Suffering Criticism, Hikvision Keeps Insecure Online Service Up [Now Down]

Author: John Honovich, Published on Jan 03, 2017

Hikvision suffered severe criticisms for its abrupt plan to discontinue its Hikvision Online service, with 3 core functions to be removed on Dec 30th.

However, all of those functionalities continue to run in 2017, including the security vulnerabilities, and Hikvision has no explanation of what will happen next.

Update January 5th, Hik-online.com is now shut down. The site is up and one can login but when doing so, it just displays the discontinuation notice with no other options - e.g., no ability to manage devices or check status. In addition, new devices cannot be added, despite the notice saying that this could be done through February 16th.

********* ******** ****** ********** *** ********* **** ** ************** ********* ****** *******, **** * **** ********* ** ** removed ** *** ****.

*******, *** ** ***** *************** ******** ** *** ** ****, including *** ******** ***************, *** ********* *** ** *********** ** what **** ****** ****.

****** ******* ***, ***-******.*** ** *** **** ****. *** **** is ** *** *** *** ***** *** **** ***** **, it **** ******** *** *************** ****** **** ** ***** ******* - *.*., ** ******* ** ****** ******* ** ***** ******. In ********, *** ******* ****** ** *****,******* *** ****** ****** **** **** ***** ** **** ******* ******** 16th.

[***************]

Dec **** ***

*** **** *** ******** ** ** *** *** *** *** user ************, *** ****** ****** *** ********** ************. **** ** the *********** **** ********* *****:

*** ******* *** **** ********* ***:

******, **** ** ***** ******* ******** ** ** *********, ** is, ** *********'* *****.

******* *****

*** *** ************ ********* ** **** *** **** ****** **, device ****** *** ********** ******* ****** ** ***** *****:

No ***********

********* *** *** ******** *** ****** *********** *** ******** ** IPVM's *******. ******, **** ******* ** ** *** *******, *** interstitial ********* ** *** *** **** ** *** **** ** end ***** * *********, *** **** *********** ******* *** **** to ***** ****** *********.

Fix *** ******** ***************

** ********* ******* ** ******* ***** ******** **** *** **** Hik ****** ***** **********, **** ** ************** ***** *** *********** and ********** ********** **** **** *****.

*******, ** ********* ** ******* ***** ***** ***** ******** ********* claims *** **** ** ****** ********** ******* **** ***** **** track ******, *** ******** *************** ** ********* ****** **** ** fixed.

*** *******, *** ****** **** *** ******* ***** ** ***. Ironically, ***** *** *** ******** **** *** **** ***** **** their **** ******* *** **** ***** ** ******* ***** **** called ** ***. *********, ******* ***** ****-********** *,*** '*********' *** not **** **** **** ***'* *********.

********, *** ****** ***** ******* **** ** *********** **** (***** ******** ****) ***** *** ****** ** ******* ** ***** ****** ********* to *** ******* *** ****** ** ********** ** ********* ****** the *********** *** ********* **** ******, ********** *** *********** ***** devices **** ** ****** ** ******.

Communication ******** ********

**** ** *** ***** ** * ****** ** ************* ******.

  • *****, ********* ***** ***** * ****** ** *************** **** ******* **. It *** * **** ***** **** ********* *** ********* **, and **** ********* ******* *** ********* *** ***********.
  • ******, ********* *** ******* **** **** *** ****-**** *** ***** discontinued *** ** *** *** ***** * **** ***** **** Hikvision ********** ******** **** **** ***** ***
  • ***, ********* ****** ******* ** **, ******** ** *********'* ***** notice, **** ********* ***** **** ***** ****.

***** ********* ***** **** ***** *************** ********, ** ** * **** after *** ******* ***********. ***** **** **** ** ************ *** leave *** ******** *************** *******. ** ** ** *********** ********* for ********* ******* ** ********* ********* ** ****** ****** *** **** users **********.

Comments (15)

** *** ***** ********, ********* *** ***** *** ******* ** their ******-***************. *** ******** **************** ********. *** ******** *** ****** *** ****, ***:

  • *** *** ******* ** ***** *****, ****** ** ***** ******** 30th.
  • *** *** ******* ******* ***** **** **** *** ******** ***** their ****** **** *** ******** *******, *** ********* ** *** global *******.
  • *** *** ******* ***** ** **********-** ********* ******** ********, ****** *******, ***., ** ****-**** *** ****-****.

**** ******** ***** **** *** *** ***-******* *** ** ****** in *-* ****, ******** *** ***** *** **** ***** ********:

*** *** ***-******* *** ********* ***** **** * ******** **** EZVIZ ****** ********** ****:

*** ***** ** ** ****** ***** ******, ****** ** ******** or ****/********. *******, ******** ** *** **/**** **. ***** *** device's ** *******. **** ********** ** ***** ********.

*** *** **** ****/**** ******** ** *** ****** *** ********, but **** ** *** **** ************* *********.

**'** **** * **** ** ****** ***** **** *** ****** app ** ********.

**** *** ** *** *******,

*** **** ***** ** **** **** ** **** "*" ** the *** ** ****?

*-*?

** **** *** ***** ******* *** ***** / ******* / payment *** **** **** *****, ***** ******* ****.

** ***** ***** *** *** **** ** *** ****, *.*., reading ********, ** ****.

********* ***** **** *** **** ***** *** ******** ** *** Online, ********* ******* ** *** ******** ****** *********** *** ******* / *********.

**** ***'* **** ****** ***** **** *** ** :)

**** **** * ****** ******** ** ******** ** ********* ** millions ** ******* **** *** ****** ** ******* / ********** because ** ** ******* *********** *************. ** *** ** *** mind, **** ** ********* **** *********** *** ****** **** ******* do *** **** **** *******.

*** **** ****** ****** ** ***** "*" :)

**** *** *** ******. ***** *** * **** ** ****. We ******* *** ** ******* *********** ***** **** *** ***** has *** **** * **********.

** **** ** * ****** ***** ** ******* *** ******* we *** (***** **) ** **** ** **-**, ******** ** deletion **** *** ********* *******. **** *** ******** ** **** new **** ******* *** ************ ** *** *********.

**** ***** ** * ****** ******** **** ***** *** *** also *** *** **-** ****** ** ***** ******* ***/** *******/*********. Cost ** ***** * **** * **** *** **** **** a ******* **** **** ******** ** ****** ********* **** *******. Kind ** * ** *******.

* ****** **-** *** ****** *** ***** **-** ******* * could ****** ********* ** ****** ** ***** (***** ****** ******** generator). **** ******, *** ***** ****** * **** ****-*** *** Hikvision ***** *** ****** **** **** ********** ** *** ******** field.

** **, **** ** ****** ***** ** **** **** ******. Just **** **** *** **** * ***** ********** *** ****** naming ****** ****** *** ** ****. * **** * ******** generator **** *** ********** * ** ******. (******** ** "*****":"************").

* **** ** **** ** ******* **** ***** ** **** commotion **** * ******* ******* *** *********** (***** ** ***** vendors *******), *** ****** **** **** "*** ** **** *** risk". *** **** * **** **** ** **, ** *** pure ******** ** *** **** *** ** *** * ********* ddns ******, ********** **** *** *** ***** ******* *** ********* we **** ******** (*** ****** ** ***** ** ** *** router/firewall, ******).

**

***'* **** **** * *********** ****** **? ****** ** *** customers *** ***** ** ****? **** **** * ******** ***** on *** **** *********. **** ****** ** ** *****. ******* course. **** ** *** ** **** ******* ***** **** ***** that **** ** * ******* ** **** **** **** *********. Not **** *** **** *********, **** **** *** *********** ** act ******* **** *** ******* *** ******* *****. **** ****** be *********.

*** *******, ** **** ****** **** **** ** ********* **** "feature" *** ***** ** ***** *********** ** ********* ********. *** the **** **** ** ***** ********** ****** ****'* ********* *** video *********, ****** ********** *** ***** ********** ****.

