Hacked Hikvision IP Camera Map USA And Europe

By IPVM Team, Published on Jan 22, 2018

The interactive map below shows a sample of hacked and vulnerable Hikvision IP cameras across the USA and Europe. Hover over a marker to see an image from that camera:

[Note: this report and map was originally published on Dec 18th for the USA only. We have now updated it to include / display European cameras.]

This map helps visually demonstrate how wide the practical impact and risk of easy to exploit vulnerabilities. The devices mapped above all suffer from the Hikvision IP Camera backdoor, demonstrated in the video below:

Hikvision cameras vulnerable to the backdoor exploit are accessible across the US. Many of these cameras have already been exploited, altered to show "HACKED" in place of the camera name as one example:

Additional Details

There are ~3,400 yellow markers for vulnerable cameras, and ~700 red markers for "HACKED" cameras (note in some cases, the OSD text is disabled, so while the camera name has been altered, it may not be shown in the image).

The average firmware found on the vulnerable cameras had a build date over 2 years old, showing that many users do not update firmware once a device is setup.

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

Methodology To Create Map

This is how IPVM built the interactive map. Device IPs were exported from Shodan, the result of a search for Hikvision cameras globally. Each device was evaluated against 3 key criteria:

  • Was it located in the US or Europe, based on results of an IP Geo Lookup
  • Was it a Hikvision device, - Hikvision OEM's were excluded
  • Did the camera have its name changed to some variation of "HACKED"

If the above criteria were met, a snapshot image using a public URL (/onvif-http/snapshot?auth=YWRtaW46MTEK) was taken and logged, along with latitude/longitude coordinates provided by the IP geo lookup. These scans were done throughout December 2017, though some devices had inaccurate time stamps that may indicate other dates.

IP address geolocation services typically do not provide precise locations, so camera locations shown will be accurate to a general area but not the exact location. 

The geolocation data was used to plot points, using Google Maps, with the snapshots associated with each camera/location to be displayed when hovering over the point.

Europe GDPR Concerns

The EU General Data Protection Regulation (GDPR) [link no longer available], set to go in effect May 25, 2018, specifies potential fines for companies that expose data that can directly or indirectly identify a citizen of the EU without their consent. By shipping cameras with a hard-coded backdoor, Hikvision exposes EU citizens to such data disclosures without consent. Though Hikvision argues they patched the backdoor once they were made aware of it, they still shipped millions of cameras with this vulnerability, of which numerous are installed across Europe. Many owners of these cameras are unaware of this backdoor which exposes their cameras.

OEMs Add more

This map shows only Hikvision-branded cameras, if OEMs are included (see 80+ Hikvision OEM Directory), the map would have 5,000+ points in the US alone, and many more in Europe.

Only Data From Shodan

Additionally, while Shodan has a large number of Hikvision devices in its database, Shodan does not represent all of the internet-accessible Hikvision devices. Devices are added (or removed) daily, IP addresses may have changed, or units may have been temporarily offline during scans. While it is impossible to estimate what percentage of accessible Hikvision devices are in Shodan's database, we can guarantee there are more vulnerable/hacked devices than just those shown on the map.

Excludes Bricked / Hacked Offline Cameras

Many Hikvision IP cameras have been reported as being brought offline, either to update firmware and resolve the vulnerability or to remove remote connectivity to them when users realize the risks of placing vulnerable cameras on the internet.

These cameras, by definition, are excluded, since they can no longer be reached.

Only Shows People Who Have Not Fixed

The number of Hikvision cameras that have been hacked in some way are certainly far greater, since this map only shows IP cameras that have not been fixed by December 2017. The reports of hacking peaked in October and November (following the September disclosure here), giving users a month, or more, to notice and resolve these issues.

Reports of Hikvision cameras having 'HACKED' text, or exhibiting other symptoms of hacking have been circulating for the past few months, e.g.:

IPVM discussion of Hikvision cameras resetting:

An ipcamtalk thread from a user experiencing their Hikvision camera being hacked:

Other ipcamtalk threads from users experiencing cameras being factory reset via the backdoor exploit: 123.

Improving Cybersecurity Lessons

Users should consider the following lessons:

6 reports cite this report:

Hikvision Global News Reports Directory on Aug 13, 2020
Hikvision has received the most global news reporting of any video...
Remote Network Access for Video Surveillance Guide on Jul 27, 2020
Remotely accessing surveillance systems is key in 2020, with more and more...
Hikvision Scrutinized In The Netherlands on Aug 15, 2019
Hikvision is facing unprecedented scrutiny in the Netherlands, at the same...
Chinese Government Blocks IPVM on Oct 22, 2018
IPVM has been blocked by the Chinese government without any notice or...
"New Zealand Govt Uses Chinese Cameras Banned In US", Considers Security Audit on Oct 12, 2018
Newsroom NZ has issued a report: "NZ Govt uses Chinese cameras banned in...
Hikvision HQ Contradicts Cybersecurity Director on Mar 07, 2018
Hikvision HQ has contradicted Hikvision USA's Director of Cybersecurity,...
Comments (73) : Members only. Login. or Join.

Related Reports

Augmented Reality (AR) Cameras From Hikvision and Dahua Examined on Oct 19, 2020
Hikvision, Dahua, and other China companies are marketing augmented reality...
Verkada Access Control Tested on Sep 09, 2020
Verkada raised $80 million earlier in 2020, expanding from video into access...
Ubiquiti Access Control Tested on Oct 21, 2020
Ubiquiti has become one of the most widely used wireless and switch providers...
Uniview Deep Learning Camera Tested on Jul 14, 2020
Uniview's intrusion analytics have performed poorly in our shootouts. Now,...
Remote Network Access for Video Surveillance Guide on Jul 27, 2020
Remotely accessing surveillance systems is key in 2020, with more and more...
OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
Dangerous Hikvision Fever Screening Marketing In Africa on Sep 15, 2020
A multi-national African Hikvision distributor is marketing dangerously...
Face Detection Shootout - Dahua, Hanwha, Hikvision, Uniview, Vivotek on Jul 30, 2020
Face detection analytics are available from a number of manufactures...
Hanwha AI Analytics Camera Tested on Aug 11, 2020
Hanwha has released their Wisenet P AI camera, adding person and vehicle...
Ava / Vaion Releases Cloud Connected IP Cameras, Verkada Competitor on Oct 01, 2020
Ava (formerly Vaion) announced its new direct-to-cloud AVA Aware IP cameras...
Avigilon Aggressive Trade-In Program Takes Aim At Competitors on Oct 20, 2020
Avigilon has launched one of the most aggressive trade-in programs the video...
Risks Of Managing End User Passwords (Statistics) 2020 on Sep 11, 2020
Alarmingly, most integrators used spreadsheets to manage passwords, IPVM...
IPVM Editorial Staff on Aug 01, 2020
IPVM has the largest and most experienced editorial team covering video...
Virtual ISC West and GSX+ Exhibiting Contrasted on Sep 17, 2020
Both ISC West and ASIS GSX are going virtual this year, just weeks apart, but...
Top Video Surveillance Service Call Problems 2020 on Oct 23, 2020
3 primary and 4 secondary issues stood out as causing the most problems when...

Recent Reports

Bedside Cough and Sneeze Detector (Sound Intelligence and CLB) on Oct 28, 2020
Coronavirus has increased interest in detecting symptoms such as fever and...
Fever Tablet Thermal Sensors Examined (Melexis) on Oct 28, 2020
Fever tablet suppliers heavily rely on the accuracy and specs of...
Verkada Fires 3 on Oct 28, 2020
Verkada has fired three employees over an incident where female colleagues...
Recruiters Online Show LIVE Thursday! on Oct 27, 2020
IPVM's 7th online show resumes Thursday with 12 recruiters presenting...
Eagle Eye Networks Raises $40 Million on Oct 27, 2020
Eagle Eye has raised $40 million aiming to "reinvent video...
Hikvision Q3 2020 Global Revenue Rises, US Revenue Falls on Oct 27, 2020
While Hikvision's global revenue rises driven by domestic recovery, its US...
VICE Investigates Verkada's Harassing "RawVerkadawgz" on Oct 26, 2020
This month, IPVM investigated Verkada's sexism, discrimination, and cultural...
Six Flags' FDA Violating Outdoor Dahua Fever Cameras on Oct 26, 2020
As Six Flags scrambled to reopen parks amid plummeting revenues caused by the...
ISC Brasil Digital Experience 2020 Report on Oct 23, 2020
ISC Brasil 2020 rebranded itself to ISC Digital Experience and, like its...
Top Video Surveillance Service Call Problems 2020 on Oct 23, 2020
3 primary and 4 secondary issues stood out as causing the most problems when...
GDPR Impact On Temperature / Fever Screening Explained on Oct 22, 2020
What impact does GDPR have on temperature screening? Do you risk a GDPR fine...
Security And Safety Things (S&ST) Tested on Oct 22, 2020
S&ST, a Bosch spinout, is spending tens of millions of dollars aiming to...
Nokia Fever Screening Claims To "Advance Fight Against COVID-19" on Oct 22, 2020
First IBM, then briefly Clorox, and now Nokia becomes the latest Fortune 500...
Deceptive Meridian Temperature Tablets Endanger Public Safety on Oct 21, 2020
IPVM's testing of and investigation into Meridian Kiosk's temperature...
Honeywell 30 Series and Vivotek NVRs Tested on Oct 21, 2020
The NDAA ban has driven many users to look for low-cost NVRs not made by...