Hikvision Security Code Cracked

Author: IPVM Team, Published on Aug 08, 2017

Hikvision's 'security code' feature has been cracked and a program generating security codes is being distributed online. IPVM has obtained and tested this program, verifying that it works.

Hikvision 'security code' allows unauthenticated users to access Hikvision recorders locally regardless of the admin password strength. Hikvision has used this as a tech support feature, as we covered and explained in this report.

Hikvision has historically called this 'security code' or 'security codes', e.g.:

Now, anyone with this program can generate a security code that resets the admin password and takes over the Hikvision recorder. Hikvision does not allow disabling this 'security code' feature.

Inside this note, we show how the program works, what it does and what risks it poses.

*********'* '******** ****' ******* *** **** ******* *** * ******* generating ******** ***** ** ***** *********** ******. **** *** ******** and ****** **** *******, ********* **** ** *****.

********* '******** ****' ****** *************** ***** ** ****** ********* ********* locally ********** ** *** ***** ******** ********. ********* *** **** this ** ***** ******* *******, ** ** ******* *** ********* ** **** report.

********* *** ************ ****** **** '******** ****' ** '******** *****', e.g.:

***, ****** **** **** ******* *** ******** * ******** **** that ****** *** ***** ******** *** ***** **** *** ********* recorder. ********* **** *** ***** ********* **** '******** ****' *******.

****** **** ****, ** **** *** *** ******* *****, **** it **** *** **** ***** ** *****.

[***************]

Cracked ******* ********

*** **** ********* ** *********** ** * ***** (****) ******* executable. ** **** *** ******* *** ************ *** *** ** run ******** ******* ************* ****** ** *** ******* ************. ** are *** ************ *** *******, ** ** ******** * ******** risk ** ********* *****.

** *** ******* ** *** **** *********, *** ****** **** entering *** ** ******* ** *** ********* ********:

****, **** *** ** ******* ** ******** ** ***** * Hikvision ****** *** *** ***** *** ****** ****** ** *** unit, *** *** **** *** **** ** ******** * ***** code ***. **** **** ****, *** ******** ******* * ******** code **** *** ** **** ** ***** *** ***** ********:

*** **** *** **** ** **** ** *** ********* ******* to **** *** *** ***** ******** *** *** * *** one, ** ***** ***** ** *** **** ****:

* ******* ** *** ******** ** ************ ** * ******* video:

[******] - *** ******** ****** ******* *** *****, ** *** not ******* * ***** *********** ****** *** ****** *** ***** so.

***** **** *****, *** ****** ***** *** ******* ** ******* the ****, ** ******** ***** *** ****** *****, ** ** case *** ****** **** ** *** **** *** *********.

Feedback **** ******* ******* ******

*** ****** ** *** ********,***********, **** ** *** *** ****** *** **** *** *******, but ******* ** **** ******, *** **** *********** *** *** YouTube *******. ** **** ** ** ******* ** ******** *** software ** ******* ***** ***** *** **** ********* *******, ** it ********* **** ***** *** *********. ** **** ****** **** support ********** *** ********* ****[****** - *** ****** ******* *** ******** **** ** ****].

Works ** *** *-***, ****** ***** ****

**** ******** **** *** ******** **** ***** ******* ***** ** an *** *-*** ******** ***** **-*******, ********* ******* **** *** local ******* / **** ** ***** ******** ** ***** ** the ********** *****:

** *** ****** *-*** ******** (*.*.*) *** ***** **** ******, but ******* ** *** ********* ******** ** *** ** ** entered ** *** ********* ***** *******.

** ******* **** ************** **** (** ***** ***** *** ****** **+)*** ******** ** **** ** ****.

[******: *-*** ***** **** ****.*.* ***** ****** (******** ****). *** ****** ** ******* *** **** *** **** *******.]

Benefits ** ********* ******* / ********

********* ******* *** ******** *** ****** ***** **** ******* ***** and **** ** ********* **** ******* *** ***** ******** ****** by **********, ****** **** ****** ** ******* *** **** *** Hikvision ** *******.

Benefits ** ********* ***********

********* ***********, **** *********** *** *************, *** **** *** ***** how ******** ********* ** ** ***** **** ******* ** ****** Hikvision *********. ** ***** *** * ******** **-**** *************, ********** since ********* *** ******** *** *********** ** ****** ********* **** can *** ** ****** **********.

Detrimental ** ********** ********* *****

*********'* ** *** ****** ********* ******** **** ****-****** ******* (******, Alibaba, ***.) ***** ******** *** **** ********* ** ***** ******. One ********* *********'* ********** **** ****** ** *** ******* ** get ******** ********* ******* *******, **** ** *** ***** ******** resets. ** ********* **** ****, ******* *** ******* ***** *** password ****** *** ********* ******* ******* ** ******* ********* *******, reducing ***** ********* ** *** ******* ********** ********.

Cannot ** ********

*************, *** '******** ****' ******* ** **** ***** **** ********* recorders *** ****** ** ********. ** **** ******** **** ********* if ** **** **** ***** *** **** ****** ** ***** users ** ***** **** *************.

Atypical *** ******* *************

*** ***** ******** ***** ******* ** **** ******* ** ******* companies. ***** *** * ******* '***** ********' *******, *** ** enterprising*********** ******* *** ******** ****** ******** *****, *** ********* **** ********, *******, *********, ***. ** *** allow * ****** ** **** ** ** *** ******** *** wipe *** *** ***** ******** **** ******* *****.

Cybersecurity ******** *** *********

************* *** **** ** ******* ***** *** *********. *** *********** for ***** ********* ** ** ***** ** ***, *** ******* any ********* **********, ** ** ***** ******. ****** *** ***** code ********* ****** ********* ***** *** ******* **** **** ******. Hikvision *** ************************** **** **** ************* *********, *** **** ***** ******** **** their ******** **** ***** ***** ********* ** ** ***** *** easily, *** ******* **** ********* ***** **** **** ********.

********** *********, ***** ********* ** ****** ** ****** ***** ********, view *************** **** ****** ***** ******** ****** ** ****** ***********, and **** ***** ****** *** ******* **** ****** **** **** security.

UPDATE - **** ******* ** ******** *****

**** ****, ****** *** *** ******** ** *** **** ** a ******* ********** ********* ********** ** ******** **********-***** ********, ******** of *****:

*** ******* ****** **** *** ** ***** ***** ******** *** same ****** **** * ***** ****** ******/**** ******. ****** *********** ** *** ********* **** ********* ** *** *** **** on ***** ********, *** ***** ***** **** ** **** ***** **** ** recent ******** ********, ** ** ****** ** **.*.*.

*** ******* *** ********** ***** (*** ********** *** *******-***** ****) use ** ******* ***** ***** ***** ** ***** *****, ********** some **** **** *** ******'* ****** ****** *** **** ******** is ********** ** * '***** ******', **** *** ****** ** the '***** ******' **** ********* ** ***** ********** **** *** be ******* ** * ******** ********:

Update * - ********* ******** **** "******** ***** ******"

** ****** **, ****, ********* **** * '******* ********' ***** * **** ******** ******** "********* ***/*** ******** ***** ******". ** ******** * ******* ** ******** ********** ** ******** passwords ****** ******* *********. ** **** ********* * **** **** Hikvision ********* *************** ** ** ******* *** ******* *** **** to ****** *** **** ***********.

*** ********* *****:

(*) ********* ****** ** *** ******** ***** ** "**-****** ********* 'security ****'". ** ** *****, ** *** *** **** '******** code' ******* **** ** *********'* *** **** *** **** *******, e.g., *** ******* ** ********* ********* ******* ** * '******** ****'.

(*) ********* ******* ****** *** ******** **** ***** ******** **** was *******. ****** **** ********* * ***** ******** **** ***** overcome **** *******. **** ******** ** **** ** **** ** reviewing ** ****** **** ********* *** **** ******* ** ******.

Update * - ****/*** ******** ** ********* ******** *** *** ******

*** ******** ** *********'* ******** *** **** ********:********* ******** ** ******* ******** *****

Comments (59)

* ***** ****** ** *** ******** *********** ***** ** *** best ****** ** ********* **** *****. ** ***** ** ******, effective, *** ***** ****** **** ******* ***** ** ****

** ** *****, **** **** **** **** ******* ** *** LAN ** ** ***** * *** ** *** **** ******** as ****? * ***'* ***** *** **** **** ***** ******** but * **** ** **** **** * ********** **** **** accurately

**** ********* ****** ** ********* *** ********* *******, ** *** are ******* ** ***** ** ** * *** (** ***).

****** -

***** **** ********** ****** ** *** ******* ******* ******** *******:

*** **** ********* ** *********** ** * ***** (****) ******* executable. ** **** *** ******* *** ************ *** *** ** run ******** ******* ************* ****** ** *** ******* ************. ** are *** ************ *** *******, ** ** ******** * ******** risk ** ********* *****.

*** *****,

*** **** **** ******* ****** **** ***"********* ******** ***** ****" that ** ********* ** *********? **** **** * *** ********* it ***** **** ** ** **** * ********* *** **** what **** **** ****** ** ***** *******.

*****://*********.***/*****/*********-********-*****-****/

** *** **** ***** ** **** ***** **** *** *** previous ******* *** **********. **** ******** *** **** ****** **** the ****** *******/***** ** ****** ****. *** *** ******* **** they *** ********* ********* ***'* ********* *** **** *******.

