Hacked Hikvision IP Camera Map USA And Europe

Author: IPVM Team, Published on Jan 22, 2018

The interactive map below shows a sample of hacked and vulnerable Hikvision IP cameras across the USA and Europe. Hover over a marker to see an image from that camera:

[Note: this report and map was originally published on Dec 18th for the USA only. We have now updated it to include / display European cameras.]

This map helps visually demonstrate how wide the practical impact and risk of easy to exploit vulnerabilities. The devices mapped above all suffer from the Hikvision IP Camera backdoor, demonstrated in the video below:

Hikvision cameras vulnerable to the backdoor exploit are accessible across the US. Many of these cameras have already been exploited, altered to show "HACKED" in place of the camera name as one example:

Additional Details

There are ~3,400 yellow markers for vulnerable cameras, and ~700 red markers for "HACKED" cameras (note in some cases, the OSD text is disabled, so while the camera name has been altered, it may not be shown in the image).

The average firmware found on the vulnerable cameras had a build date over 2 years old, showing that many users do not update firmware once a device is setup.

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

Methodology To Create Map

This is how IPVM built the interactive map. Device IPs were exported from Shodan, the result of a search for Hikvision cameras globally. Each device was evaluated against 3 key criteria:

  • Was it located in the US or Europe, based on results of an IP Geo Lookup
  • Was it a Hikvision device, - Hikvision OEM's were excluded
  • Did the camera have its name changed to some variation of "HACKED"

If the above criteria were met, a snapshot image using a public URL (/onvif-http/snapshot?auth=YWRtaW46MTEK) was taken and logged, along with latitude/longitude coordinates provided by the IP geo lookup. These scans were done throughout December 2017, though some devices had inaccurate time stamps that may indicate other dates.

IP address geolocation services typically do not provide precise locations, so camera locations shown will be accurate to a general area but not the exact location.

The geolocation data was used to plot points, using Google Maps, with the snapshots associated with each camera/location to be displayed when hovering over the point.

Europe GDPR Concerns

The EU General Data Protection Regulation (GDPR), set to go in effect May 25, 2018, specifies potential fines for companies that expose data that can directly or indirectly identify a citizen of the EU without their consent. By shipping cameras with a hard-coded backdoor, Hikvision exposes EU citizens to such data disclosures without consent. Though Hikvision argues they patched the backdoor once they were made aware of it, they still shipped millions of cameras with this vulnerability, of which numerous are installed across Europe. Many owners of these cameras are unaware of this backdoor which exposes their cameras.

OEMs Add more

This map shows only Hikvision-branded cameras, if OEMs are included (see 80+ Hikvision OEM Directory), the map would have 5,000+ points in the US alone, and many more in Europe.

Only Data From Shodan

Additionally, while Shodan has a large number of Hikvision devices in its database, Shodan does not represent all of the internet-accessible Hikvision devices. Devices are added (or removed) daily, IP addresses may have changed, or units may have been temporarily offline during scans. While it is impossible to estimate what percentage of accessible Hikvision devices are in Shodan's database, we can guarantee there are more vulnerable/hacked devices than just those shown on the map.

Excludes Bricked / Hacked Offline Cameras

Many Hikvision IP cameras have been reported as being brought offline, either to update firmware and resolve the vulnerability or to remove remote connectivity to them when users realize the risks of placing vulnerable cameras on the internet.

These cameras, by definition, are excluded, since they can no longer be reached.

Only Shows People Who Have Not Fixed

The number of Hikvision cameras that have been hacked in some way are certainly far greater, since this map only shows IP cameras that have not been fixed by December 2017. The reports of hacking peaked in October and November (following the September disclosure here), giving users a month, or more, to notice and resolve these issues.

Reports of Hikvision cameras having 'HACKED' text, or exhibiting other symptoms of hacking have been circulating for the past few months, e.g.:

IPVM discussion of Hikvision cameras resetting:

An ipcamtalk thread from a user experiencing their Hikvision camera being hacked:

Other ipcamtalk threads from users experiencing cameras being factory reset via the backdoor exploit: 1, 2, 3.

Improving Cybersecurity Lessons

Users should consider the following lessons:

2 reports cite this report:

Hikvision HQ Contradicts Cybersecurity Director on Mar 07, 2018
Hikvision HQ has contradicted Hikvision USA's Director of Cybersecurity, Chuck Davis. Davis - Don't Put Cameras On The Internet Davis made a...
Remote Network Access for Video Surveillance Guide on Feb 21, 2018
Remotely accessing surveillance systems is key in 2018, with more and more users relying on mobile apps as their main way of operating the system....
Comments (73) : PRO Members only. Login. or Join.

Related Reports on Hacking

Last Chance - Save $50 - July 2018 IP Networking Course on Jun 20, 2018
Today, Thursday the 21st is the last chance to save $50 on registration. Register now and save. This is the only networking course designed...
Hikvision Corrects False Cybersecurity Announcement on Jun 18, 2018
Hikvision has corrected a false cybersecurity announcement that claimed a British government-sponsored program endorsed the cybersecurity of...
The Dumb Ones: PSA's Bozeman On Cybersecurity on Jun 15, 2018
The smart ones are the hundred people who flew to Denver and spent $500+ on a 1.5-day conference featuring Dahua as a 'cyber responsible partner',...
Debating Relevance of China Hacking US Navy Plans on Jun 11, 2018
"Chinese government hackers have compromised the computers of a Navy contractor, stealing massive amounts of highly sensitive data related to...
Remove Dahua and Hikvision Gov Installs Required By US House Bill Ban on Jun 06, 2018
The final released US House Bill HR 5515 verifies that it not only prohibits the purchasing of Dahua and Hikvision products, it requires removing...
Dahua's Terrible Cybersecurity, Buys Credibility From PSA And SIA on Jun 04, 2018
Dahua has a terrible cybersecurity track record. But American organizations, like the Security Industry Association (SIA) and the PSA Security...
Canon Responds To IP Camera Hacks on May 30, 2018
Canon cameras made international news earlier this month, with reports of them being hacked in Japan (e.g., Hackers disable scores of Canon-made...
Corruption Alleged Against Hikvision Procurement In India on May 28, 2018
Over the past month, allegations of corruption and national security risk have made the news in India over the planned purchase of 150,000...
Cybersecurity for IP Video Surveillance Guide on May 18, 2018
Keeping surveillance networks secure can be a daunting task, but there are several methods that can greatly reduce risk, especially when used in...
Hikvision Source Code Transparency Center Examined on May 14, 2018
Following criticism of Hikvision's Chinese government ownership and Hikvision's IP camera backdoor, the company has responded with a series of...

Most Recent Industry Reports

'Secure Channel' OSDP Access Control Examined on Jun 21, 2018
Despite claiming to be better than Wiegand, OSDP's initial releases did not address the lack of encryption between reader and controller, leaving...
Most Wanted Improvements In Manufacturer Technical Support (Statistics) on Jun 21, 2018
5 key areas of improvement and 1 clear wanted support feature were voiced by 140+ integrator responses to: What improvement in manufacturer...
Last Chance - Save $50 - July 2018 IP Networking Course on Jun 20, 2018
Today, Thursday the 21st is the last chance to save $50 on registration. Register now and save. This is the only networking course designed...
GDPR / ICO Complaint Filed Against IFSEC Show Facial Recognition on Jun 20, 2018
IPVM has filed a complaint against IFSEC’s parent company UBM based on our concern that the conference violates core GDPR principles on...
IFSEC Final Show Report on Jun 20, 2018
IPVM is live from London reporting on the IFSEC show. The Chinese have taken over the UK, centered on Hikvision, flanked by Dahua, Huawei and a...
Mobotix Releases 'Move' Into 21st Century on Jun 20, 2018
For years, Mobotix stood resolutely against, well, every other manufacturer, selling it as a virtue: MOBOTIX equipment is designed with no...
Cybersecurity Startup VDOO Disclosing 10 Manufacturer Vulnerabilities Starting With Axis And Foscam on Jun 20, 2018
Cybersecurity startup VDOO has uncovered significant vulnerabilities in Axis cameras along with many others not yet disclosed. In this report, we...
Axis Guardian - Cloud VMS And Alarm Monitoring - Released on Jun 19, 2018
Axis has struggled to deliver a cloud-based managed service video platform. Video service providers have utilized AVHS for over a decade, and have...
IPVM Vulnerability Scanner Released on Jun 18, 2018
IPVM is proud to announce video surveillance's first and only cybersecurity vulnerability scanner. This tool allows quickly and simply...
Hikvision Corrects False Cybersecurity Announcement on Jun 18, 2018
Hikvision has corrected a false cybersecurity announcement that claimed a British government-sponsored program endorsed the cybersecurity of...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact