Hikvision Anti Hacking Firmware Tested
Author: Ethan Ace, Published on Jun 03, 2015Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.
Related Reports
April 2018 IP Networking Course
on Apr 19, 2018
This is the last chance to register for our IP Networking course. Register now.
NEW - 2 sessions per class, 'day' and 'night' to give you double...
'Best In Show' Fails
on Apr 19, 2018
ISC West's "Best In Show" has failed.
For more than a decade, it has become increasingly irrelevant as the selections exhibit a cartoon level...
Worst Access Control 2018
on Apr 18, 2018
Three access control providers stood out as providing the most problems for integrators.
In this report, we analyze the answers to:
"In the...
Axis VMD4 Analytics Tested
on Apr 17, 2018
Axis is now on its 4th generation of video motion detection (VMD), which Axis calls "a free video analytics application." In this generation, Axis...
Best and Worst ISC West 2018
on Apr 16, 2018
ISC West 2018 had strong attendance, modest overall new products, and a surge in Artificial Intelligence marketing.
First, here are 20+...
Eocortex / Macroscop VMS Company Profile
on Apr 09, 2018
Eocortex is the international brand of Russian VMS manufacturer Macroscop. Macroscop was founded in 2008, and the Eocortex name created in 2013. We...
TVT Backdoor Disclosed
on Apr 09, 2018
Security researcher Bashis has disclosed a backdoor in TVT video surveillance products, with TVT issuing its own 'Notification of Critical...
Hanwha Mega ISC West Product Releases
on Apr 05, 2018
While overall new product releases have been slowing over the past few years, Hanwha is releasing a slew of 6 new offerings for ISC West,...
VMS New Developments Spring 2018 (Avigilon, Exacqvision, Genetec, Hikvision, Milestone, Network Optix)
on Apr 04, 2018
What's new with VMS software? In this report, we examine new features and releases for Spring 2018 to track different areas of potential...
P2P 'Fail To' 'Quick And Steady Access' - Hikvision Defends Port Forwarding
on Apr 02, 2018
Following criticism of Hikvision's ongoing port forwarding recommendation (e.g., Hikvision Hardening Guide Recommends Port Forwarding and Hikvision...
Most Recent Industry Reports
May 2018 Camera Course
on Apr 20, 2018
Save $50 on early registration until this Thursday, the 26th. Register now (save $50) for the Spring 2018 Camera Course
This is the only...
Global Real-Time Video Surveillance - EarthNow
on Apr 20, 2018
A new company, EarthNow, with backing from Bill Gates, Airbus and more, is claiming that:
Users will be able to see places on Earth with a delay...
Dedicated Vs Converged Access Control Networks (Statistics)
on Apr 20, 2018
Running one's access control system on a converged network, with one's computers and phones, can save money. On the other hand, hand, doing so can...
April 2018 IP Networking Course
on Apr 19, 2018
This is the last chance to register for our IP Networking course. Register now.
NEW - 2 sessions per class, 'day' and 'night' to give you double...
Rare Video Surveillance Fundraising - Verkada $15 Million
on Apr 19, 2018
Fundraising in video surveillance (and the broader physical security market) has been poor recently. Highlights are few and far in between...
'Best In Show' Fails
on Apr 19, 2018
ISC West's "Best In Show" has failed.
For more than a decade, it has become increasingly irrelevant as the selections exhibit a cartoon level...
Security Camera Cleaning Frequency Statistics
on Apr 18, 2018
150+ integrators told IPVM how often they clean cameras on customer's sites and why.
Inside we examine their answers and break down feedback...
Worst Access Control 2018
on Apr 18, 2018
Three access control providers stood out as providing the most problems for integrators.
In this report, we analyze the answers to:
"In the...
Axis VMD4 Analytics Tested
on Apr 17, 2018
Axis is now on its 4th generation of video motion detection (VMD), which Axis calls "a free video analytics application." In this generation, Axis...
Arecont CEO And President Resign
on Apr 17, 2018
This is good news for Arecont.
Arecont's problems have been well known for years (e.g., most recently Worst Camera Manufacturers 2018 and starting...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.
Comments (15)
Meghan Uhl
nothing is going to "prevent hacking". I think they did a pretty good job of thwarting it but as long as your connected - you're not safe. Its like death - Its part of our lives so we need to accept that, take whatever precautions we can, get whatever insurance we can, hope for the best and don't dwell on it. Customers want to know that you've taken every precaution but they understand that if the Feds & banks can't keep thier systems safe, they can't expect to keep their security system 100% safe either.
Create New Topic
Steve Nauman
Weren't they vulnerable to some pretty elementary buffer overflow attacks as well? Can't say I put much faith in them after that.
Create New Topic
Steve Mitchell
Not enough. Partially Hikvision's fault: 3 months is too long for these kinds of fixes. The rest is the industry's own fault: DVR/NVRs (and cameras) often carry the same types of security vulnerabilities as commodity IT equipment (PCs/servers) but without the standard practices or infrastructure to support regular updates that have evolved in the IT industry over the past 30+ years. Microsoft, Apple, et, al., release security patches almost monthly, and many IT shops are set up to either install these automatically or have policies to ensure that software is kept up-to-date. Our industry is somewhat proud to be "non-converged" and as such doesn't seek out the goal to keep software up-to-date or secure. Consequently, many Hikvision DVRs will forever remain unpatched.
Create New Topic
Undisclosed Integrator #1
Did Hikvision turn off UPnP by default in this new firmware?
Create New Topic
Jon Dillabaugh
What happens when the illegal lock function is triggered, other than block the offending IP?
What happens if I intentionally attempt to lockout the Admin user account? Will a VMS/DVR using the same creds lose connection too?
If so, I smell a new vulnerability.
Create New Topic
Bob Germain
Ethan- the firmware is now available on the Hikvision USA website.
http://www.hikvision.com/en/us/download.asp
For other regions, please go to your regional Hikvision Website for available downloads.
Create New Topic