*** ********* ****** *** ***** ** *** ****** ** ******* this:

UPDATE - **** ******* ** ******** *****

**** ****, ****** *** *** ******** ** *** **** ** a ******* ********** ********* ********** ** ******** **********-***** ********, ******** of *****:

*** ******* ****** **** *** ** ***** ***** ******** *** same ****** **** * ***** ****** ******/**** ******. ****** *********** ** *** ********* **** ********* ** *** *** **** on ***** ********, ***** ***** **** ** **** ***** **** ** ****** recorder ********, ** ** *** ****** ** ******* *.*.*.

*** ******* *** ********** ***** (*** ********** *** *******-***** ****) use ** ******* ***** ***** ***** ** ***** *****, ********** some **** **** *** ******'* ****** ****** *** **** ******** is ********** ** * '***** ******', **** *** ****** ** the '***** ******' **** ********* ** ***** ********** **** *** be ******* ** * ******** ********:

* ******* *** ***** ********* ** *** ***** **** *** older ******** *** ****'* **** *******. *** ***** **** ***** work ** ****?

**** *** *****, *** ********* *** ***** ** ***** **** these *****, ****** *** ****** *** ****, ** **** ***** the ***** *** ** ** **** **** *** ********* ***** console. *****, **** ****, *** ******* * ******** ****.

****** ** *** ******* *********, ** ***** *** **** ********* on **** ***** ******** ******** *** ** ***** ****. ** will *** ***** ** *******.

**** - *** *** ******* ******* ** **** ********/******** ******** you ******? ****, *** *** *** *** ***** ***** **** via **** ** **** **** *** ***** *******?

*** ***** **** ***** ** *** *** ****** ** "*****" firmwares **** **** *** ****** **** **** ****** *** ** enter * ****** ****. *** ***** ********* ***'* **** *** hidden **** ** ****/****, ******* ****** *** * **** ******** file **** ** ******** ** ** ******* ****** *** ******* setup.

**** ******* * ****** ** ** * ****** **** ******** 5.4.0, * ****** **** ******** *.*.*, *** *.*.* *** **** of **** ******.

*******, ** **** ***** ******* **** ******** ***** *.*.*. * tested ** ** ** *** **-*******-* **** ******** *.*.* *** it ******.

**** ******* * ****** ** ** * ******

** ********* ******** ***** ** *** ******, **** *** ******** at *********, *** *******. **** ********* **** ****** ******** ***** be ******** ***** *** ***** *********.

*******, * ******** ********* ** ** * ****** **** **** cameras *** ****. ** *** *** ********* * ********* ********, the ******* *** ********* ***** ** ** "****** **" **** a ******* ***********, *** **** ****** *** ******** **********. ************, the ******* ***** ********* *** ***** *** *****.

*** ********, *******, *** ****** *****, *** ******** ****** ** all *** ******* ********* ** **. ********* *** ********* ************** opens ** *** **** ** * **** ****** ******* ****.

** ** ****, *** ** *** ** **** ************ **** a **** **** ****** * ********. * *** * ****** lose *** ******** ** ***** ***** ***** ***, *** *** factory ******** * ****-****** ***** ******* ** ** ***** ** default. *******, **** *** ****** **** ** **, *** *'* sure **** ************* ***** ** ****** **** ***.

*** *** ******* **** ********* ** *** *** **** ******* with * **** **** ********, ** ******* *** ***** *** XiongMai ** *** ***** ********* **** **** **** **** ********. It *** **** ***** **** **** ** *** **** ****** among ***-******* *************, *** ** ****** *** ******** ******* ********** (e.g.:a **** ******** ** *** * ***** *******) ** ***** be ********** ** ******* **** ***** ************* **** **** ********.

************, ***** ** * ********** ******* * "***** ** ********" and ** ***** ******** *****. **** * ******* *****, *** situation ****** ** **** **** *******, *** ***** ********* ******* wiping *** ****** ***** ** ****** ** *************. **** ** least ***** ** ****** ** ****** **** *** **** *** been ***********, *** ********* ***** ** ** **** ******* ****** retrieve **** **** *** **** ** ** ** ***********. ** also ******* *** *** ***** ** ******* ***, ********* ******** access ** * ****** ** ****** ****** *** **** **** makes ** **** **** ********* *** ** ******** ** ** this ******* ***** *******.

***, ** ********* ** ** ****, * **** ********* ********* has ************ ******** ** ****, *******, * ******'* ** ********* to **** **** ** ***** * ******** **** *** ***-******* companies. *** * ** ****** **** *** **** ****** ** the ***** **** *** * ********* ** *** ********, *** data *** **** ******. * ***** ****, ****** **** ***** is * ********** ***** **** **** "****** **" *** "*********" is ********* *****'* ******** *** **********.

**** **** ** ** *** ***. * ** ****** **** that **** ****** ***** *** **% ** *** ********* ******* out ** *** *****. * **** **** *********'* **** ****** to ***** ***** ******** *** ****** **** ***** *********'* ********, 5.4.x(these *** *** *******), *** ****** ********* **** ** ****** works.

** * ***** ********* ********, *** ***** **** ** ****** a *** **** **** *** ******/*** ***** **** ** * local *******, ****, **** ** **** ** ********* ***********. ********* Techsupport ***** ***** *** **** * *** **** ***** **** that *** *** ****** **** ***** ****, **** *** ***** password ***** ** *****.

********* *** **** **** **** ** ******* **** ********* ******* authoirzed ** ******* **** ** *** ****** ********* ** *******.

*****, ****** *** *** ********.

********* *** **** **** **** ** ******* **** ********* ******* authoirzed ** ******* **** ** *** ****** ********* ** *******.

********: *******, *** *** **** **** **** ** ****?

********* *** **** **** ** *********** ** *** ******** **** sold ** ***,***-** ****** *** **** *****.

**** **** **** ****** ** *********'* ***** ****** ******** ** some ****. * ***** **** ** *** *********** ** * Winic ********* ***, *** **** ******* **** **** *** **** to *****. **** **** ****** ***** ***** ** ***, *** understandable. **** ** ** **** **** ******* **** ** *** Hikvision, *** ********* *****.

********* ******** *** ** ****** *** ****** ****** ** *** unit. ****'* *** **** ***** **.

** ****** *** ***** ********'* ********* *** *** ** **** a ****** *** ********* *** ***** ********, ***** **** **** a *** ****** ****** **** **** ******* ***** ***** ******. You ***** "****** ********" ** *** *** *** ** ***** a ******** **** *** *** ** ****** *** ***** ******** on *** ***** ***.

****** -

***** **** ********** ****** ** *** *-*** **** ******* ** list *** ***** ****** ****** (**-*******) *** ** ******* **** ** ****** **** **** *** older ********, *** *** ***** ******* **** *** ******/****** ********, 3.4.2.

**** ** ******** ** ***** **** *** ****. *** ****** generator *** ***** ******* *** ******** *** **** ****** *** years. ***** ******** *** ***** ****. **** * ***** **** this * *** ******** ******* *** ******* *** *** *** to ***** ******** *** ****'* *** *** ****.

*** **** ******* **** ** **** **** ******* ***** *** have ***** ********* ***** *** *** *** ******* ****'** ******* old ********, ** **** *******?

*** **** ******* **** ** **** **** ******* ***** *** have ***** ********* ***** *** *** *** ******* ****'** ******* old ********, ** **** *******?

***** ********* ****** *** *** **** **** *** ****** ********?

*** ****** ***** ***** **** **** ***** ******* **** ***'* upgrade ** *** ****** ******** ** ******** *********. ****'* ** to *** ***.

* ******* **** ** *** ***-*** ******, *** * *** K ******, ******* *******.

**** ***** **** * *** **** ** *** ******.

**** ******** ** *****, *** **** **** ********* ** ******* hikvision ******** **** *** ****** ********? ** **** *** *-*** unit?

***** *** *** ******/******** ******** **** ** **** **** ** successfully ******* *** ***** ******** ***** **:

********* **-******-**/** ********:

**.*.****** ******

**.*.* ***** ******

**** **-******* ********:

**.*.****** ******

** *** **** *** *** ******* ** * ******** ***** NVR *** ** *** ***, ******* ** ***** ******** *** generated **** **** ********** ** ***** ******** *****.

** ***** ** *********'* ********, *** ***** **** ****'* ******** anymore. ***** *** *** ****** ********, *** ******* *** * series ****.

*** ***** ** **** **** *** ***** ****. ******* ** longer **** **** **** ******** **** ***** *** ***** **** don't ******.

* ***'* ******* ********* ** *** **** ************ *** *** a *** ** **** **** * ******** ******* ****** *** password *****. * **** **** ****** *** **** **** ***** when ********* *** **** ** ********* ** ** *** *** back **** *** ********* - (**** ******** **** ****** ******* manufacturers ** ****). ** * ****** ** * *********** **** running ***** ********* * **** * *** **** **** **** within *******. *** ** **** ** ** ****** (** ******** logged ** ** *** ***** ****** **** * ********** **** program) *** ****** ******* **** *** ********* ***** ** ******** then ******* ** *** ******** ******** *********. *** * ************ I **** *** **** **** ************ ** ** ***** ** I ***'* **** ** **** **** ******* ** **** ** back **** ** - *** *'* *** * **** *'* in *****! ** ** ***'* **** * ********* *****, *** reported *** *** ** * ********* *** ** ** **, but *** ******** ** *** **** ***** ********* ******* ******* the *********.

