IP Camera Passwords - Axis, Dahua, Samsung

Author: Ethan Ace, Published on Oct 15, 2014

IP cameras are famous / infamous for weak default passwords that can lead to major problems. See our IP Cameras Default Passwords Directory for examples.

However, in the last few years that is starting to change.

In this note, we look at password procedures for Axis, Dahua and Samsung, explaining why and which are strong, moderate or weak.

** ******* *** ****** / ******** *** **** ******* ********* that *** **** ** ***** ********. *** *** ** ******* ******* ********* ********* *** ********.

*******, ** *** **** *** ***** **** ** ******** ** change.

** **** ****, ** **** ** ******** ********** *** ****,******** *******, ********** *** *** ***** *** ******, ******** ** weak.

[***************]

Strong: *******

** ***** **** ****** ******** *******, ******* *** **** *** things ** ******* ******** ********:

  • *****, ***** **** ****** * ******** **** *** ****** ** first ****** ** ******** ** ** ******* *********. ***** ** no ******* ********.
  • ******, *** ***** ******** **** ** ** ***** * ********** and ****** *** ******* *****, ** **** ** *** ***** below. ***** ***** ** *** ***** *******'* ******* ******* ******** ("4321") ** ** ****.

********* **** ***** *** **** ***** ***** ******* *** **** the ***** ******** ********* ** ********, *** **** ** *** more ****** **** ****** ********** ** "****."

Moderate: ****

**** ******* *** ***** *** **** ** ****** * ******** upon ***** *****. *******, "****" ** ***** ********, *** ***** functions ** * ******* ********, **** ***** **** ** ******* to *** ****** ****** *** ******** ******** ***** ** ********. This ***** ** **** ****** **** **** ***** ****** ***** "pass" ******* *******, *** ** *** ****** ** *****.

Bosch: ********

******** ** *.** ********, ***** ******* ***** ** *** * password, **** **** ***** ********* **** ********** ** *** ******'* web *********. **** **** ** ******** ** *** ** ******* and **** ** ********, ****** ******* ** *********, ***** ***** users ** *** ***.

******** ** ***** ***** ** *** ******** ***** ****, **** a ***** ******* ******** "********." **** **** *** ******** ** this ******* *** * ********** **** *** ******** ********* *** lowercase *******, *******, *** * ******* *********, *** *** ***** only ******** ** "******." ****** ********* ******* ** ********** *** a *** ** ***** *****.

****:***** (*** *********)

************ ******* ** *****/*****, **** ******** ** ******, *** ************* not ** *** ******** ***** ** *******. ** ******** ********, Dahua ******* (*** ****) ******** *** ******** ***** ***** *** be *******, *****  ****** (**** ***** ******) *** ****** (**** ****). *******, ** newer ******** (**/** ****), ***** ******** ** ****** *****, **** admin *** **** ******* ** *******.

***** **** *** **** ***** ** ****** *** ******** ****** the ***** *****, *** ******** ******** ******** ***************, **** *****. However, ********* *** **** ******* ******* *** ********, ** ******* characters, ******* ***** ** ******** ****** ** ****** * ****** password.

************, ***** ******* **** ** ****** ** ****** ***** ** ******** failed ***** ******** *** ****, **** *****. **** ** ******** in ** *******, **** **** *** ****** ** ******** ********. This ** ***** ******** **** ******** ******* ******** ******, ******** intruders ** *** **** *** ******* *********.


******

*** **** ******** ** ************* ***** *** ******* ********* ******* forcing ***** ** ****** **** ** *****, *** **** **** we **** **** ******* ******* ***** ** ******* ****. *** **** common *********** ******* *****/*****.

***** *** **** * *** ******** ** ************ *** *********** in ******** ******** **'** **** ** *** ****** *****. *******, feel **** ** *** ****** ** *** ******** *****.

****

**** ** ***** ******** ***** ******* ******* ********* *********, ****** **% ** ***** **** **** ** ***** ********* *** default ********* ** * ********** **********:

**** **** ** ****, **** ** *** ***** ************* ****** do (** ********) ** **** ** ****** ********* **** ******?

Comments (19)

**************'* * *** * *********, ***** ******* *** ********** ********** lucky ** *******. **'* * ***** ********....

*'** ** **** ** *** *** ****** *** ***'* **** crowd **** ****.

**** ** ** ******** ****, * ***** *** ***** ** Dahua: **** ** ***** *** ************ ** ******* ******** ** login ** *** ** **** ***** **** *** ***** ********:

****'* ********** ****** *** ***** ********* ********* (******** ***'** ******* the ********* **** *******, *** ********* ** *** **** ****), and *** * ****** ******* ** *******.

* ** *** ***** **** *******'* ******* ***** *** *********. I ********** *** ******* ** ******** * ********* ** **** pass **** *** ****** ** ****** * *******, **** ** remember ********** ******** *** ****** ** ******** ** * *******.

* ***** **** **** *** ***** ***** ** ****, ******* users ** ****** * ******** *** ******* *** *** **** own ******* ***** ** **********. ******* ** *** ***** ****** card ******* ** ***** ********* **** ***** **** ** *********. The ***** ***** **** *** ****** ** **** * ****** would ****** **** ****** ********.

*** ****** *** **** ****** ** ****** **** ************ *****, so *** ***** * ****** **** ** **** *** ** and **** ** *** **** **** ?

*** ***** ** ********** ****** ** ** **** **** *** value ** **** *** *** **********.

* ** ***** ** *** ******** **** **** ************ ******* which **** ******* ********* *** * ***** **** *** ******* should ******* * *** ******** **** ******* ***** ** ******* the ******. *** ******* **** ********* ********* * ***** ** difficulty ***** ** *** ********* ** *** ******** ** ******* hacking **** ********. ** *** ***, *** ** ***** ***** a ****** *** ** *** ****** ** ***** **** * simple ******** ** **** ****** ** * ***** ****** ? If *** **** **** ***** ** ** ******** ** **** high ***** ** ********** **** *** ****** ** **** ** implement ** *** ** ****** *** ** ********.

* **** **** ******* ******* *** ***** *** ******** * real **** ***** *** ** ***** ******* **** ********* *******.

** *** **** ****, ******, **** ** ** **** * manufacturer's ***********: ***** *** ***** *** ***** ********* ** *********** ** ******* ** *** ********, *** ******* ********** **** *** ****** **** ****.

** ***** ** **** * ***** ****** **** ** ********* user **** **** *** ** ***** ** * ******* **** and ***** ** **** ** *** ******** (*** ****'* * realistic ********), *****'* **** * ****** ******* **** **** ** and **** **. *** ******* **** ***** ****** *** ** a ** ********* *** * ***** ** *********. ******* ***** to ****** * ******** *** *** ***** * ******* *** can ****** ***** *** **** ******** ** ***** ******, ** most ***'* ** ******* *** ******* ** ******* **. ****'** just *** ********* *** **** **** ****, **** ** ** the **** ******.

**** ** ******* ********** ******* *********, *** ** ****** * complex ***** ******** *********** * *** *****? *** ***** ** users **** ** ****** *** ****** *** **** ********? ** seems **** ** **** ** **'* **********, ** ****** *** be * *******.

*** **** ******* ******'* ********* *** *** "***********!"

** **** *****'* ********, ****, ******** *** ********** *** ******** one *** ********* *** ** **** ********, ***** ** ***** not *** ****.

******* ****** ** ****** ***** *** ******** ** * ****** is ****. ***** *** *** *** **** '****' ******* ** the ******** ******* ****** ******'* ****** ** ****** *** ********.

* **** ******** * ******* ** ** *** ****** ******* they ******'* ** ******** ** ****** *** ******* ********.

*******, ******* ** **** ** ******** ******** ***'* ** ****************, ** **** *********. * ******* **** ***** **** ******** who **** *** *** **** ******** ****** **** **** **** all ***** ********/******* ***. *** ** ****** ** *** ***** of **********!

****,********** ****

****** *** * **-********* ***** ***** ********* *************************.

* *** **** ************ **** ******** ****** ****** **** **** virtually ****** **** ******** ********* ***** ***** *****.

*'* ***** ** ** *** ** * **** *** ******* that ******** ********* ******** ******* ***** ******** ** * ***** deal **** *** ****** ******** **** ********* ******* *** *********** contortions ****** ************ ********** ******** *******.

* ******* ******** ** ***** *** *********** ***** ** ** standardize ** **** ******* **** ** **** ****** ******** ************.

**** ** ***** ***** ********* **** ******** ****** ***** *** available ** ******* *** ***** ** ******* ******* ********. ****, data ****** ************ *** ******** ************ *************, ******** **** ******** within *** ***** ** ****** ******* **** **** **** ***'* care ** ***** **** **** ******.

*** ****, * **** **** ************ ***** **** ** ****** room ** **** * ********* *** ****** ********. sentence ***** ** * ****** ********)

********* *** **************** ******** **** ****** **** ********* ** * *********** ****** could **** ** * ********** ** *** *******. **** ************ cameras *** *** ******** **** * ********'* **** ********. * agree; *** ***** ** ********** ****** ** ** **** **** the ***** ** **** *** *** **********.

** * ******** *** ******* ****, **** ******* ******** ***** the ****** ** ********** ******* ** * ********. ** ***** in ********* **** **********, ****** ********* *** ** **** ****** ********** ***** ***** being ******. ******* ***** ***** *** ****** **** ******* ** data *** ******* ******* ** ******** ********** **** *********; ***** anyone ******* ******* ******** ********** *** ******** ****** ************?

*'* *** **** ***** ***** *** *********, *** ***** ** known *** ****** * ******** ******** ** *** *** *** a ****** ******** * ******* **** ****** ** *******. * was **** ** ***** ***** ****:***** *** ****** *** ****** as **** *** *** **** ******* * ****.

* ******* **** *** ****** ****** ***** ** ******* ** be ******** ******** *** **** ******* * *** ** ****** through * ****** ******* **** *** ******. **** ****** **** be ** * **** ******** **** *** **** ** *** network. ** ***** ** **** ** *** ******** ******* **** also *******.

** * ******** ****, *** ****** ***** ******* ******** ******* one ** ****** *** ********* *** *****. ** ***** ********/******, this *** *** ******** *** *** ******** ** *** ******* could ****** *** ***** ***** *****.

**

****** **** * ******** ******* ** *** ***** ** ******** Cameras (** ********** ** *** *****/**** ***). **** *** *** dealing **** *** ******* *** ** *** ** ***** *** 200 ********* ******* ********* *** ***** ****? *** *** **** finda *** ** ****** ***** *** *********... *** **** ********.

* ******* **** ******** ***** ****** **** *** ******* ******. That ** *** ** **** ***** ** ********** *** **** seems ** ** *** *** *** ** **** **** *** Device ********** / ****** ******** *********** ************.

*, * ***** * *** ********** ** **** **** -*** ** *** ****** ******** ********** ** *** *******?

******: ***** *** **** ***** (*** *****'* ***** ****) ** change ******** ** ***** *****, *** ***** ******** ******** ***************.

****'** **** ******* *** ****** *** ****** ******** ******** **** cameras.

**'** ********* **** ** ******** *******, *** ***'* **** * new *** ** ***** ****. **'** ****** ** ** **.

****** *** *** ******. * *****'* **** **** ** *** IP ******* *** * **** **** *** ******** ******* ** the *** ****. ** ***** ** ** ****** *** ******** and * ******* * ***** **** * ******** ****** **** 6 **********. *** * *** * ******** **** ***** *****, but * ******* **** ***** * **** *** **** ** not ** **** ** ** *** ** ******* ***** ***** it **** ****** ** *** *********.

**** *** ****** ** *** ***** ******** ***** ** *******? I **** **** * ***** ****** *** ********* ** *** cameras, *** **** ****** *** ***** ******* ** ********** ***** settings ******* * ******** ** ***** ***** *****.

* ****'* ***** *** ***** ********. *'** ***** ** *** tomorrow. * ** ****** ****** * ******** *** ***** ************** I ***'* ****** ***** *****, *** * ****'* *** ** out.

***, * ******* **** *** **** ** ***** *** *****. I *******, *** **** ** *****. **** *** ***** * changed *** ********* ** *** ****** *** ** ****'* ****** the ***** ********. ** *** ***** *****/***** **** ************** ****** on (** ******** ****** ***). * ***** ** ****** *** password **** ***** *******, *** **** ****'* **** ***** ** why *'* ****** ***** ******** ********* **** *****.

**** ** ** ****** ** ***** *** ***** ********. ** the ****** ***** ******** (*** **** *** ***** **** ** other ********) *** *** ******* ** ****** *** ***** ********. However, ***** ************** **** ** ** *** *** ***'* ****** the ******** **** *** *** *******. *** **** ****** *** Onvif ***** ******** ***** ***** ****** *******.

** ******** ** ****, ****** *** ***** ******* **** ***** firmware **** *** ** ********* ** *** ******** *******. *** the **** ** ******* *** **** ****/*****. *** ******* ***** the ****/***** **** ** ******* *** **** **** ** *** of *****. ***** *** ******** ******, ** ***** ****** *** 8's *** *'* ******** *** **** ***** ** ***** ****** Manager *** ****** *** *** *********. ** **** *****/***** ***** backdoor.

** **** *****/***** ***** ********.

**** ****, ****!

*** *. **** *** * ****. ;)

******: ** ***** * ******* ** *****, *** ******** ******** no ******** ** *******. ** *** *********, **** ****** *** user ** ****** * ********, *** ***'* ******* * ****** one.

**** **** ****** ** *** *** ****** ** *******, ***** used ** ** **, *** **** ** ******** ********, ******.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Remote Video Monitoring Providers Directory on May 21, 2017
Remote video monitoring can help integrators generate RMR plus end users lower their security costs and/or improve response to critical...
Axis Criticizes OEMs: "When You Buy An Axis Camera, An Axis Camera Is What You Get!" on May 19, 2017
When you buy a Honeywell camera, you likely get a Hikvision, Dahua or some other company's product. The same goes for easily 100 different...
Hackable 125kHz Access Control Migration Guide on May 19, 2017
Despite being one of the most popular credentials, 125 kHz credentials are easily copied and insecure as we showed in our test results, video...
Cisco: Hikvision Hired Us on May 16, 2017
The day after Hikvision's backdoor was confirmed by the US Department of Homeland Security, Hikvision issued a press release about a...
Hikvision Blaming Backdoor On Others, Cannot Hide From DHS on May 11, 2017
Numerous Hikvision employees are blaming their backdoor on others but Hikvision cannot hide from the US Department of Homeland Security. Blaming...
Hikvision Backdoor Confirmed on May 08, 2017
The US Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued an advisory for...
Hack Your Access Control With This $30 HID 125kHz Card Copier on May 01, 2017
You might have heard the stories or seen the YouTube videos of random people hacking electronic access control systems. The tools that claim to do...
Last Day - IP Networking Course May 2017 on Apr 26, 2017
Today is the last day to register for the May IP Networking Course. This is the only networking course designed specifically for video...
Chinese 'Attacking Us From Every Direction', Says US FBI on Apr 25, 2017
"Chinese eating our lunch. Attacking us from every direction" said the US FBI's Deputy Director Andrew McCabe at the ASIS 2017 CSO Summit. .@FBI...
Hikvision OEM Directory on Apr 17, 2017
Hikvision OEMs for dozens of companies around the world. The following directory includes 50+ companies that OEM some products from Hikvision, with...

Most Recent Industry Reports

Axis Criticizes OEMs: "When You Buy An Axis Camera, An Axis Camera Is What You Get!" on May 19, 2017
When you buy a Honeywell camera, you likely get a Hikvision, Dahua or some other company's product. The same goes for easily 100 different...
Hackable 125kHz Access Control Migration Guide on May 19, 2017
Despite being one of the most popular credentials, 125 kHz credentials are easily copied and insecure as we showed in our test results, video...
Forget The Backdoor, "ALL HIKVISION PRODUCTS" On Sale on May 18, 2017
Less than 2 weeks after the Hikvision Backdoor was confirmed, Hikvision has launched a sale "ON ALL HIKVISION PRODUCTS". In this note, we examine...
Amazon Techs Installing IP Cameras Tested on May 18, 2017
In 2015, Amazon started offering video surveillance installation. Now, Amazon has made it a lot easier, with automatic add-on options and...
Hanwha Recorder Vulnerability Analyzed on May 18, 2017
ICS-CERT has released a vulnerability notice for Hanwha SRN-4000 recorders.  Hanwha provided additional information to IPVM about this issue,...
ShotSpotter To IPO, Facing Low Revenue and Losses on May 17, 2017
A rare event for North American security manufacturers is upcoming. ShotSpotter is planning to IPO on the NASDAQ, aiming to raise $34.5...
DMP Video Doorbell / Access Reader Examined on May 17, 2017
Consumers increasingly demand video doorbells, with "doorbells selling like hotcakes, everyone wants a doorbell", according to ADT's CEO. At ISC...
FLIR Is Giving Away $3,000 Demo Kits on May 17, 2017
Everybody likes free stuff, and FLIR is using that concept to attract dealers by giving them $3,000 worth of demo gear for attending a...
Shark Tank Startup Guard Llama Mobile Panic Tested on May 16, 2017
A Shark Tank TV show appearance has attracted big attention for Guard Llama, a security startup touting a 'panic button' paired with mobile app...
Axis Beats Avigilon Growth Rate (AVO Q1 2017) on May 16, 2017
In what is likely the first time ever, Axis beat Avigilon's revenue growth for Q1 2017. Inside this note, we examine Avigilon's Q1 2017 financial...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact