Hikvision Security Code Cracked

Author: IPVM Team, Published on Aug 08, 2017

Hikvision's 'security code' feature has been cracked and a program generating security codes is being distributed online. IPVM has obtained and tested this program, verifying that it works.

Hikvision 'security code' allows unauthenticated users to access Hikvision recorders locally regardless of the admin password strength. Hikvision has used this as a tech support feature, as we covered and explained in this report.

Hikvision has historically called this 'security code' or 'security codes', e.g.:

Now, anyone with this program can generate a security code that resets the admin password and takes over the Hikvision recorder. Hikvision does not allow disabling this 'security code' feature.

Inside this note, we show how the program works, what it does and what risks it poses.

*********'* '******** ****' ******* *** **** ******* *** * ******* generating ******** ***** ** ***** *********** ******. **** *** ******** and ****** **** *******, ********* **** ** *****.

********* '******** ****' ****** *************** ***** ** ****** ********* ********* locally ********** ** *** ***** ******** ********. ********* *** **** this ** ***** ******* *******, ** ** ******* *** ********* ** **** report.

********* *** ************ ****** **** '******** ****' ** '******** *****', e.g.:

***, ****** **** **** ******* *** ******** * ******** **** that ****** *** ***** ******** *** ***** **** *** ********* recorder. ********* **** *** ***** ********* **** '******** ****' *******.

****** **** ****, ** **** *** *** ******* *****, **** it **** *** **** ***** ** *****.

[***************]

Cracked ******* ********

*** **** ********* ** *********** ** * ***** (****) ******* executable. ** **** *** ******* *** ************ *** *** ** run ******** ******* ************* ****** ** *** ******* ************. ** are *** ************ *** *******, ** ** ******** * ******** risk ** ********* *****.

** *** ******* ** *** **** *********, *** ****** **** entering *** ** ******* ** *** ********* ********:

****, **** *** ** ******* ** ******** ** ***** * Hikvision ****** *** *** ***** *** ****** ****** ** *** unit, *** *** **** *** **** ** ******** * ***** code ***. **** **** ****, *** ******** ******* * ******** code **** *** ** **** ** ***** *** ***** ********:

*** **** *** **** ** **** ** *** ********* ******* to **** *** *** ***** ******** *** *** * *** one, ** ***** ***** ** *** **** ****:

* ******* ** *** ******** ** ************ ** * ******* video:

[******] - *** ******** ****** ******* *** *****, ** *** not ******* * ***** *********** ****** *** ****** *** ***** so.

***** **** *****, *** ****** ***** *** ******* ** ******* the ****, ** ******** ***** *** ****** *****, ** ** case *** ****** **** ** *** **** *** *********.

Feedback **** ******* ******* ******

*** ****** ** *** ********,***********, **** ** *** *** ****** *** **** *** *******, but ******* ** **** ******, *** **** *********** *** *** YouTube *******. ** **** ** ** ******* ** ******** *** software ** ******* ***** ***** *** **** ********* *******, ** it ********* **** ***** *** *********. ** **** ****** **** support ********** *** ********* ****[****** - *** ****** ******* *** ******** **** ** ****].

Works ** *** *-***, ****** ***** ****

**** ******** **** *** ******** **** ***** ******* ***** ** an *** *-*** ******** ***** **-*******, ********* ******* **** *** local ******* / **** ** ***** ******** ** ***** ** the ********** *****:

** *** ****** *-*** ******** (*.*.*) *** ***** **** ******, but ******* ** *** ********* ******** ** *** ** ** entered ** *** ********* ***** *******.

** ******* **** ************** **** (** ***** ***** *** ****** **+)*** ******** ** **** ** ****.

Benefits ** ********* ******* / ********

********* ******* *** ******** *** ****** ***** **** ******* ***** and **** ** ********* **** ******* *** ***** ******** ****** by **********, ****** **** ****** ** ******* *** **** *** Hikvision ** *******.

Benefits ** ********* ***********

********* ***********, **** *********** *** *************, *** **** *** ***** how ******** ********* ** ** ***** **** ******* ** ****** Hikvision *********. ** ***** *** * ******** **-**** *************, ********** since ********* *** ******** *** *********** ** ****** ********* **** can *** ** ****** **********.

Detrimental ** ********** ********* *****

*********'* ** *** ****** ********* ******** **** ****-****** ******* (******, Alibaba, ***.) ***** ******** *** **** ********* ** ***** ******. One ********* *********'* ********** **** ****** ** *** ******* ** get ******** ********* ******* *******, **** ** *** ***** ******** resets. ** ********* **** ****, ******* *** ******* ***** *** password ****** *** ********* ******* ******* ** ******* ********* *******, reducing ***** ********* ** *** ******* ********** ********.

Cannot ** ********

*************, *** '******** ****' ******* ** **** ***** **** ********* recorders *** ****** ** ********. ** **** ******** **** ********* if ** **** **** ***** *** **** ****** ** ***** users ** ***** **** *************.

Atypical *** ******* *************

*** ***** ******** ***** ******* ** **** ******* ** ******* companies. ***** *** * ******* '***** ********' *******, *** ** enterprising*********** ******* *** ******** ****** ******** *****, *** ********* **** ********, *******, *********, ***. ** *** allow * ****** ** **** ** ** *** ******** *** wipe *** *** ***** ******** **** ******* *****.

Cybersecurity ******** *** *********

************* *** **** ** ******* ***** *** *********. *** *********** for ***** ********* ** ** ***** ** ***, *** ******* any ********* **********, ** ** ***** ******. ****** *** ***** code ********* ****** ********* ***** *** ******* **** **** ******. Hikvision *** ************************** **** **** ************* *********, *** **** ***** ******** **** their ******** **** ***** ***** ********* ** ** ***** *** easily, *** ******* **** ********* ***** **** **** ********.

********** *********, ***** ********* ** ****** ** ****** ***** ********, view *************** **** ****** ***** ******** ****** ** ****** ***********, and **** ***** ****** *** ******* **** ****** **** **** security.

UPDATE - **** ******* ** ******** *****

**** ****, ****** *** *** ******** ** *** **** ** a ******* ********** ********* ********** ** ******** **********-***** ********, ******** of *****:

********* ******** ***** ****
********* ******* ******** ***** ****

*** ******* ****** **** *** ** ***** ***** ******** *** same ****** **** * ***** ****** ******/**** ******. ****** *********** ** *** ********* **** ********* ** *** *** **** on ***** ********, *** ***** ***** **** ** **** ***** **** ** recent ******** ********, ** ** ****** ** **.*.*.

*** ******* *** ********** ***** (*** ********** *** *******-***** ****) use ** ******* ***** ***** ***** ** ***** *****, ********** some **** **** *** ******'* ****** ****** *** **** ******** is ********** ** * '***** ******', **** *** ****** ** the '***** ******' **** ********* ** ***** ********** **** *** be ******* ** * ******** ********:

Update * - ********* ******** **** "******** ***** ******"

** ****** **, ****, ********* **** * '******* ********' ***** * **** ******** ******** "********* ***/*** ******** ***** ******". ** ******** * ******* ** ******** ********** ** ******** passwords ****** ******* *********. ** **** ********* * **** **** Hikvision ********* *************** ** ** ******* *** ******* *** **** to ****** *** **** ***********.

*** ********* *****:

(*) ********* ****** ** *** ******** ***** ** "**-****** ********* 'security ****'". ** ** *****, ** *** *** **** '******** code' ******* **** ** *********'* *** **** *** **** *******, e.g., *** ******* ** ********* ********* ******* ** * '******** ****'.

(*) ********* ******* ****** *** ******** **** ***** ******** **** was *******. ****** **** ********* * ***** ******** **** ***** overcome **** *******. **** ******** ** **** ** **** ** reviewing ** ****** **** ********* *** **** ******* ** ******.

Update * - ****/*** ******** ** ********* ******** *** *** ******

*** ******** ** *********'* ******** *** **** ********:********* ******** ** ******* ******** *****

Comments (55)

Sean Nelson

Nelly Security | 08/08/17 05:28pm

* ***** ****** ** *** ******** *********** ***** ** *** best ****** ** ********* **** *****. ** ***** ** ******, effective, *** ***** ****** **** ******* ***** ** ****

Undisclosed Integrator #1

08/08/17 01:08pm

** ** *****, **** **** **** **** ******* ** *** LAN ** ** ***** * *** ** *** **** ******** as ****? * ***'* ***** *** **** **** ***** ******** but * **** ** **** **** * ********** **** **** accurately

Brian Karas

IPVM | In reply to Undisclosed Integrator #1 | 08/08/17 06:26pm

**** ********* ****** ** ********* *** ********* *******, ** *** are ******* ** ***** ** ** * *** (** ***).

Brian Karas

IPVM | 08/08/17 09:04pm

****** -

***** **** ********** ****** ** *** ******* ******* ******** *******:

Undisclosed Integrator #2

08/08/17 09:15pm

*** *****,

*** **** **** ******* ****** **** ***"********* ******** ***** ****" that ** ********* ** *********? **** **** * *** ********* it ***** **** ** ** **** * ********* *** **** what **** **** ****** ** ***** *******.

*****://*********.***/*****/*********-********-*****-****/

Brian Karas

IPVM | In reply to Undisclosed Integrator #2 | 08/08/17 11:33pm

** *** **** ***** ** **** ***** **** *** *** previous ******* *** **********. **** ******** *** **** ****** **** the ****** *******/***** ** ****** ****. *** *** ******* **** they *** ********* ********* ***'* ********* *** **** *******.

*** ********* ****** *** ***** ** *** ****** ** ******* this:

UPDATE - **** ******* ** ******** *****

**** ****, ****** *** *** ******** ** *** **** ** a ******* ********** ********* ********** ** ******** **********-***** ********, ******** of *****:

********* ******** ***** ****
********* ******* ******** ***** ****

*** ******* ****** **** *** ** ***** ***** ******** *** same ****** **** * ***** ****** ******/**** ******. ****** *********** ** *** ********* **** ********* ** *** *** **** on ***** ********, ***** ***** **** ** **** ***** **** ** ****** recorder ********, ** ** *** ****** ** ******* *.*.*.