************, *** ***** *** *** **** ** ******* ***** **** this **** ******** ***********. ***** **** *** ****** ***** ** be ****** - ** **'* ******** ** ******* ****** ***** be *** *******, *** ****'* *** ****** **** * ***** person ***** **** *** ***** ******** ** **** ** *** - ******* ** *** ** ********** - *** *** ******* have *** *********.

*** ******* ***** **** **** ******** ***** ****** ** **** all *** **** ** ******* ** ** ****** ** *** LAN. **** * **** ** ****** **** ** ********* **** on *** ******** ******* **** ********* ******* * *** *** them ***. **** ** ** ********** ** ***** ************ **** have * ******** ***** ****** **** **** ** **** ** reset *** ***** ********. **** ** * ***** ** *** discussion.

**** ***** ***** ** ***** ************ ** *** **** ****** some ** *** ****** *** ******** ****. ** ***** ********. Being * ************ **** ******* ****** ******** ** *** ********, personal ******* ****** ** ********* ****** ** *** ******.

* *****. *** **** ****** *** ** **** ** * large ***** ** **** ********. * **** ***** ** ******** on ********* ** ** ******** ******* **** **** *** ***** of **** ****. *** *** **** ** ****** ********* ************.

* ****'* ******** ** **** ****, *** ** **** ****'* readily ******** ********* ******* ***. * ****** ***'* ********** *** they *** ******* ** **** ***** ** * ******** ** low-end ** ****** ************* ******* ***** ******* **** **** ** no *****-******** ***********. *'* *** ********* ***, ***** *** ********, I ********* **** **** **** **-****** "******* ******", ****** ************ called *** ** ** ******. *** ** * ****, * grow ***** ** ****** **** ** ********* * ******** ****** portrayed ** "****** ****".

******, ****** *** **** ********. * ********** **.

** *** *** ********* ******* *********, **** ** * ****** accusation. ** ************ *****, ********* *** ****** ***** ** ****, Anixter ****** ***** ** **** ****, ******** ****** ***** ** hate ****, **** ****** ***** ** **** ****, ** *** on...

*** ***** ** ***** ******* **** ****** *** ******. ** Hikvision *** *** *** ******* *** ******** *** ****, ***. are ***** ** **** *** **** ********* **** ***** *******. This ** *** * ****** ****** - ***** *** ********* far **** ****** *** ************ ****** (***** ** **** **** focuses **) **** ******* *******.

******** ** ***-*** ** ****** ************* ******* ***** ******* **** poor ** ** *****-******** ***********

*** *******,****** *** ****** ***,*** ****** ************* *** '**********'. ** *** **** *********** *** ******** ****. ** ******* not ** ** * ****, *** ******* ** '****' *** 'NeoCoolCam' ****** (** **** ** **** *** **** ***) *** because ** **** *** ******* ************** ******* *** *** ******* with ****, ** ** ** ********** ** **** **** **.

* **** **** ***** ******* *** ********* *******. ***** ** answer **** ********* ****.

******** *******

******, **** **** ** '******** *******' ************ ** *** **** IPVM ** ****** ******* ******?

******* ***. ** * **** ** ***** *** ***** ****** of "********" ***** ********* *************, ** * ********* ** *********** that *** ****** ** ******** *********** ** *** ***** *** outnumber ******** *********** ***** *************?

******,

** **** ****** ** ******** ***** ***** *********, **** **** the ****** ** ***:

** *** ***** ** ******** ******** *** ************* ***** ********* **** ** *** ***** ** **** ***** almost *** ***** ******* ******* ** *********'* ***** ****.

******* **** ** **** ***** *******. ** *** ** * complete ******, *** *** * ****** ** * ****, ******* the ****** ** ********* ****** *********** ******* *** *** * most ********* ********, **** ** *** ******* **** ***** ****? My *** ********** ** **** *** **** ******* ******* *** negative ***** *** ** *********. * ***** ** *****, *** it ******'* **** ** *** ***** ****.

******,

*** ***** **** *** **** "******** *******" *** *** "******** ******" ******* *********.

* **** ***** *** ******** ******** ** ******** ********* **** a ********** ****** ***** ******** **** ******* **** '******' *** 'personal *******' ***** *** **. *** *** *** ******* ** as, *** * *****, '*******'.

**** ********** **** ** ****** *** **** ** ********* *** many ********* *** ***** ** ******* *** ******** *********. *** just ******* ** *** ******** **** *** **** ** *** wrong ** **** ** *** '********' ******* ****.

* ** *** ****** *** ***** - ************ **** ********* that **** *** **** ** '********' ** ****** ******* *********?

******* *** ****** ** ******** *********** ** *** ***** ** heavily ******** ******** *********** ** ***** *************. *** * ********** person ***** **** ** ***** *** ****** ** ******** ******** over *** ****** ******** ** *** ****** ** ******** ****, and *** **** ** * ****** ** ******* **** *** positive / ******** ***** ** ******** ********** ***** *************. ******* that *** ****** * "********" ******** **** *** ****** *** no ***** ********** ******* *** ************ ********* *****. ** **** statement **** * ********* **** * ** "*******" ****'* ******** accurate. ******* *** ********** ****** ***** ********* *** * ******** articles ** ***** **** ** ******** ****, *** ****** *** other ******* ********* ****** **** >*/* *****, *** **** ********** person ***** ******** ******** **** *** *** ****** **** **** personal ****** ******* ****.

**** *** ****** * "********" ******** **** *** ****** *** no ***** ********** ******* *** ************...********* *** * ******** ******** ** ***** **** ** ******** ones

******, ** ****. ** **** *** ********* ******** ***** ** 25 ******** ***** ** ********* **** ******. ** *** **** to ********* ** **** ** ****, ** ** ** *****, do *** ******* ************* **** *** ******* *****.

**** ******, ***** **** ****, ** **** ********* ** *************, ** ** ***** **** **** ** *********, ********* **** one ****.

** ******** ** *** * ******** **** ***** *****, ** have * ******** ********** ** ***** -***** ** ****** ****** ** ********* (******* )*** * ***** ***** **** *** ******* ** ******** -********* *** ***-**** ****** ****************** *.***+ ****** ****** (****).

** **** ************ ** ******* *****.

**** ****, **** **** *** *** ** ** **/** ************ ** *****. ** ***'* **** '******' *** '********' ** 'negative' ********. *** **** ** ** ***** ********* ****** ** the ******** **********.

* **** *** *** * *** **** ******, ****** *** sheer ****** ** ******** ** *****, **** ************ ** ********* ***************** ** '******** *******'?

**** ********, ******* ******** ****** **** *** *******, *********** ********* 'numbers ** ******** *****' **** '****'... ** ** *** **** just ******* *** *** ** ** ****.

*******, ***, *** ********* ** **** ******** *** **** ******* on ******** **** **** ****-******* '****' ***** ***.

*** ** *** ****** ******* ************ ********* ********. **** ** the ********* *** '******* ** *****'.

*** ****** ****** *************** ** ******** ** ***** ****** *************** *** **** ** ****** ** ******** ** *** *** in ***** **** ******* *** ************ *******/********* ** ******** ******** exposed *************** ** ***** *** ********/********.

** * ******* *** *********** ********* ********* *********** ** ********* vulnerabilities **** * ****** ** **** - ** ****** **** it ** **** **** ******* ******** - * **** ** hard ** ******* * ***** ** **** **** *** **** majority ** **** ******* ******** ***** ********* *********** ** *************** are ********.

* ***** *** ****** *** ***** "** ********** **" *** "my ******* **" ** ** *****. *** **** ***** "******** down *** **** ***** ***" ** *****. * ** ***** slapstick *****. *** *'** *** ****** *** **** **** ** an *************** ******* **** * ********** ********.

*** **** *** *** ********* ** ***** ****** ******** **** would ** *** **** ** *** ***** ******** ******** ********, government *************, *** ***** ***** **** *** ******* **. *********** that ******* ***** **** ** ** **** *** ***** ********, solving *** ********** ***** ***** ****.

****: ***** ** ********** ****, ** **** ******* * *** topic -****** ******** ********, *** ** *******?

****, ** *** ******** ** *** ******* **** ***** ***** recovery ******.*** ****** ** ***** *************, ****** *** ** **** *****.

* ***** **** *** ***** ** **** ***** ****** ** password ******** ** ********** * **** ****. **** *** **** discussed **** ********.

**** ************* * **** ****** ****, **** *** ******* *** device, *** *********** ** *****, ** **** ** ******** *****'* get ****** ** *** ********. **** *** ** ******* ******** the *******, *** *** ******* ****** ***** **** ****** ** in *** ******* ****.

****, *** ***** ****** ***** *** ******** ****** *** **** access ** *** ****** ** ** *** ********** **********.

*** **** ***** ******** *********, **** ****** ** ********** ** requiring ******** ****** ** ***-**-****** (***) ******. * ******* ****** shouldnt ***** * ***** **** *** *******.

***** ***** ***** ** ***** ***** ********. *** **** ******** access ** ***** * ****** ******** *** * ******* ***** for ***** ***** ******.

********* **** **** *** ** ***** ******* ******** ********* **** issue. ** ** **** ****:

"*** ****** ** ******** ** ***** ** *** ***************** ******** from ** ***. * ****** ****** ** * **-****** ********* 'security ****' ***** '*******' *** * ********-**** ********** ******** *******."

*** ***'* ***** **** *** ********* ** ****'* *******, ** you?! :^*

******:

********* *** *********, ****** *** ******** ** **, **** *** send * ******* ******** ***** ***. ** **** ******* *** report ** ******* ****:

Hikvision ******** **** "******** ***** ******"

** ****** **, ****, ********* **** * '******* ********' ***** * **** ******** ******** "********* ***/*** ******** ***** ******". ** ******** * ******* ** ******** ********** ** ******** passwords ****** ******* *********. ** **** ********* * **** **** Hikvision ********* *************** ** ** ******* *** ******* *** **** to ****** *** **** ***********.

*** ********* *****:

(*) ********* ****** ** *** ******** ***** ** "**-****** ********* 'security ****'". ** ** *****, ** *** *** **** '******** code' ******* **** ** *********'* *** **** *** **** *******, e.g., *** ******* ** ********* ********* ******* ** * '******** ****'.

(*) ********* ******* ****** *** ******** **** ***** ******** **** was *******. ****** **** ********* * ***** ******** **** ***** overcome **** *******. **** ******** ** **** ** **** ** reviewing ** ****** **** ********* *** **** ******* ** ******.

*** ****** ******* ****** *** ****. *) *** ***** *** be ***** ** *** ** ****** **** **** *** *********, which ******* *** **** *******. ** ********* *****, **** ***'* want ** ****** *********** **** ***** ***** *****, *** ****** can **** ** *** *** *** *********. *) **** **** you ** **** **** * **** ***. * ******** ****** down ** ****** **** ******** **** ************** **** *** ***** you ** ******** **** **** *** ****, ***** *** ***'* know *** ******** *** **** *** **** *************. *** **** thing **** ****** ** ******* ** ** *** ********* ****/******** - ** ******* *** **** ** **...

* ******* *** ******* **** *** ***** ***** ** ***** are "*** **** *** *********" ******* **** **** *** ***** on *** ****/**** ** *** **** *** **** ****** ** 24 *****. ** ******, **** *** **********, *** ***** ** be ********* *** ***** *** * *** ****, ***** ****** it **** **** *********.

*** *** ***** * ******* ******* ***** ***** ** ****. Nothing *** ****.

* ***** ***%.

* ***'* ********** *** **** ****.

*** **** **** *** **** ** ****** ********** ******* ** on *** **** ***, ******* ********* *** *****.

*** *****, **** *** ********** ***** *** ******** *** **** access ** *** ***/***, *** **** ****** ** **** *********, meaningless ****** **** ****** ***** *****: **** ** ***** ***** spend **** *** ****** ******** ****. *** ***'* **** ****** to ******** ****, ****** **** *******, ******* ****, *******. **** again, ******** ** ***************** ** *** *************.

*** ***** *** **** *** **** ** ******* ** ******* from **** *********: **** **** * ****** ** **** ****** the ******** ** * ******* ******, ** *** ** ***** several ******* ***** ** **** *** ******* ** ******* ** Germany, **** *** ****!!

*.*.: ** *** ******** ******* ** ********* ************ **** *** videosurveillance ****** *** **** ****** **% ** ***** ***** ** recent ******.

* ** ********* ** ** *** ** ** **** ********** biased, *******-***** ******* **********.

**** **** ***** ********** ****.

********* ******

* ***'* ********** *** **** ****.

*** **** **** *** **** ** ****** ********** ******* ** on *** **** ***, ******* ********* *** *****.

***, ** ** *** ** **** * **** ** ************ ********.

*******, ** ** ********* * **** *** * **** **** Hikvision *** **** ***** **, ****'* *** ********* ******* *** code ********** ******* -********* ******** ** ******* ******** *****.

****** -

** *** * ********* ****** **** **** ********* ** ****** August **** ** ******* *** ******** **** *****, *** ***** Hikvision *** ***** ** **** ** **** *********** ** ***** the ******** ****. ** **** ** ********** * *** ****** tomorrow (****** ****) **** *** ******** ** *********'* ******* ***** password ***** *******.

**** ** *** *** **** *** ** ******** ***** *****. It **** ****** **** *** ********* ********* ****** ******* ** be **** ********* **** *********** ******. *********.

**** **** ************ ** * **********. :(

Update - ****/*** ******** ** ********* ******** *** *** ******

*** ******** ** *********'* ******** *** *** *** ******** ***** method *** **** ********:********* ******** ** ******* ******** *****

* ***** *** "****" *** ****. *** ** **** ***** agains *** **** ***** ******** -******* ****** ** ***** ***/*** is **** **** ****.

* **** ******* ******* *** **** ********. ********, ** **** need ******** ***** ******* *** **** *** **** * ******** recovery ****** ****'* ***** *** **** *** ****** **********. ******** access ****** **** **** ** **********. **** *****, **** ** we ** ***** ******** *****?

******: *-*** ***** **** ****.*.* ***** ****** (******** ****). *** ****** ** ******* *** **** *** **** *******.

******: ****** ********** ********* ********** ********* *** ***** ********** ** *** ******* ******** code *******:

********** *********' ********* *** ** ***** ***** *** ********* ******** code ********* ******** ** *** *************** ******** **** *******. ******** * **** **** **** **** ** ********* ****** Manager ****** *** ******** ** ******* (*****/****). **** **** ********* and ***** **** **** ******* **** ********** ** *** ********.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

New Whole Foods Installs Hackable Access Control on Feb 21, 2018
Whole Foods has built a reputation for high quality. And their 2017 Amazon acquisition has increased that, plus added deep pockets for buying...
Remote Network Access for Video Surveillance Guide on Feb 21, 2018
Remotely accessing surveillance systems is key in 2018, with more and more users relying on mobile apps as their main way of operating the system....
Visio For Video Surveillance Design on Feb 20, 2018
Many integrators have standardized on AutoCAD for camera layouts but new users may be overwhelmed by its learning curve. Microsoft's Visio...
IP Cameras Default Passwords Directory on Feb 09, 2018
Below is a directory of 50+ manufacturer's default passwords. Note: Change Default Passwords Leaving default passwords is dangerous and makes it...
Simplisafe 'All New' Generation 3 Tested on Feb 08, 2018
Feared by the traditional alarm industry, Simplisafe has launched its 'all new' Generation 3 platform that they declare is "Stronger. Faster....
Geovision Unprecedented Security Vulnerabilities And Backdoor on Feb 06, 2018
Cybersecurity vulnerabilities have plagued the video surveillance market. Now, Bashis, discover of the Dahua backdoor, has discovered 15...
US Congressional Hearing Features Hikvision on Jan 31, 2018
A US Congressional hearing asked questions about Hikvision's government ownership and cybersecurity issues, following the WSJ's investigations into...
Chinese Government Backdoor Spies on African Union Revealed on Jan 29, 2018
For 5 years, a Chinese government backdoor was used to spy on the African Union, according to a Le Monde investigative report. As is their...
Worst NVR / VMS Manufacturers 2018 on Jan 29, 2018
These are the manufacturers who integrators reported the most significant problems with. 220+ integrators answered: In the past year, what...
Project Plans for Security Integrators on Jan 26, 2018
How do security integrators typically plan projects? A detailed playbook with step by step execution? Just go out and do it? Somewhere in...

Most Recent Industry Reports

Aruba Networks Profile on Feb 22, 2018
Aruba Networks' presence in the video surveillance market has historically been limited. With a company focus on Wi-Fi first and switching...
US Army Base Specifies 70+ Outdated Hikvision Cameras on Feb 22, 2018
A US Army base has specified 70+ Hikvision IP cameras, a month after the WSJ reported a different Army base removed Hikvision IP cameras. While...
Directory of 30+ LPR / ANPR Providers on Feb 21, 2018
License Plate Recognition / Automatic Number Plate Recognition are a type of video analytics software that can identify and match license / number...
New Whole Foods Installs Hackable Access Control on Feb 21, 2018
Whole Foods has built a reputation for high quality. And their 2017 Amazon acquisition has increased that, plus added deep pockets for buying...
Remote Network Access for Video Surveillance Guide on Feb 21, 2018
Remotely accessing surveillance systems is key in 2018, with more and more users relying on mobile apps as their main way of operating the system....
Visio For Video Surveillance Design on Feb 20, 2018
Many integrators have standardized on AutoCAD for camera layouts but new users may be overwhelmed by its learning curve. Microsoft's Visio...
Health Care Insurance Integrator Benefits Statistics on Feb 20, 2018
How common and how much healthcare coverage is typically provided by security companies? 150+ integrators explained how their companies provide the...
Hikvision Deletes Genetec Support on Feb 20, 2018
There will be no peace between Hikvision and Genetec. A year after Genetec expelled Hikvision (and Huawei, citing Chinese government control...
Change Orders - Sometimes Necessary, Sometimes Unethical on Feb 19, 2018
Change orders are a common element in project sales. Sometimes they are a necessity and appropriate ways to deal with arising issues, but sometimes...
Bosch Merges Video, Intrusion and Access Businesses on Feb 19, 2018
Bosch is merging their "video systems, intrusion detection, as well as its access control and management software business units to form a single...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact