Hikvision's 'security code' feature has been cracked and a program generating security codes is being distributed online. IPVM has obtained and tested this program, verifying that it works.
Hikvision 'security code' allows unauthenticated users to access Hikvision recorders locally regardless of the admin password strength. Hikvision has used this as a tech support feature, as we covered and explained in this report.
Hikvision has historically called this 'security code' or 'security codes', e.g.:
Now, anyone with this program can generate a security code that resets the admin password and takes over the Hikvision recorder. Hikvision does not allow disabling this 'security code' feature.
Inside this note, we show how the program works, what it does and what risks it poses.