Undisclosed Integrator #1

In reply to Brian Karas | 08/09/17 12:32am

* ******* *** ***** ********* ** *** ***** **** *** older ******** *** ****'* **** *******. *** ***** **** ***** work ** ****?

Brian Karas

IPVM | In reply to Undisclosed Integrator #1 | 08/09/17 12:38am

**** *** *****, *** ********* *** ***** ** ***** **** these *****, ****** *** ****** *** ****, ** **** ***** the ***** *** ** ** **** **** *** ********* ***** console. *****, **** ****, *** ******* * ******** ****.

Sean Nelson

Nelly Security | In reply to Brian Karas | 08/09/17 01:13pm

****** ** *** ******* *********, ** ***** *** **** ********* on **** ***** ******** ******** *** ** ***** ****. ** will *** ***** ** *******.

Brian Karas

IPVM | In reply to Sean Nelson | 08/09/17 01:28pm

**** - *** *** ******* ******* ** **** ********/******** ******** you ******? ****, *** *** *** *** ***** ***** **** via **** ** **** **** *** ***** *******?

Ryan O'Daniel

IPVMU Certified | In reply to Brian Karas | 08/09/17 05:33pm

*** ***** **** ***** ** *** *** ****** ** "*****" firmwares **** **** *** ****** **** **** ****** *** ** enter * ****** ****. *** ***** ********* ***'* **** *** hidden **** ** ****/****, ******* ****** *** * **** ******** file **** ** ******** ** ** ******* ****** *** ******* setup.

**** ******* * ****** ** ** * ****** **** ******** 5.4.0, * ****** **** ******** *.*.*, *** *.*.* *** **** of **** ******.

*******, ** **** ***** ******* **** ******** ***** *.*.*. * tested ** ** ** *** **-*******-* **** ******** *.*.* *** it ******.

Brian Karas

IPVM | In reply to Ryan O'Daniel | 08/10/17 04:58am

**** ******* * ****** ** ** * ******

** ********* ******** ***** ** *** ******, **** *** ******** at *********, *** *******. **** ********* **** ****** ******** ***** be ******** ***** *** ***** *********.

*******, * ******** ********* ** ** * ****** **** **** cameras *** ****. ** *** *** ********* * ********* ********, the ******* *** ********* ***** ** ** "****** **" **** a ******* ***********, *** **** ****** *** ******** **********. ************, the ******* ***** ********* *** ***** *** *****.

*** ********, *******, *** ****** *****, *** ******** ****** ** all *** ******* ********* ** **. ********* *** ********* ************** opens ** *** **** ** * **** ****** ******* ****.

Steven Burman

08/09/17 03:07pm

** ** ****, *** ** *** ** **** ************ **** a **** **** ****** * ********. * *** * ****** lose *** ******** ** ***** ***** ***** ***, *** *** factory ******** * ****-****** ***** ******* ** ** ***** ** default. *******, **** *** ****** **** ** **, *** *'* sure **** ************* ***** ** ****** **** ***.

Brian Karas

IPVM | In reply to Steven Burman | 08/09/17 03:20pm

*** *** ******* **** ********* ** *** *** **** ******* with * **** **** ********, ** ******* *** ***** *** XiongMai ** *** ***** ********* **** **** **** **** ********. It *** **** ***** **** **** ** *** **** ****** among ***-******* *************, *** ** ****** *** ******** ******* ********** (e.g.:a **** ******** ** *** * ***** *******) ** ***** be ********** ** ******* **** ***** ************* **** **** ********.

************, ***** ** * ********** ******* * "***** ** ********" and ** ***** ******** *****. **** * ******* *****, *** situation ****** ** **** **** *******, *** ***** ********* ******* wiping *** ****** ***** ** ****** ** *************. **** ** least ***** ** ****** ** ****** **** *** **** *** been ***********, *** ********* ***** ** ** **** ******* ****** retrieve **** **** *** **** ** ** ** ***********. ** also ******* *** *** ***** ** ******* ***, ********* ******** access ** * ****** ** ****** ****** *** **** **** makes ** **** **** ********* *** ** ******** ** ** this ******* ***** *******.

Steven Burman

08/09/17 03:27pm

***, ** ********* ** ** ****, * **** ********* ********* has ************ ******** ** ****, *******, * ******'* ** ********* to **** **** ** ***** * ******** **** *** ***-******* companies. *** * ** ****** **** *** **** ****** ** the ***** **** *** * ********* ** *** ********, *** data *** **** ******. * ***** ****, ****** **** ***** is * ********** ***** **** **** "****** **" *** "*********" is ********* *****'* ******** *** **********.

Undisclosed Integrator #3

08/09/17 03:43pm

**** **** ** ** *** ***. * ** ****** **** that **** ****** ***** *** **% ** *** ********* ******* out ** *** *****. * **** **** *********'* **** ****** to ***** ***** ******** *** ****** **** ***** *********'* ********, 5.4.x(these *** *** *******), *** ****** ********* **** ** ****** works.

** * ***** ********* ********, *** ***** **** ** ****** a *** **** **** *** ******/*** ***** **** ** * local *******, ****, **** ** **** ** ********* ***********. ********* Techsupport ***** ***** *** **** * *** **** ***** **** that *** *** ****** **** ***** ****, **** *** ***** password ***** ** *****.

********* *** **** **** **** ** ******* **** ********* ******* authoirzed ** ******* **** ** *** ****** ********* ** *******.

John Honovich

IPVM | In reply to Undisclosed Integrator #3 | 08/09/17 03:46pm

*****, ****** *** *** ********.

********* *** **** **** **** ** ******* **** ********* ******* authoirzed ** ******* **** ** *** ****** ********* ** *******.

********: *******, *** *** **** **** **** ** ****?

Myung Kim

In reply to John Honovich | 08/09/17 03:51pm

********* *** **** **** ** *********** ** *** ******** **** sold ** ***,***-** ****** *** **** *****.

**** **** **** ****** ** *********'* ***** ****** ******** ** some ****. * ***** **** ** *** *********** ** * Winic ********* ***, *** **** ******* **** **** *** **** to *****. **** **** ****** ***** ***** ** ***, *** understandable. **** ** ** **** **** ******* **** ** *** Hikvision, *** ********* *****.

Undisclosed Integrator #1

In reply to Myung Kim | 08/09/17 06:23pm

********* ******** *** ** ****** *** ****** ****** ** *** unit. ****'* *** **** ***** **.

Undisclosed Manufacturer #4

In reply to Undisclosed Integrator #3 | 08/09/17 03:55pm

** ****** *** ***** ********'* ********* *** *** ** **** a ****** *** ********* *** ***** ********, ***** **** **** a *** ****** ****** **** **** ******* ***** ***** ******. You ***** "****** ********" ** *** *** *** ** ***** a ******** **** *** *** ** ****** *** ***** ******** on *** ***** ***.

Brian Karas

IPVM | 08/09/17 04:21pm

****** -

***** **** ********** ****** ** *** *-*** **** ******* ** list *** ***** ****** ****** (**-*******) *** ** ******* **** ** ****** **** **** *** older ********, *** *** ***** ******* **** *** ******/****** ********, 3.4.2.

Undisclosed Integrator #1

08/09/17 06:28pm

**** ** ******** ** ***** **** *** ****. *** ****** generator *** ***** ******* *** ******** *** **** ****** *** years. ***** ******** *** ***** ****. **** * ***** **** this * *** ******** ******* *** ******* *** *** *** to ***** ******** *** ****'* *** *** ****.

*** **** ******* **** ** **** **** ******* ***** *** have ***** ********* ***** *** *** *** ******* ****'** ******* old ********, ** **** *******?

Brian Karas

IPVM | In reply to Undisclosed Integrator #1 | 08/09/17 07:02pm

*** **** ******* **** ** **** **** ******* ***** *** have ***** ********* ***** *** *** *** ******* ****'** ******* old ********, ** **** *******?

Undisclosed Integrator #1

In reply to Brian Karas | 08/09/17 08:20pm

***** ********* ****** *** *** **** **** *** ****** ********?

*** ****** ***** ***** **** **** ***** ******* **** ***'* upgrade ** *** ****** ******** ** ******** *********. ****'* ** to *** ***.

Undisclosed Distributor #8

In reply to Undisclosed Integrator #1 | 08/10/17 06:02am

* ******* **** ** *** ***-*** ******, *** * *** K ******, ******* *******.

**** ***** **** * *** **** ** *** ******.

Undisclosed Integrator #1

In reply to Undisclosed Integrator #1 | 08/10/17 10:30pm

**** ******** ** *****, *** **** **** ********* ** ******* hikvision ******** **** *** ****** ********? ** **** *** *-*** unit?

Brian Karas

IPVM | In reply to Undisclosed Integrator #1 | 08/10/17 11:38pm

***** *** *** ******/******** ******** **** ** **** **** ** successfully ******* *** ***** ******** ***** **:

********* **-******-**/** ********:

**.*.****** ******

**.*.* ***** ******

**** **-******* ********:

**.*.****** ******

** *** **** *** *** ******* ** * ******** ***** NVR *** ** *** ***, ******* ** ***** ******** *** generated **** **** ********** ** ***** ******** *****.

Undisclosed Integrator #1

In reply to Brian Karas | 08/11/17 12:26am

** ***** ** *********'* ********, *** ***** **** ****'* ******** anymore. ***** *** *** ****** ********, *** ******* *** * series ****.

*** ***** ** **** **** *** ***** ****. ******* ** longer **** **** **** ******** **** ***** *** ***** **** don't ******.

Undisclosed Integrator #5

08/09/17 07:48pm

* ***'* ******* ********* ** *** **** ************ *** *** a *** ** **** **** * ******** ******* ****** *** password *****. * **** **** ****** *** **** **** ***** when ********* *** **** ** ********* ** ** *** *** back **** *** ********* - (**** ******** **** ****** ******* manufacturers ** ****). ** * ****** ** * *********** **** running ***** ********* * **** * *** **** **** **** within *******. *** ** **** ** ** ****** (** ******** logged ** ** *** ***** ****** **** * ********** **** program) *** ****** ******* **** *** ********* ***** ** ******** then ******* ** *** ******** ******** *********. *** * ************ I **** *** **** **** ************ ** ** ***** ** I ***'* **** ** **** **** ******* ** **** ** back **** ** - *** *'* *** * **** *'* in *****! ** ** ***'* **** * ********* *****, *** reported *** *** ** * ********* *** ** ** **, but *** ******** ** *** **** ***** ********* ******* ******* the *********.

************, *** ***** *** *** **** ** ******* ***** **** this **** ******** ***********. ***** **** *** ****** ***** ** be ****** - ** **'* ******** ** ******* ****** ***** be *** *******, *** ****'* *** ****** **** * ***** person ***** **** *** ***** ******** ** **** ** *** - ******* ** *** ** ********** - *** *** ******* have *** *********.

Undisclosed Integrator #2

In reply to Undisclosed Integrator #5 | 08/09/17 08:08pm

*** ******* ***** **** **** ******** ***** ****** ** **** all *** **** ** ******* ** ** ****** ** *** LAN. **** * **** ** ****** **** ** ********* **** on *** ******** ******* **** ********* ******* * *** *** them ***. **** ** ** ********** ** ***** ************ **** have * ******** ***** ****** **** **** ** **** ** reset *** ***** ********. **** ** * ***** ** *** discussion.

Steven Burman

In reply to Undisclosed Integrator #5 | 08/09/17 08:43pm

**** ***** ***** ** ***** ************ ** *** **** ****** some ** *** ****** *** ******** ****. ** ***** ********. Being * ************ **** ******* ****** ******** ** *** ********, personal ******* ****** ** ********* ****** ** *** ******.

Undisclosed Integrator #2

In reply to Steven Burman | 08/09/17 09:46pm

* *****. *** **** ****** *** ** **** ** * large ***** ** **** ********. * **** ***** ** ******** on ********* ** ** ******** ******* **** **** *** ***** of **** ****. *** *** **** ** ****** ********* ************.

Steven Burman

In reply to Undisclosed Integrator #2 | 08/09/17 10:05pm

* ****'* ******** ** **** ****, *** ** **** ****'* readily ******** ********* ******* ***. * ****** ***'* ********** *** they *** ******* ** **** ***** ** * ******** ** low-end ** ****** ************* ******* ***** ******* **** **** ** no *****-******** ***********. *'* *** ********* ***, ***** *** ********, I ********* **** **** **** **-****** "******* ******", ****** ************ called *** ** ** ******. *** ** * ****, * grow ***** ** ****** **** ** ********* * ******** ****** portrayed ** "****** ****".

John Honovich

IPVM | In reply to Steven Burman | 08/09/17 10:20pm

******, ****** *** **** ********. * ********** **.

** *** *** ********* ******* *********, **** ** * ****** accusation. ** ************ *****, ********* *** ****** ***** ** ****, Anixter ****** ***** ** **** ****, ******** ****** ***** ** hate ****, **** ****** ***** ** **** ****, ** *** on...

*** ***** ** ***** ******* **** ****** *** ******. ** Hikvision *** *** *** ******* *** ******** *** ****, ***. are ***** ** **** *** **** ********* **** ***** *******. This ** *** * ****** ****** - ***** *** ********* far **** ****** *** ************ ****** (***** ** **** **** focuses **) **** ******* *******.

******** ** ***-*** ** ****** ************* ******* ***** ******* **** poor ** ** *****-******** ***********

*** *******,****** *** ****** ***,*** ****** ************* *** '**********'. ** *** **** *********** *** ******** ****. ** ******* not ** ** * ****, *** ******* ** '****' *** 'NeoCoolCam' ****** (** **** ** **** *** **** ***) *** because ** **** *** ******* ************** ******* *** *** ******* with ****, ** ** ** ********** ** **** **** **.

* **** **** ***** ******* *** ********* *******. ***** ** answer **** ********* ****.

******** *******

******, **** **** ** '******** *******' ************ ** *** **** IPVM ** ****** ******* ******?

Steven Burman

In reply to John Honovich | 08/09/17 10:39pm

******* ***. ** * **** ** ***** *** ***** ****** of "********" ***** ********* *************, ** * ********* ** *********** that *** ****** ** ******** *********** ** *** ***** *** outnumber ******** *********** ***** *************?

John Honovich

IPVM | In reply to Steven Burman | 08/09/17 10:48pm

******,

** **** ****** ** ******** ***** ***** *********, **** **** the ****** ** ***:

********* ********* **** ******** *********
********* ******** ******* *******
********* *.***+ ******
********* ***** ****** - ******** ** **** ****

** *** ***** ** ******** ******** *** ************* ***** ********* **** ** *** ***** ** **** ***** almost *** ***** ******* ******* ** *********'* ***** ****.

Steven Burman

In reply to John Honovich | 08/09/17 11:23pm

******* **** ** **** ***** *******. ** *** ** * complete ******, *** *** * ****** ** * ****, ******* the ****** ** ********* ****** *********** ******* *** *** * most ********* ********, **** ** *** ******* **** ***** ****? My *** ********** ** **** *** **** ******* ******* *** negative ***** *** ** *********. * ***** ** *****, *** it ******'* **** ** *** ***** ****.

John Honovich

IPVM | In reply to Steven Burman | 08/09/17 11:29pm

******,

*** ***** **** *** **** "******** *******" *** *** "******** ******" ******* *********.

* **** ***** *** ******** ******** ** ******** ********* **** a ********** ****** ***** ******** **** ******* **** '******' *** 'personal *******' ***** *** **. *** *** *** ******* ** as, *** * *****, '*******'.

**** ********** **** ** ****** *** **** ** ********* *** many ********* *** ***** ** ******* *** ******** *********. *** just ******* ** *** ******** **** *** **** ** *** wrong ** **** ** *** '********' ******* ****.

* ** *** ****** *** ***** - ************ **** ********* that **** *** **** ** '********' ** ****** ******* *********?

Steven Burman

In reply to John Honovich | 08/09/17 11:55pm

******* *** ****** ** ******** *********** ** *** ***** ** heavily ******** ******** *********** ** ***** *************. *** * ********** person ***** **** ** ***** *** ****** ** ******** ******** over *** ****** ******** ** *** ****** ** ******** ****, and *** **** ** * ****** ** ******* **** *** positive / ******** ***** ** ******** ********** ***** *************. ******* that *** ****** * "********" ******** **** *** ****** *** no ***** ********** ******* *** ************ ********* *****. ** **** statement **** * ********* **** * ** "*******" ****'* ******** accurate. ******* *** ********** ****** ***** ********* *** * ******** articles ** ***** **** ** ******** ****, *** ****** *** other ******* ********* ****** **** >*/* *****, *** **** ********** person ***** ******** ******** **** *** *** ****** **** **** personal ****** ******* ****.

John Honovich

IPVM | In reply to Steven Burman | 08/10/17 12:36am

**** *** ****** * "********" ******** **** *** ****** *** no ***** ********** ******* *** ************...********* *** * ******** ******** ** ***** **** ** ******** ones

******, ** ****. ** **** *** ********* ******** ***** ** 25 ******** ***** ** ********* **** ******. ** *** **** to ********* ** **** ** ****, ** ** ** *****, do *** ******* ************* **** *** ******* *****.

**** ******, ***** **** ****, ** **** ********* ** *************, ** ** ***** **** **** ** *********, ********* **** one ****.

** ******** ** *** * ******** **** ***** *****, ** have * ******** ********** ** ***** -***** ** ****** ****** ** ********* (******* )*** * ***** ***** **** *** ******* ** ******** -********* *** ***-**** ****** ****************** *.***+ ****** ****** (****).

** **** ************ ** ******* *****.

**** ****, **** **** *** *** ** ** **/** ************ ** *****. ** ***'* **** '******' *** '********' ** 'negative' ********. *** **** ** ** ***** ********* ****** ** the ******** **********.

* **** *** *** * *** **** ******, ****** *** sheer ****** ** ******** ** *****, **** ************ ** ********* ***************** ** '******** *******'?

Undisclosed #7

In reply to Steven Burman | 08/10/17 02:53am

**** ********, ******* ******** ****** **** *** *******, *********** ********* 'numbers ** ******** *****' **** '****'... ** ** *** **** just ******* *** *** ** ** ****.

*******, ***, *** ********* ** **** ******** *** **** ******* on ******** **** **** ****-******* '****' ***** ***.

*** ** *** ****** ******* ************ ********* ********. **** ** the ********* *** '******* ** *****'.

*** ****** ****** *************** ** ******** ** ***** ****** *************** *** **** ** ****** ** ******** ** *** *** in ***** **** ******* *** ************ *******/********* ** ******** ******** exposed *************** ** ***** *** ********/********.

** * ******* *** *********** ********* ********* *********** ** ********* vulnerabilities **** * ****** ** **** - ** ****** **** it ** **** **** ******* ******** - * **** ** hard ** ******* * ***** ** **** **** *** **** majority ** **** ******* ******** ***** ********* *********** ** *************** are ********.

Steven Burman

In reply to Undisclosed #7 | 08/10/17 01:40pm

* ***** *** ****** *** ***** "** ********** **" *** "my ******* **" ** ** *****. *** **** ***** "******** down *** **** ***** ***" ** *****. * ** ***** slapstick *****. *** *'** *** ****** *** **** **** ** an *************** ******* **** * ********** ********.

Undisclosed #9

In reply to Steven Burman | 08/10/17 10:36am

*** **** *** *** ********* ** ***** ****** ******** **** would ** *** **** ** *** ***** ******** ******** ********, government *************, *** ***** ***** **** *** ******* **. *********** that ******* ***** **** ** ** **** *** ***** ********, solving *** ********** ***** ***** ****.

John Honovich

IPVM | 08/09/17 08:20pm

****: ***** ** ********** ****, ** **** ******* * *** topic -****** ******** ********, *** ** *******?

****, ** *** ******** ** *** ******* **** ***** ***** recovery ******.*** ****** ** ***** *************, ****** *** ** **** *****.

Undisclosed Manufacturer #6

08/10/17 01:30pm

* ***** **** *** ***** ** **** ***** ****** ** password ******** ** ********** * **** ****. **** *** **** discussed **** ********.

**** ************* * **** ****** ****, **** *** ******* *** device, *** *********** ** *****, ** **** ** ******** *****'* get ****** ** *** ********. **** *** ** ******* ******** the *******, *** *** ******* ****** ***** **** ****** ** in *** ******* ****.

****, *** ***** ****** ***** *** ******** ****** *** **** access ** *** ****** ** ** *** ********** **********.

*** **** ***** ******** *********, **** ****** ** ********** ** requiring ******** ****** ** ***-**-****** (***) ******. * ******* ****** shouldnt ***** * ***** **** *** *******.

***** ***** ***** ** ***** ***** ********. *** **** ******** access ** ***** * ****** ******** *** * ******* ***** for ***** ***** ******.

Joseph Marotta

IPVMU Certified | 08/10/17 10:05pm

********* **** **** *** ** ***** ******* ******** ********* **** issue. ** ** **** ****:

"*** ****** ** ******** ** ***** ** *** ***************** ******** from ** ***. * ****** ****** ** * **-****** ********* 'security ****' ***** '*******' *** * ********-**** ********** ******** *******."

*** ***'* ***** **** *** ********* ** ****'* *******, ** you?! :^*

Brian Karas

IPVM | 08/10/17 11:42pm

******:

********* *** *********, ****** *** ******** ** **, **** *** send * ******* ******** ***** ***. ** **** ******* *** report ** ******* ****:

Hikvision ******** **** "******** ***** ******"

*** ********* *****:

Undisclosed Manufacturer #6

08/11/17 02:43pm

*** ****** ******* ****** *** ****. *) *** ***** *** be ***** ** *** ** ****** **** **** *** *********, which ******* *** **** *******. ** ********* *****, **** ***'* want ** ****** *********** **** ***** ***** *****, *** ****** can **** ** *** *** *** *********. *) **** **** you ** **** **** * **** ***. * ******** ****** down ** ****** **** ******** **** ************** **** *** ***** you ** ******** **** **** *** ****, ***** *** ***'* know *** ******** *** **** *** **** *************. *** **** thing **** ****** ** ******* ** ** *** ********* ****/******** - ** ******* *** **** ** **...

* ******* *** ******* **** *** ***** ***** ** ***** are "*** **** *** *********" ******* **** **** *** ***** on *** ****/**** ** *** **** *** **** ****** ** 24 *****. ** ******, **** *** **********, *** ***** ** be ********* *** ***** *** * *** ****, ***** ****** it **** **** *********.

Undisclosed Integrator #10

08/14/17 12:34pm

*** *** ***** * ******* ******* ***** ***** ** ****. Nothing *** ****.

Brian Karas

IPVM | 08/14/17 03:02pm

****** -

** *** * ********* ****** **** **** ********* ** ****** August **** ** ******* *** ******** **** *****, *** ***** Hikvision *** ***** ** **** ** **** *********** ** ***** the ******** ****. ** **** ** ********** * *** ****** tomorrow (****** ****) **** *** ******** ** *********'* ******* ***** password ***** *******.

Sean Nelson

Nelly Security | In reply to Brian Karas | 08/14/17 07:59am

**** ** *** *** **** *** ** ******** ***** *****. It **** ****** **** *** ********* ********* ****** ******* ** be **** ********* **** *********** ******. *********.

Undisclosed #7

In reply to Sean Nelson | 08/14/17 03:10pm

**** **** ************ ** * **********. :(

Brian Karas

IPVM | 08/15/17 04:53pm

Update - ****/*** ******** ** ********* ******** *** *** ******

*** ******** ** *********'* ******** *** *** *** ******** ***** method *** **** ********:********* ******** ** ******* ******** *****

Dawid Adamczyk

08/15/17 07:27pm

* ***** *** "****" *** ****. *** ** **** ***** agains *** **** ***** ******** -******* ****** ** ***** ***/*** is **** **** ****.

Robert Shih

SavvyTech Security | In reply to Dawid Adamczyk | 08/16/17 01:53pm

* **** ******* ******* *** **** ********. ********, ** **** need ******** ***** ******* *** **** *** **** * ******** recovery ****** ****'* ***** *** **** *** ****** **********. ******** access ****** **** **** ** **********. **** *****, **** ** we ** ***** ******** *****?

Login to read this IPVM report.

Why do I need to log in?

IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Today, Thursday, August 17th is the last day to save $50 on the September IP Networking Course. This is the only networking course designed...

Hikvision Responds To Cracked Security Codes on Aug 15, 2017

Hikvision has responded to IPVM's report on Hikvision's security code being cracked, both with a 2 page update to dealers and communication...

Vulnerability Directory For Access Control Cards on Aug 14, 2017

Knowing which access credentials are insecure can be unclear, especially because most look and feel the same. Even the most insecure 125 kHz types...

US Army Bans Chinese DJI Drones on Aug 08, 2017

The US Army has issued a ban on Chinese-made DJI drones. A US Army memo obtained by sUAS News references a classified document from the Army...

Dahua Suffers Second Major Vulnerability, Silent [Finally Acknowledges] on Jul 25, 2017

Less than 3 months ago, Dahua received DHS ICS-CERT's worst score of 10.0 for their backdoor. Now, Dahua has received another 10.0 score for a new...

Wireless Burglar Alarm Sensors Guide on Jul 21, 2017

Wireless sensors for burglar alarm sensors are an increasingly common option for the historical labor intensive wired alarm systems. However,...

PR Campaign Exploiting Manufacturer Cybersecurity on Jul 20, 2017

Manufacturers increasingly have a bulls-eye on their back. As cyber security solutions providers grow, they realize a great way to get publicity...

Hikvision USA Head of Cybersecurity Exits on Jul 18, 2017

Hikvision USA's Head of Cybersecurity has exited the company. In this note, we review the move, share Hikvision's feedback and examine the...

Wrongly Accused Critical Vulnerability for Vivotek on Jul 13, 2017

Vulnerabilities are an increasing branding and business problem for video surveillance manufacturers. However, sometimes vulnerabilities reported...

Most Recent Industry Reports

Final Day Save $50 - IP Networking Course September 2017 on Aug 17, 2017

Today, Thursday, August 17th is the last day to save $50 on the September IP Networking Course. This is the only networking course designed...

Directory Of Consumer Security Cameras on Aug 16, 2017

The consumer camera segment continues to grow, with new startups and models from existing players released seemingly every month. In this report we...

Cat 5e vs Cat 6 vs Cat 6a Network Cable Usage Statistics on Aug 16, 2017

Cat 5e? Cat 6? Cat 6a? What do integrators use in practice, today? 140+ integrators told IPVM. Here are the results: For those who want to...

Hikvision Responds To Cracked Security Codes on Aug 15, 2017

Hikvision has responded to IPVM's report on Hikvision's security code being cracked, both with a 2 page update to dealers and communication...

Stolen Video NVR / DVR Statistics on Aug 15, 2017

"But what happens if someone steals my recorder?" Anyone who has done more than a handful of jobs has probably heard this question several times....

Hikvision Europe Cutting Out Unauthorized End User Sales on Aug 15, 2017

The days of anyone buying Hikvision from anywhere off the Internet are numbered, at least in Europe, if Hikvision's plan comes to fruition. In...

Axis Laser Focus PTZ Tested on Aug 14, 2017

Axis has been touting its new Q6155-E laser focus PTZ as 'always in focus' and 'always in color'. Does it really deliver? We bought and tested...

Vulnerability Directory For Access Control Cards on Aug 14, 2017

Knowing which access credentials are insecure can be unclear, especially because most look and feel the same. Even the most insecure 125 kHz types...

IP Camera Specification / RFP Guide 2017 on Aug 14, 2017

RFPs are hard. Do them 'right' and it takes a lot of knowledge and time. Do them 'wrong' and you can be (a) unwittingly locked into a specific...

Cellphone Usage Issues For Integrators (Statistics) on Aug 11, 2017

Cellphones clearly offer significant advantages in communication and problem solving. But they can also be a major pain point if employees...

Hikvision Security Code Cracked

Comments (55)

Sean Nelson

Undisclosed Integrator #1

Brian Karas

Brian Karas

Undisclosed Integrator #2

Brian Karas

Undisclosed Integrator #1

Brian Karas

Sean Nelson

Brian Karas

Ryan O'Daniel

Brian Karas

Steven Burman

Brian Karas

Steven Burman

Undisclosed Integrator #3

John Honovich

Myung Kim

Undisclosed Integrator #1

Undisclosed Manufacturer #4

Brian Karas

Undisclosed Integrator #1

Brian Karas

Undisclosed Integrator #1

Undisclosed Distributor #8

Undisclosed Integrator #1

Brian Karas

Undisclosed Integrator #1

Undisclosed Integrator #5

Undisclosed Integrator #2

Steven Burman

Undisclosed Integrator #2

Steven Burman

John Honovich

Steven Burman

John Honovich

Steven Burman

John Honovich

Steven Burman

John Honovich

Undisclosed #7

Steven Burman

Undisclosed #9

John Honovich

Undisclosed Manufacturer #6

Joseph Marotta

Brian Karas

Undisclosed Manufacturer #6

Undisclosed Integrator #10

Brian Karas

Sean Nelson

Undisclosed #7

Brian Karas

Dawid Adamczyk

Robert Shih

Login to read this IPVM report.

Related Reports

Most Recent Industry Reports

Member Login