** ** ***** ********* *** default ********* ** * ********** **********:

**** **** ** ****, **** ** *** ***** ************* ****** do (** ********) ** **** ** ****** ********* **** ******?

Comments (19)

**************'* * *** * *********, ***** ******* *** ********** ********** lucky ** *******. **'* * ***** ********....

*'** ** **** ** *** *** ****** *** ***'* **** crowd **** ****.

**** ** ** ******** ****, * ***** *** ***** ** Dahua: **** ** ***** *** ************ ** ******* ******** ** login ** *** ** **** ***** **** *** ***** ********:

****'* ********** ****** *** ***** ********* ********* (******** ***'** ******* the ********* **** *******, *** ********* ** *** **** ****), and *** * ****** ******* ** *******.

* ** *** ***** **** *******'* ******* ***** *** *********. I ********** *** ******* ** ******** * ********* ** **** pass **** *** ****** ** ****** * *******, **** ** remember ********** ******** *** ****** ** ******** ** * *******.

* ***** **** **** *** ***** ***** ** ****, ******* users ** ****** * ******** *** ******* *** *** **** own ******* ***** ** **********. ******* ** *** ***** ****** card ******* ** ***** ********* **** ***** **** ** *********. The ***** ***** **** *** ****** ** **** * ****** would ****** **** ****** ********.

*** ****** *** **** ****** ** ****** **** ************ *****, so *** ***** * ****** **** ** **** *** ** and **** ** *** **** **** ?

*** ***** ** ********** ****** ** ** **** **** *** value ** **** *** *** **********.

* ** ***** ** *** ******** **** **** ************ ******* which **** ******* ********* *** * ***** **** *** ******* should ******* * *** ******** **** ******* ***** ** ******* the ******. *** ******* **** ********* ********* * ***** ** difficulty ***** ** *** ********* ** *** ******** ** ******* hacking **** ********. ** *** ***, *** ** ***** ***** a ****** *** ** *** ****** ** ***** **** * simple ******** ** **** ****** ** * ***** ****** ? If *** **** **** ***** ** ** ******** ** **** high ***** ** ********** **** *** ****** ** **** ** implement ** *** ** ****** *** ** ********.

* **** **** ******* ******* *** ***** *** ******** * real **** ***** *** ** ***** ******* **** ********* *******.

** *** **** ****, ******, **** ** ** **** * manufacturer's ***********: ***** *** ***** *** ***** ********* ** *********** ** ******* ** *** ********, *** ******* ********** **** *** ****** **** ****.

** ***** ** **** * ***** ****** **** ** ********* user **** **** *** ** ***** ** * ******* **** and ***** ** **** ** *** ******** (*** ****'* * realistic ********), *****'* **** * ****** ******* **** **** ** and **** **. *** ******* **** ***** ****** *** ** a ** ********* *** * ***** ** *********. ******* ***** to ****** * ******** *** *** ***** * ******* *** can ****** ***** *** **** ******** ** ***** ******, ** most ***'* ** ******* *** ******* ** ******* **. ****'** just *** ********* *** **** **** ****, **** ** ** the **** ******.

**** ** ******* ********** ******* *********, *** ** ****** * complex ***** ******** *********** * *** *****? *** ***** ** users **** ** ****** *** ****** *** **** ********? ** seems **** ** **** ** **'* **********, ** ****** *** be * *******.

*** **** ******* ******'* ********* *** *** "***********!"

** **** *****'* ********, ****, ******** *** ********** *** ******** one *** ********* *** ** **** ********, ***** ** ***** not *** ****.

******* ****** ** ****** ***** *** ******** ** * ****** is ****. ***** *** *** *** **** '****' ******* ** the ******** ******* ****** ******'* ****** ** ****** *** ********.

* **** ******** * ******* ** ** *** ****** ******* they ******'* ** ******** ** ****** *** ******* ********.

*******, ******* ** **** ** ******** ******** ***'* ** ****************, ** **** *********. * ******* **** ***** **** ******** who **** *** *** **** ******** ****** **** **** **** all ***** ********/******* ***. *** ** ****** ** *** ***** of **********!

****,********** ****

****** *** * **-********* ***** ***** ********* *************************.

* *** **** ************ **** ******** ****** ****** **** **** virtually ****** **** ******** ********* ***** ***** *****.

*'* ***** ** ** *** ** * **** *** ******* that ******** ********* ******** ******* ***** ******** ** * ***** deal **** *** ****** ******** **** ********* ******* *** *********** contortions ****** ************ ********** ******** *******.

* ******* ******** ** ***** *** *********** ***** ** ** standardize ** **** ******* **** ** **** ****** ******** ************.

**** ** ***** ***** ********* **** ******** ****** ***** *** available ** ******* *** ***** ** ******* ******* ********. ****, data ****** ************ *** ******** ************ *************, ******** **** ******** within *** ***** ** ****** ******* **** **** **** ***'* care ** ***** **** **** ******.

*** ****, * **** **** ************ ***** **** ** ****** room ** **** * ********* *** ****** ********. sentence ***** ** * ****** ********)

********* *** **************** ******** **** ****** **** ********* ** * *********** ****** could **** ** * ********** ** *** *******. **** ************ cameras *** *** ******** **** * ********'* **** ********. * agree; *** ***** ** ********** ****** ** ** **** **** the ***** ** **** *** *** **********.

** * ******** *** ******* ****, **** ******* ******** ***** the ****** ** ********** ******* ** * ********. ** ***** in ********* **** **********, ****** ********* *** ** **** ****** ********** ***** ***** being ******. ******* ***** ***** *** ****** **** ******* ** data *** ******* ******* ** ******** ********** **** *********; ***** anyone ******* ******* ******** ********** *** ******** ****** ************?

*'* *** **** ***** ***** *** *********, *** ***** ** known *** ****** * ******** ******** ** *** *** *** a ****** ******** * ******* **** ****** ** *******. * was **** ** ***** ***** ****:***** *** ****** *** ****** as **** *** *** **** ******* * ****.

* ******* **** *** ****** ****** ***** ** ******* ** be ******** ******** *** **** ******* * *** ** ****** through * ****** ******* **** *** ******. **** ****** **** be ** * **** ******** **** *** **** ** *** network. ** ***** ** **** ** *** ******** ******* **** also *******.

** * ******** ****, *** ****** ***** ******* ******** ******* one ** ****** *** ********* *** *****. ** ***** ********/******, this *** *** ******** *** *** ******** ** *** ******* could ****** *** ***** ***** *****.

**

****** **** * ******** ******* ** *** ***** ** ******** Cameras (** ********** ** *** *****/**** ***). **** *** *** dealing **** *** ******* *** ** *** ** ***** *** 200 ********* ******* ********* *** ***** ****? *** *** **** finda *** ** ****** ***** *** *********... *** **** ********.

* ******* **** ******** ***** ****** **** *** ******* ******. That ** *** ** **** ***** ** ********** *** **** seems ** ** *** *** *** ** **** **** *** Device ********** / ****** ******** *********** ************.

*, * ***** * *** ********** ** **** **** -*** ** *** ****** ******** ********** ** *** *******?

******: ***** *** **** ***** (*** *****'* ***** ****) ** change ******** ** ***** *****, *** ***** ******** ******** ***************.

****'** **** ******* *** ****** *** ****** ******** ******** **** cameras.

**'** ********* **** ** ******** *******, *** ***'* **** * new *** ** ***** ****. **'** ****** ** ** **.

****** *** *** ******. * *****'* **** **** ** *** IP ******* *** * **** **** *** ******** ******* ** the *** ****. ** ***** ** ** ****** *** ******** and * ******* * ***** **** * ******** ****** **** 6 **********. *** * *** * ******** **** ***** *****, but * ******* **** ***** * **** *** **** ** not ** **** ** ** *** ** ******* ***** ***** it **** ****** ** *** *********.

**** *** ****** ** *** ***** ******** ***** ** *******? I **** **** * ***** ****** *** ********* ** *** cameras, *** **** ****** *** ***** ******* ** ********** ***** settings ******* * ******** ** ***** ***** *****.

* ****'* ***** *** ***** ********. *'** ***** ** *** tomorrow. * ** ****** ****** * ******** *** ***** ************** I ***'* ****** ***** *****, *** * ****'* *** ** out.

***, * ******* **** *** **** ** ***** *** *****. I *******, *** **** ** *****. **** *** ***** * changed *** ********* ** *** ****** *** ** ****'* ****** the ***** ********. ** *** ***** *****/***** **** ************** ****** on (** ******** ****** ***). * ***** ** ****** *** password **** ***** *******, *** **** ****'* **** ***** ** why *'* ****** ***** ******** ********* **** *****.

**** ** ** ****** ** ***** *** ***** ********. ** the ****** ***** ******** (*** **** *** ***** **** ** other ********) *** *** ******* ** ****** *** ***** ********. However, ***** ************** **** ** ** *** *** ***'* ****** the ******** **** *** *** *******. *** **** ****** *** Onvif ***** ******** ***** ***** ****** *******.

** ******** ** ****, ****** *** ***** ******* **** ***** firmware **** *** ** ********* ** *** ******** *******. *** the **** ** ******* *** **** ****/*****. *** ******* ***** the ****/***** **** ** ******* *** **** **** ** *** of *****. ***** *** ******** ******, ** ***** ****** *** 8's *** *'* ******** *** **** ***** ** ***** ****** Manager *** ****** *** *** *********. ** **** *****/***** ***** backdoor.

** **** *****/***** ***** ********.

**** ****, ****!

*** *. **** *** * ****. ;)

******: ** ***** * ******* ** *****, *** ******** ******** no ******** ** *******. ** *** *********, **** ****** *** user ** ****** * ********, *** ***'* ******* * ****** one.

**** **** ****** ** *** *** ****** ** *******, ***** used ** ** **, *** **** ** ******** ********, ******.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Uniview Weak Local / Strong Remote Password Policy Tested on Mar 14, 2017
With the continuing onslaught of cyber-security breaches (see Dahua backdoor recently discovered, Hikvision defaulted devices getting hacked)...
Genetec Comments on Washington DC MPD Hack on Mar 13, 2017
This January, the Washington DC police video surveillance system was hacked with ransomware, impacting 123 of 187 cameras. Last month, IPVM...
Hikvision New Security Vulnerability on Mar 12, 2017
Hikvision has disclosed a new security vulnerability that affects 200+ of their IP cameras over the past few years. In this note, we examine the...
FLIR Responds to Dahua Backdoor on Mar 10, 2017
FLIR is the first Dahua OEM partner to issue a statement following Dahua's backdoor disclosure: Certain FLIR and Lorex branded products that...
Hikvision Firmware Decrypted on Mar 09, 2017
A developer has decrypted Hikvision's firmware, allowing examination of Hikvision's device source code and contents. In this report, we overview...
Dahua Backdoor Uncovered on Mar 06, 2017
A major cyber security vulnerability across many Dahua products has been discovered by an independent researcher, reported on IPVM, verified by...
Who Is Hacking Hikvision Devices? on Mar 06, 2017
Someone or organization is mass hacking Hikvision devices, actively and systematically running a script / program across the Internet that looks...
Directory of DIY Alarm Systems on Mar 03, 2017
The fastest growing segment of the alarm market is Do It Yourself (DIY) systems. This directory covers DIY products for central station, push...
Hikvision Defaulted Devices Getting Hacked on Mar 02, 2017
Hikvision devices with default passwords and remote network access enabled (via DDNS, public IPs, etc.) have experienced wide spread hacking over...
Directory of Alarm Panel Manufacturers on Feb 16, 2017
Alarm panels are the central controller of intrusion systems. The following is a list of manufacturers of alarm panels. This directory only covers...

Most Recent Industry Reports

IP Cameras Lose Buy America Protection on Mar 28, 2017
IP Cameras have lost the US government's 'Buy America' protection as the Security Industry Association (SIA) successfully lobbied the government to...
2Gig Intrusion Megatest (GC2 & GC3 Panels Tested) on Mar 28, 2017
2Gig is one of the most widely used intrusion systems, with two product lines that are the main offering of many alarm companies, huge national...
Anixter Favorability Results on Mar 28, 2017
Anixter's direct sales and integrator anger about it has been in the news recently: Anixter / Bosch Sells Direct to Amazon Anixter Touts...
Save $50 - IP Networking Course May 2017 on Mar 28, 2017
This is the only networking course designed specifically for video surveillance professionals plus it includes live training, personal help and...
Chinese Government Spies on Churches With Video Surveillance on Mar 27, 2017
The Chinese government is using video surveillance to spy on churches in China, reports UCANews, explaining: The [Chinese government]...
Hanwha Wisenet X Tested on Mar 27, 2017
Hanwha has released their latest generation, the Wisenet X series, powered by their new Wisenet 5 processor. This new series claims improvements...
Burglar Alarm Sirens Guide on Mar 27, 2017
Sirens are used to alert users to an alarm condition. In this note, we examine how to choose, locate, and install alarm sirens, including Siren...
Dahua Distributor Bad Breakup on Mar 27, 2017
A Dahua distributor in Europe claims that Dahua took over his top customers, revoked his distributorship status, and left him with a large amount...
Everbridge Mass Notification Service Examined on Mar 24, 2017
Everbridge is expanding in the security space. In January 2017 Everbridge acquired PSIM platform IDV, and have also begun integrating with other...
Hikvision Removing Auto 'Phone Home' on Mar 24, 2017
Facing pressure over their cameras auto phoning home and their Chinese government ownership, Hikvision has begun quietly removing automatic...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact