Hacked Hikvision IP Camera Map USA And Europe

Author: Brian Karas, Published on Jan 22, 2018

The interactive map below shows a sample of hacked and vulnerable Hikvision IP cameras across the USA and Europe. Hover over a marker to see an image from that camera:

[Note: this report and map was originally published on Dec 18th for the USA only. We have now updated it to include / display European cameras.]

This map helps visually demonstrate how wide the practical impact and risk of easy to exploit vulnerabilities. The devices mapped above all suffer from the Hikvision IP Camera backdoor, demonstrated in the video below:

Hikvision cameras vulnerable to the backdoor exploit are accessible across the US. Many of these cameras have already been exploited, altered to show "HACKED" in place of the camera name as one example:

Additional Details

There are ~3,400 yellow markers for vulnerable cameras, and ~700 red markers for "HACKED" cameras (note in some cases, the OSD text is disabled, so while the camera name has been altered, it may not be shown in the image).

The average firmware found on the vulnerable cameras had a build date over 2 years old, showing that many users do not update firmware once a device is setup.

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

Methodology To Create Map

This is how IPVM built the interactive map. Device IPs were exported from Shodan, the result of a search for Hikvision cameras globally. Each device was evaluated against 3 key criteria:

  • Was it located in the US or Europe, based on results of an IP Geo Lookup
  • Was it a Hikvision device, - Hikvision OEM's were excluded
  • Did the camera have its name changed to some variation of "HACKED"

If the above criteria were met, a snapshot image using a public URL (/onvif-http/snapshot?auth=YWRtaW46MTEK) was taken and logged, along with latitude/longitude coordinates provided by the IP geo lookup. These scans were done throughout December 2017, though some devices had inaccurate time stamps that may indicate other dates.

IP address geolocation services typically do not provide precise locations, so camera locations shown will be accurate to a general area but not the exact location.

The geolocation data was used to plot points, using Google Maps, with the snapshots associated with each camera/location to be displayed when hovering over the point.

Europe GDPR Concerns

The EU General Data Protection Regulation (GDPR), set to go in effect May 25, 2018, specifies potential fines for companies that expose data that can directly or indirectly identify a citizen of the EU without their consent. By shipping cameras with a hard-coded backdoor, Hikvision exposes EU citizens to such data disclosures without consent. Though Hikvision argues they patched the backdoor once they were made aware of it, they still shipped millions of cameras with this vulnerability, of which numerous are installed across Europe. Many owners of these cameras are unaware of this backdoor which exposes their cameras.

OEMs Add more

This map shows only Hikvision-branded cameras, if OEMs are included (see 80+ Hikvision OEM Directory), the map would have 5,000+ points in the US alone, and many more in Europe.

Only Data From Shodan

Additionally, while Shodan has a large number of Hikvision devices in its database, Shodan does not represent all of the internet-accessible Hikvision devices. Devices are added (or removed) daily, IP addresses may have changed, or units may have been temporarily offline during scans. While it is impossible to estimate what percentage of accessible Hikvision devices are in Shodan's database, we can guarantee there are more vulnerable/hacked devices than just those shown on the map.

Excludes Bricked / Hacked Offline Cameras

Many Hikvision IP cameras have been reported as being brought offline, either to update firmware and resolve the vulnerability or to remove remote connectivity to them when users realize the risks of placing vulnerable cameras on the internet.

These cameras, by definition, are excluded, since they can no longer be reached.

Only Shows People Who Have Not Fixed

The number of Hikvision cameras that have been hacked in some way are certainly far greater, since this map only shows IP cameras that have not been fixed by December 2017. The reports of hacking peaked in October and November (following the September disclosure here), giving users a month, or more, to notice and resolve these issues.

Reports of Hikvision cameras having 'HACKED' text, or exhibiting other symptoms of hacking have been circulating for the past few months, e.g.:

IPVM discussion of Hikvision cameras resetting:

An ipcamtalk thread from a user experiencing their Hikvision camera being hacked:

Other ipcamtalk threads from users experiencing cameras being factory reset via the backdoor exploit: 1, 2, 3.

Improving Cybersecurity Lessons

Users should consider the following lessons:

Comments (67): PRO Members only. Login. or Join.

Related Reports on Hacking

Chinese Government Hikvision Surveillance System On US Government Network on Jan 18, 2018
Hikvision, the Chinese government-owned manufacturer, has publicly claimed that their products are running on a US government network. Moreover,...
Hikvision Removed From US Army Base, Congressional Hearing Called on Jan 12, 2018
Hikvision has been removed from a US Army Base and a US congressional committee is planning a hearing on cybersecurity risks and specifically,...
Hikvision Declares 'Never Click On Links In Emails' on Jan 09, 2018
Hikvision is stepping up its cybersecurity efforts with a clear recommendation - to never click on links in emails: It is a surprising change...
Broken Hikvision App Exposes Hypocrisy on Dec 06, 2017
While Hikvision talks about a commitment to cybersecurity, their broken app and their insecure 'solution' exposes not only their engineering...
Hikvision UPnP Hacking Risk on Dec 04, 2017
Hikvision IP cameras are being hacked even for end users who had not set up port forwarding and believed their cameras were 'safe' behind...
Dahua Forbes 'Next Web Crisis' Vulnerability Dispute on Nov 16, 2017
The buffer overflow vulnerability in Dahua products is not in dispute, in fact we covered it when it was first published. What is in dispute is...
Vivotek Remote Stack Overflow Vulnerability on Nov 14, 2017
A stack overflow vulnerability in Vivotek cameras has been discovered by bashis, the security researcher who has also found vulnerabilities in...
WSJ Investigates Hikvision on Nov 13, 2017
The Wall Street Journal (WSJ) has released a detailed investigation into Hikvision's government ownership and cybersecurity problems, hitting the...
Hikvision Admits Backdoor 'PR Issue' on Oct 24, 2017
Hikvision is admitting a problem. The backdoor itself is evidently not the problem for them. The problem, according to Hikvision, is a public...

Most Recent Industry Reports

Hacked Hikvision IP Camera Map USA And Europe on Jan 22, 2018
The interactive map below shows a sample of hacked and vulnerable Hikvision IP cameras across the USA and Europe. Hover over a marker to see an...
Hanwha Wave VMS Tested on Jan 22, 2018
Hanwha has released their first open platform VMS, Wisenet Wave, an Network Optix OEM (see test results) enhanced with integrations and...
Resolution Usage Statistics 2018 - Moving Up From 1080p on Jan 22, 2018
In 2016, IPVM statistics showed the most common camera resolution used was 1080p, rising from 2014's 720p. Now, new IPVM statistics of 200+...
PoE Powered Access Control Tutorial on Jan 19, 2018
Powering access control with Power over Ethernet is becoming increasingly common.  However, access requires more power than cameras, and the...
If You Have 4 Cameras, You Can Throw Them Away, If You Have 400, They Throw You Away on Jan 19, 2018
Do users care about anything but price? Do user care about cybersecurity? Do users care about trusting their supplier? These have become...
Chinese Government Hikvision Surveillance System On US Government Network on Jan 18, 2018
Hikvision, the Chinese government-owned manufacturer, has publicly claimed that their products are running on a US government network. Moreover,...
Winter 2018 Camera Course on Jan 18, 2018
Learn video surveillance and get certified. Register now. Save $50 on the course, ending this Thursday the 18th, plus get access to 2 class times...
VSaaS Usage Statistics 2018 on Jan 18, 2018
VSaaS has been a 'next big thing' for more than a decade. The prospect of managing, storing and streaming video from the cloud rather than...
Vivint Streety Video Strengthens Door Knocking on Jan 17, 2018
Vivint is famous (or infamous depending on your perspective) for mastering large scale door to door selling. The company has skyrocketed from a...
Axis: "It’s A Question Of Trust And Who You Want To Be Associated With" on Jan 17, 2018
Who do you trust? Who do you want to be associated with? Axis is raising hard questions to start 2018. In this note, we examine these questions,...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact