Hikvision Security Code Cracked
Hikvision's 'security code' feature has been cracked and a program generating security codes is being distributed online. IPVM has obtained and tested this program, verifying that it works.
Hikvision 'security code' allows unauthenticated users to access Hikvision recorders locally regardless of the admin password strength. Hikvision has used this as a tech support feature, as we covered and explained in this report.
Hikvision has historically called this 'security code' or 'security codes', e.g.:
Now, anyone with this program can generate a security code that resets the admin password and takes over the Hikvision recorder. Hikvision does not allow disabling this 'security code' feature.
Inside this note, we show how the program works, what it does and what risks it poses.
Cracked ******* ********
*** **** ********* ** *********** ** a ***** (****) ******* **********. ** does *** ******* *** ************ *** can ** *** ******** ******* ************* access ** *** ******* ************. ** are *** ************ *** *******, ** it ******** * ******** **** ** Hikvision *****.
** *** ******* ** *** **** generator, *** ****** **** ******** *** IP ******* ** *** ********* ********:
****, **** *** ** ******* ** verified ** ***** * ********* ****** you *** ***** *** ****** ****** of *** ****, *** *** **** you **** ** ******** * ***** code ***. **** **** ****, *** software ******* * ******** **** **** can ** **** ** ***** *** admin ********:
*** **** *** **** ** **** on *** ********* ******* ** **** out *** ***** ******** *** *** a *** ***, ** ***** ***** on *** **** ****:
* ******* ** *** ******** ** demonstrated ** * ******* *****:
[******] - *** ******** ****** ******* the *****, ** *** *** ******* a ***** *********** ****** *** ****** for ***** **.
***** **** *****, *** ****** ***** the ******* ** ******* *** ****, to ******** ***** *** ****** *****, or ** **** *** ****** **** of *** **** *** *********.
Feedback **** ******* ******* ******
*** ****** ** *** ********, ***** [link ** ****** *********]******, **** ** did *** ****** *** **** *** hacking, *** ******* ** **** ******, and **** *********** *** *** ******* channel. ** **** ** ** ******* on ******** *** ******** ** ******* reset ***** *** **** ********* *******, as ** ********* **** ***** *** recorders. ** **** ****** **** ******* assistance *** ********* ****[****** - *** ****** ******* *** Facebook **** ** ****].
Works ** *** *-***, ****** ***** ****
**** ******** **** *** ******** **** crack ******* ***** ** ** *** W-Box ******** ***** **-*******, ********* ******* over *** ***** ******* / **** on ***** ******** ** ***** ** the ********** *****:
** *** ****** *-*** ******** (*.*.*) the ***** **** ******, *** ******* to *** ********* ******** ** *** to ** ******* ** *** ********* local *******.
** ******* **** ************** **** (** ***** ***** *** easily **+)*** ******** ** **** ** ****.
[******: *-*** ***** **** ****.*.* ***** ****** (******** ****). *** ****** ** ******* *** code *** **** *******.]
Benefits ** ********* ******* / ********
********* ******* *** ******** *** ****** their **** ******* ***** *** **** by ********* **** ******* *** ***** password ****** ** **********, ****** **** having ** ******* *** **** *** Hikvision ** *******.
Benefits ** ********* ***********
********* ***********, **** *********** *** *************, can **** *** ***** *** ******** Hikvision ** ** ***** **** ******* to ****** ********* *********. ** ***** for * ******** **-**** *************, ********** since ********* *** ******** *** *********** of ****** ********* **** *** *** be ****** **********.
Detrimental ** ********** ********* *****
*********'* ** *** ****** ********* ******** with ****-****** ******* (******, *******, ***.) often ******** *** **** ********* ** lower ******. *** ********* *********'* ********** team ****** ** *** ******* ** get ******** ********* ******* *******, **** as *** ***** ******** ******. ** obtaining **** ****, ******* *** ******* their *** ******** ****** *** ********* without ******* ** ******* ********* *******, reducing ***** ********* ** *** ******* authorized ********.
Cannot ** ********
*************, *** '******** ****' ******* ** hard ***** **** ********* ********* *** cannot ** ********. ** **** ******** with ********* ** ** **** **** would *** **** ****** ** ***** users ** ***** **** *************.
Atypical *** ******* *************
*** ***** ******** ***** ******* ** rare ******* ** ******* *********. ***** has * ******* '***** ********' *******, and ** *********************** ******* *** ******** ****** ******** codes, *** ********* **** ********, *******, Milestone, ***. ** *** ***** * person ** **** ** ** *** recorder *** **** *** *** ***** password **** ******* *****.
Cybersecurity ******** *** *********
************* *** **** ** ******* ***** for *********. *** *********** *** ***** passwords ** ** ***** ** ***, and ******* *** ********* **********, ** an ***** ******. ****** *** ***** code ********* ****** ********* ***** *** systems **** **** ******. ********* *** made********************** **** **** ************* *********, *** they ***** ******** **** ***** ******** that ***** ***** ********* ** ** wiped *** ******, *** ******* **** notifying ***** **** **** ********.
********** *********, ***** ********* ** ****** to ****** ***** ********, **** *************** like ****** ***** ******** ****** ** severe ***********, *** **** ***** ****** any ******* **** ****** **** **** security.
UPDATE - **** ******* ** ******** *****
**** ****, ****** *** *** ******** in *** **** ** * ******* executable ********* ********** ** ******** **********-***** versions, ******** ** *****:
*** ******* ****** **** *** ** these ***** ******** *** **** ****** from * ***** ****** ******/**** ******. Though *********** ** *** ********* **** ********* it *** *** **** ** ***** firmware, *** ***** ***** **** ** does ***** **** ** ****** ******** firmware, ** ** ****** ** **.*.*.
*** ******* *** ********** ***** (*** presumably *** *******-***** ****) *** ** compute ***** ***** ***** ** ***** below, ********** **** **** **** *** device's ****** ****** *** **** ******** is ********** ** * '***** ******', with *** ****** ** *** '***** number' **** ********* ** ***** ********** that *** ** ******* ** * standard ********:
Update * - ********* ******** **** "******** ***** ******"
** ****** **, ****, ********* **** a '******* ********' ***** * **** ******** ******** "********* NVR/DVR ******** ***** ******". ** ******** * ******* ** evolving ********** ** ******** ********* ****** various *********. ** **** ********* * call **** ********* ********* *************** ** go ******* *** ******* *** **** to ****** *** **** ***********.
*** ********* *****:
(*) ********* ****** ** *** ******** codes ** "**-****** ********* '******** ****'". To ** *****, ** *** *** term '******** ****' ******* **** ** Hikvision's *** **** *** **** *******, e.g., *** ******* ** ********* ********* calling ** * '******** ****'.
(*) ********* ******* ****** *** ******** that ***** ******** **** *** *******. Rather **** ********* * ***** ******** that ***** ******** **** *******. **** approach ** **** ** **** ** reviewing ** ****** **** ********* *** then ******* ** ******.
Update * - ****/*** ******** ** ********* ******** *** *** ******
*** ******** ** *********'* ******** *** been ********:********* ******** ** ******* ******** *****