Hacked Hikvision IP Camera Map USA And Europe

Author: IPVM Team, Published on Jan 22, 2018

The interactive map below shows a sample of hacked and vulnerable Hikvision IP cameras across the USA and Europe. Hover over a marker to see an image from that camera:

[Note: this report and map was originally published on Dec 18th for the USA only. We have now updated it to include / display European cameras.]

This map helps visually demonstrate how wide the practical impact and risk of easy to exploit vulnerabilities. The devices mapped above all suffer from the Hikvision IP Camera backdoor, demonstrated in the video below:

Hikvision cameras vulnerable to the backdoor exploit are accessible across the US. Many of these cameras have already been exploited, altered to show "HACKED" in place of the camera name as one example:

Additional Details

There are ~3,400 yellow markers for vulnerable cameras, and ~700 red markers for "HACKED" cameras (note in some cases, the OSD text is disabled, so while the camera name has been altered, it may not be shown in the image).

The average firmware found on the vulnerable cameras had a build date over 2 years old, showing that many users do not update firmware once a device is setup.

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

Methodology To Create Map

This is how IPVM built the interactive map. Device IPs were exported from Shodan, the result of a search for Hikvision cameras globally. Each device was evaluated against 3 key criteria:

  • Was it located in the US or Europe, based on results of an IP Geo Lookup
  • Was it a Hikvision device, - Hikvision OEM's were excluded
  • Did the camera have its name changed to some variation of "HACKED"

If the above criteria were met, a snapshot image using a public URL (/onvif-http/snapshot?auth=YWRtaW46MTEK) was taken and logged, along with latitude/longitude coordinates provided by the IP geo lookup. These scans were done throughout December 2017, though some devices had inaccurate time stamps that may indicate other dates.

IP address geolocation services typically do not provide precise locations, so camera locations shown will be accurate to a general area but not the exact location.

The geolocation data was used to plot points, using Google Maps, with the snapshots associated with each camera/location to be displayed when hovering over the point.

Europe GDPR Concerns

The EU General Data Protection Regulation (GDPR), set to go in effect May 25, 2018, specifies potential fines for companies that expose data that can directly or indirectly identify a citizen of the EU without their consent. By shipping cameras with a hard-coded backdoor, Hikvision exposes EU citizens to such data disclosures without consent. Though Hikvision argues they patched the backdoor once they were made aware of it, they still shipped millions of cameras with this vulnerability, of which numerous are installed across Europe. Many owners of these cameras are unaware of this backdoor which exposes their cameras.

OEMs Add more

This map shows only Hikvision-branded cameras, if OEMs are included (see 80+ Hikvision OEM Directory), the map would have 5,000+ points in the US alone, and many more in Europe.

Only Data From Shodan

Additionally, while Shodan has a large number of Hikvision devices in its database, Shodan does not represent all of the internet-accessible Hikvision devices. Devices are added (or removed) daily, IP addresses may have changed, or units may have been temporarily offline during scans. While it is impossible to estimate what percentage of accessible Hikvision devices are in Shodan's database, we can guarantee there are more vulnerable/hacked devices than just those shown on the map.

Excludes Bricked / Hacked Offline Cameras

Many Hikvision IP cameras have been reported as being brought offline, either to update firmware and resolve the vulnerability or to remove remote connectivity to them when users realize the risks of placing vulnerable cameras on the internet.

These cameras, by definition, are excluded, since they can no longer be reached.

Only Shows People Who Have Not Fixed

The number of Hikvision cameras that have been hacked in some way are certainly far greater, since this map only shows IP cameras that have not been fixed by December 2017. The reports of hacking peaked in October and November (following the September disclosure here), giving users a month, or more, to notice and resolve these issues.

Reports of Hikvision cameras having 'HACKED' text, or exhibiting other symptoms of hacking have been circulating for the past few months, e.g.:

IPVM discussion of Hikvision cameras resetting:

An ipcamtalk thread from a user experiencing their Hikvision camera being hacked:

Other ipcamtalk threads from users experiencing cameras being factory reset via the backdoor exploit: 1, 2, 3.

Improving Cybersecurity Lessons

Users should consider the following lessons:

4 reports cite this report:

Chinese Government Blocks IPVM on Oct 22, 2018
IPVM has been blocked by the Chinese government without any notice or explanation. This means IPVM.com is no longer officially accessible anywhere...
"New Zealand Govt Uses Chinese Cameras Banned In US", Considers Security Audit on Oct 12, 2018
Newsroom NZ has issued a report: "NZ Govt uses Chinese cameras banned in US": This comes after the US federal government banned purchases of...
Hikvision HQ Contradicts Cybersecurity Director on Mar 07, 2018
Hikvision HQ has contradicted Hikvision USA's Director of Cybersecurity, Chuck Davis. Davis - Don't Put Cameras On The Internet Davis made a...
Remote Network Access for Video Surveillance Guide on Feb 21, 2018
Remotely accessing surveillance systems is key in 2019, with more and more users relying on mobile apps as their main way of operating the system....
Comments (73) : PRO Members only. Login. or Join.

Related Reports on Hacking

Spring 2019 IP Networking Course on Jan 10, 2019
You can register for the Spring 2019 IP Networking course here. This is the only networking course designed specifically for video surveillance...
Bosch VDOO 2018 Vulnerability on Dec 20, 2018
Security research firm VDOO has discovered a critical vulnerability in Bosch IP cameras. Inside, we cover the available details of this new...
Genetec UL Cybersecurity Certificate (2900-2-3) Examined on Dec 19, 2018
Proving a company is cybersecure has become a major concern for security companies. But how trustworthy are these certificates? Earlier in 2018, a...
No GDPR Penalties For UK Swann 'Spying Hack' on Nov 20, 2018
The UK’s data protection agency has closed its investigation into Infinova-owned Swann Security UK, the ICO confirmed to IPVM, deciding to take “no...
HID: Stop Selling Cracked 125 kHz Credentials on Nov 05, 2018
HID should stop selling cracked 125 kHz access control credentials, that have been long cracked and can easily be copied by cheap cloners sold on...
"New Zealand Govt Uses Chinese Cameras Banned In US", Considers Security Audit on Oct 12, 2018
Newsroom NZ has issued a report: "NZ Govt uses Chinese cameras banned in US": This comes after the US federal government banned purchases of...
China Hacks Video Servers Causing Uproar on Oct 05, 2018
An incident causing an international uproar is hitting home in the video surveillance industry as a Bloomberg report, "The Big Hack: How China...
Genetec Takes Aim At 'Untrustworthy' 'Foreign Government-Owned Vendors' on Sep 24, 2018
Genetec is taking aim at 'untrustworthy' 'foreign government-owned vendors'. This is not a new theme for Genetec as nearly 2 years ago, Genetec...
Hikvision FIPS 140-2 Cybersecurity Certification Examined on Aug 27, 2018
A week after the US government passed a law banning Hikvision, Hikvision announced it had obtained a FIPS 140-2 certification from the US...
Sony Gen 5 IP Cameras Critical Vulnerabilities on Jul 26, 2018
Cybersecurity vulnerabilities remain prevalent in video surveillance devices. Now Talos researchers have discovered multiple vulnerabilities in...

Most Recent Industry Reports

From The Basement To Buried Behind Chinatown: ISC West Emerging Technology Zone on Feb 22, 2019
What does ISC West think about 'Emerging Technology'? Well, last year, they put those companies in the basement. This year, they moved them up to...
Private School IT Manager Surveillance Interview on Feb 22, 2019
This IT manager describes himself as the "oft-maligned IT person" whose "opinions may not always be appreciated by the integrator crowd." But he is...
Outdoor Camera Mounting Hardware Guide on Feb 21, 2019
Mounting cameras outdoors can be challenging, requiring understanding different types of equipment and methods. In this guide, we teach this...
HID Favorability Results 2019 on Feb 21, 2019
HID favorability results were strong, in the 2019 IPVM integrator study of 200+ integrators, with a net +62% and low negativity as the table below...
First US State, Vermont, Bans Dahua and Hikvision on Feb 21, 2019
The first US state, Vermont, has issued a ban on a number of Chinese and Russian manufacturers including the world's 2 largest video surveillance...
ADI 'SAVE BIG' On FLIR And Hikvision Examined on Feb 20, 2019
One is a major US defense supplier. The other is owned by the Chinese government. But you can "SAVE BIG" on both at ADI. In this note, we...
BluB0x Company Profile on Feb 20, 2019
BluB0x has doubled in revenue every year since its founding in 2013, according to CEO Patrick Barry. We originally reported on them in 2015. At the...
Massive Leak Of Chinese VMS Provider Exposes Xinjiang Surveillance on Feb 20, 2019
A subsidiary of China’s claimed largest VMS provider is tracking the precise location and ethnicity of millions in China’s Xinjiang region,...
Security Installation Tools Guide - 22 Tools Listed on Feb 19, 2019
In this guide, we cover 22 tools that security installers frequently use. This is one part of our upcoming Video Surveillance...
Sales Cuts At Rasilient on Feb 19, 2019
Over the past 2 years, video surveillance storage specialist Rasilient has expanded its workforce significantly, aiming to build its own branded...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact