How To Hack Your Company's Hikvision Recorder

By: IPVM Team, Published on May 29, 2017

Here's how easy it is to hack your company's Hikvision recorder:

  • It does not matter how hard or secret the admin password is.
  • Hikvision will happily help you.
  • Hikvision will let anyone do it with no verification.
  • You cannot disable this 'feature'.
  • You do not need to even physically get to the recorder.

In this note, we share our test result findings and examines the benefits and risks of this approach.

Executive Summary

Hikvision sends a reset code to override the password and access the recorder by simply sending them the recorder's serial number. Then anyone with physical access to the recorder (e.g., at a company) can hack into the recorder, regardless of how strong the password is.

Demonstrated

We simply followed Hikvision's own instructional video.

[UPDATE: Hikvision has removed the instructional video but not fixed the problem.]

One simply fills out a form on the password reset page and Hikvision emails the secure code.

Remote Password Reset Using SADP

Using the Hikvision SADP software, scan the local network for Hikvision recorders:

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

Using the export function after clicking "Forgot Password", create the XML file.

In the password reset form input the information required including the XML file generated from the "export" button.

A confirmation E-mail is sent to let you know that a ticket is open.

~10 minutes later another e-mail is sent containing the reset code.

After selecting "input key" just type in (or copy/paste) the code Hikvision provided and choose your new password.

You will have just performed a successful password reset completely over LAN.

Test Results

We tested this a number of times and had no problems. We submitted under fake names, including a request 'from' Hikvision's Chairman and Communist Party Secretary Chen Zongnian.

We even requested the same serial number under different fake names and received the secure code promptly. We received responses within a half hour electronically as well as getting a code over the phone in a few minutes. Below is an example of one response:

No Verification Required

Hikvision makes no attempt at verifying or determining if the user is authorized, the actual buyer, etc.

No Disabling

The 'feature' cannot be disabled, so users who view this as a security risk or want to harden the device have no option.

Upside

The clear upside is that it is easy for anyone locked out to get access to their Hikvision recorder. This minimizes delays or problems in accessing a recorder.

Downside

The downside is that anyone who can physically access the recorder can easily get admin access / control of the recorder.

Vote - Verify Requests

Vote - Option To Disable

7 reports cite this report:

IFSEC 2019 Show Report on Jun 19, 2019
The UK's largest trade show, IFSEC, is underway and IPVM has been examining what is new and happening at the show. Inside, we cover: Huawei...
Hikvision Security Code Cracked on Aug 08, 2017
Hikvision's 'security code' feature has been cracked and a program generating security codes is being distributed online. IPVM has obtained and...
Hikvision USA Head of Cybersecurity Exits on Jul 18, 2017
Hikvision USA's Head of Cybersecurity has exited the company. In this note, we review the move, share Hikvision's feedback and examine the...
QSR Video Surveillance Best Practices on Jun 21, 2017
Fast food restaurants or QSRs (quick service restaurants), are frequent victims of crime and fraud. Because they are open late, deal with cash, and...
Hikvision: IPVM Is "Destined To Fail" on Jun 14, 2017
Hikvision has accused IPVM of 'cyberbullying' them, declaring IPVM 'destined to fail.' This is the 3rd anti-IPVM Hikvision post in 2 weeks,...
Morten Tor Nielsen Defends Hikvision on Jun 12, 2017
Morten Tor Nielsen [link no longer available], veteran software developer for Prescienta working for OnSSI, has posted "In Defence of Hikvision"....
Gas Station Surveillance Best Practices on Jun 07, 2017
Gas stations are a frequent crime target. They tend to be open late at night, do a large volume of their business in cash, and have few employees,...
Comments (33) : PRO Members only. Login. or Join.

Related Reports on Hacking

Last Chance - Register Now - October 2019 IP Networking Course on Oct 10, 2019
Last Chance - Register Now - Fall 2019 IP Networking Course. The course starts next week. This is the only networking course designed...
Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More on Aug 26, 2019
Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered...
Dahua Wiretapping Vulnerability on Aug 02, 2019
IPVM has validated, with testing, and from Dahua, that many Dahua cameras have a wiretapping vulnerability. Even if the camera's audio has been...
LifeSafety Power NetLink Vulnerabilities And Problematic Response on May 20, 2019
'Power supplies' are not devices that many think about when considering vulnerabilities but as more and more devices go 'online', the risks for...
Locking Down Network Connections Guide on Apr 23, 2019
Accidents and inside attacks are risks when network connections are not locked down. Security and video surveillance systems should be protected...
Silicon Valley Cybersecurity Insurance Startup Coalition Profile on Mar 20, 2019
Many industry people believe cybersecurity insurance is not worth it, as the voting and debate in our Cybersecurity Insurance For Security...
Hikvision Favorability Results 2019 on Mar 18, 2019
Hikvision favorability results declined significantly in IPVM's 2019 study of 200+ integrators. While in 2017 Hikvision's favorability was...
Bosch VDOO 2018 Vulnerability on Dec 20, 2018
Security research firm VDOO has discovered a critical vulnerability in Bosch IP cameras. Inside, we cover the available details of this new...
Genetec UL Cybersecurity Certificate (2900-2-3) Examined on Dec 19, 2018
Proving a company is cybersecure has become a major concern for security companies. But how trustworthy are these certificates? Earlier in 2018, a...
No GDPR Penalties For UK Swann 'Spying Hack' on Nov 20, 2018
The UK’s data protection agency has closed its investigation into Infinova-owned Swann Security UK, the ICO confirmed to IPVM, deciding to take “no...

Most Recent Industry Reports

Resideo Stock Plunges 40%, CFO Ousted on Oct 23, 2019
The horrible year for the ADI / Honeywell Home spinout, Resideo, just got worse, with their stock plunging another 40% today. Not even a year...
Access Control Door Controllers Guide on Oct 22, 2019
Door controllers are at the center of physical access control systems connecting software, readers, and locks. Despite being buried inside...
Alarm.com Acquires OpenEye on Oct 21, 2019
Alarm.com is targeting commercial expansion and now they have a commercial cloud VMS with the acquisition of OpenEye. In this note, based on...
Government-Owned Hikvision Wants To Keep Politics Out Of Security on Oct 21, 2019
'Politics' made Hikvision the goliath it is today. It was PRC China 'politics' that created Hikvision, funded it, and blocked its foreign...
Integrated IR Camera Usage Statistics 2019 on Oct 21, 2019
Virtually every IP camera now comes with integrated IR but how many actually make use of IR or choose 'super' low light cameras without IR? In...
Alarm Veteran "Demands A Criminal Investigation" Of UL on Oct 18, 2019
The Interceptor's Project pressure against UL continues to rise. Following Keith Jentoft's allegation that "UL Has Blood On Their Hands", Jentoft...
Camect "Worlds Smartest Camera Hub" Tested on Oct 18, 2019
Camect is a Silicon Valley startup that claims the "Smartest AI Object Detection On The Market", detecting not only people and vehicles, but...
Hikvision Global News Reports Directory on Oct 17, 2019
Hikvision has received the most global news reporting of any video surveillance company, ever, ranging from the WSJ, the Financial Times, Reuters,...
Camera Calculator V3.1 Release Improves User Experience on Oct 17, 2019
IPVM has released a new version of our Camera Calculator, V3.1, with significant user experience improvements, a new development plan, and an...