**** ** ******** ******* ** *** **** ***** ** ********* which *** *** ******* **** *****'* *********... **** *** *** making ***** ******** ***** ** ******** ******** (**** *********).. **** Apple ** ****** ** * ********* *********...**** ******* *** **-***** earphone **** **** *** ****** *** ******* *** **** ***** Macbook ****** ** *** * ********** ***** *** . ********* Micro$oft ****** **** ** **** *** ****** *** *** ******** Laptop:The ******* ***** ** *** * ****** *** * ****** .... ** ** ** * ****** :) ***** ** ** OT

** ******** **** **** *** ** ********* ******-**** *** *****.

*** **** *** **** *********, **** **** *** *********** ** act ******* **** *** ******* *** ******* *****. **** ****** be *********.

********* **** ****** ** **** ** **** ****. *** ***** is ***** ** *******.

* **** ********** ***** **** *** ** **** **** ******** *** ******** ************************** ** ********. *********, ** ** **** *** ***** **** they *** *****.

** ******** **** **** *** ** ********* ******-**** *** *****.

************** ******* **** ********** **** ****** **** *****. *******, *** whole *******, ******** **** *** **** ** *** */***, ** definitely * ******** ** ******-**** *** *****.

* ** ***** **** ** **** *** ******* ** **** over *** **** ***** ** ***, ** **** ****** ****** over **** *** * ** *** ******* **** **** **** ever ** * *** ******* ** ********* (** *** ******* that **** ******* ** ******* **** ****).

****

***** **** ** **** ******* **** ********. ********* ** *** most ****** ** ******* ** ** *** ************ ******.. *** is ********** *** **** ******* ***** ***** **** ****'** *** leader ** *** ******** ** * **** ***** ******. *** vulnerabilities *** **** *** ** *** ***** **** **** ** their *********** **** ********** ******* ****** ***** ***** **** ******** at **** *****.

*** ****** ***** ** **-***** ************ *** ******** ******* ***** to **** * **** ****** *** ******** ************* ** **** of **** ** **. *** * ******** ***** ** ** handled-off ******** ** ******* *****. ** *** ******* ** ***** it ** *** *********** *** *** **** ***** *** ******* behavior ** *** ******* ** *** ** *****. ***** **** creates * *** ***** ** ************** *** ********** ** **** will ***** **** ********. *** ******** ** ****** ** **** us. **** *** **** **** ***** *** *******. *** ** Integrator ** ** ************ ** ** **** ** *********** *** a ******. * ********** **** ** *** ** ** * much ****** *********** **** ****** ** ******** ** ******* ** precipitously. *** ** *** ***** ****** ** ****: *** **** culprit ** *****'* ***. ******* *** **** ******* ******* *** better ** *** **********... ** ****'* * ***** *** **** a ***** *** *** *** *** * ** *** with ***....

**** ********** ******* ****** ***** ***** **** ******** ** **** point.

* **** *** *** ***** ** **** *** * **** to ********* **** ** **** *** **** **** ** ***** the **** ******** ******** ************* *** ** ******* ** **********, including *****, *.*.:**** ******** ******** *************,**** ****** **** ******,**** ******* ****** ******** ****** **** ******** *********, ***.

****** **** * ******* ****** ****:

  • ******, ** ******** ** *** ********* ** ******, **** **** people **** ** ********
  • *** ********** ** *** ************* - ** *** **** **** to **** *** **** **** ***** / ****** ** *******
  • **** ****** ********** **********

*** ***** ****** ** *********'* ********** *********. ********* ** ****** a ***** **** ** ************ **** *** ** *** ********* with *** **** *************. **** ****** ***** ** *** **** do ***, ********* ** **** ********** ******* ******** *** *********** are.

****** ******* ***, ***-******.*** ** *** **** ****. *** **** is ** *** *** *** ***** *** **** ***** **, it **** ******** *** *************** ****** **** ** ***** ******* - *.*., ** ******* ** ****** ******* ** ***** ******. In ********, *** ******* ****** ** *****,********** ****** ****** **** **** ***** ** **** ******* ******** 16th.

** ********* **** ********* ********* ******* **** **** **** **** with ********** ****** ***** ** *** ******* **** **** **** credentials: *** / ******** / ********.

**** **** *********** ***** *** ************* ****** ** *** *** ***: ****, **********, ** ******.

* ***** *** *** ***** ** *** ********* - ** they ** *** **** * **** **** ******* ********...

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Deceptive ASIS Attendance on Oct 06, 2017
ASIS is being deceptive with its conference reporting, effectively inflating the event's real actual attendance. What they try, but struggle to...
Dahua Trying, Struggling To Respond To Hacking Attacks on Oct 04, 2017
Now, 2 weeks since large-scale hacking attacks commenced against Dahua vulnerable devices, we analyze Dahua's response. On the positive side,...
Hikvision USA Misleads Dealers On Backdoor on Oct 03, 2017
Hikvision USA emailed their dealers overnight with their 5th cyber security 'special bulletin' of the year. Misleading Unfortunately, they...
FLIR Thermal Camera Multiple Vulnerabilities, Patch Released on Oct 03, 2017
Multiple cyber security vulnerabilities exist in FLIR thermal cameras, which have not been fixed, despite being reported months ago. In this note,...
Hackers Globally Attacking Dahua Recorders on Sep 25, 2017
Dahua recorders are being hacked and vandalized around the world, as confirmed by dozens of reports to IPVM since the attacks surged 5 days...
'Clowns' Allege Ubiquiti 'Completely Fraudulent' on Sep 20, 2017
A short seller has alleged Ubiquiti is 'completely fraudulent'. Ubiquiti's CEO has responded calling them 'clowns'. Here is the short...
Cloud Guy Prints Book, Misses Irony on Sep 15, 2017
On-premise security systems are dead. But $75 print books are alive and well. Such are the lessons from Brivo's CEO new book "The Five...
September IP Networking Course on Sep 14, 2017
LAST Chance - Registration is ending. Register now. This is the only networking course designed specifically for video surveillance professionals...
The 3 Most Outstanding Security Manufacturers (OSPAs) Make No Sense on Sep 08, 2017
The Outstanding Security Manufacturer finalists (US edition) are here: And if you are wondering, "How did those 3 get chosen?" then you are...
Hikvision Backdoor Exploit on Sep 03, 2017
Full disclosure to the Hikvision backdoor has been released, allowing easy exploit of vulnerable Hikvision IP cameras. As the researcher, Monte...

Most Recent Industry Reports

Anixter End User Sales Troubles on Oct 23, 2017
End user sales have and continue to be a major problem for Anixter's physical security business. Every year, according to various Anixter people,...
Assa Abloy Acquires August on Oct 23, 2017
The mega access control manufacturer, Assa Abbloy, has acquired one of the most well funded access control startups, smart lock...
Axis Q3 2017 Financial Results on Oct 23, 2017
A big issue for Axis this past quarter was their product shortage. Despite that, new Q3 numbers for Axis show solid financial results. In this...
Cisco Falling - Favorite Network Switches 2017 on Oct 20, 2017
1 major manufacturer fell and 1 outsider manufacturer gained as integrator favorites for network switches from more than 140 votes / explanations...
Uniview Recorder Backdoor Examined on Oct 20, 2017
A Chinese research group has identified a vulnerability in Uniview recorders that allows backdoor access in a method similar to the Dahua...
Hikvision Access Control Tested on Oct 19, 2017
Hikvision aggressive pricing and marketing combined with generally reliable hardware and free software has made them a major player in video...
Verkada, Silicon Valley VSaaS Startup, Targets Enterprise on Oct 19, 2017
Verkada says they are building an enterprise-class VSaaS offering, calling it "The new platform for video security". This is a departure from the...
Exacq Unbreaks Avigilon Integration on Oct 18, 2017
For nearly 4 years, Exacq had broken and effectively blocked use with Avigilon cameras, as IPVM reported in January 2014. Now, Exacq has...
Search More Important Than Live Monitoring - Statistics on Oct 18, 2017
Search is overall more important than live monitoring to integrators, according to new IPVM statistics.  The key themes found in integrator...
Axis 'Sold Out' P3707-PVE Multi-Imager Tested on Oct 18, 2017
Axis faced significant product shortages over the summer. Perhaps the most notorious and significantly sold out model was the Axis P3707-PE 8MP...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact