Hikvision Anti Hacking Firmware Tested

Author: Ethan Ace, Published on Jun 03, 2015

Hikvision has had historic hacking problems, with DVRs turned into Bitcoin miners, buffer overflow vulnerabilities, and finally culminating in the hacking of a Chinese province's cameras due to weak passwords.

In response to these attacks, Hikvision promised improvements to address these issues in updated firmware.

We tested this new firmware, version 5.3.0, to see how these features functioned, any potential drawbacks, and what impact this new firmware has on Hikvision devices being hacked.

************ *** ******** ******* ********, **** **** ****** *********** ******,****** ******** ***************, *** ******* *********** ** ********** ** * ******* ********'* ******* *** ** **** *********.

** ******** ** ***** *******,********* ******** ************** ******* ***** ****** ** ******* ********.

** ****** **** *** ********, ******* *.*.*, ** *** *** these ******** **********, *** ********* *********, *** **** ****** **** new ******** *** ** ********* ******* ***** ******.

[***************]

Key ********

**** *** ************ ***** ** *.*.* ********, ********* ******* *** much **** ****** ** ** *********** ****** *** ** ***** not ******** ****** ******* ********* ** ******** ********* *******, ***** the ******/******** ****** * ****** ******** ****** ** *** ** used. *******, **** ***** *** **** ****** ******** ************ ******** or ****** ** ********* ************* *** *************** ****.

************, **** *** ********* ** ******* ***** **** (*** ************), brute ***** ******* ******** *** *** **** ****** ** *******, as ********* **** ** ******* ***********, ******** *** ******, *** users *** ** ********, ****** **** **** ** *****, *****, IP *********, ****** *******, ***.

*******, *** ******* ** *** **********, ***********, *** ************ **** telnet ******** ****** * ******** **** ***** **** ** ********* of ******** *******.

Firmware ************

*.*.* ******** ** ********* *** *** ******** ************* ***'* ********** ***** ** ***** *******. ***** ** ***** ******* ****** check ***** ********** ********.

****: ********* ********** ******* ********** ***** ************* ** ******** (*.*., Chinese ******* ** ***** ******** *******), ** **** *** ******* for ********* *******, **** ********* **********, ***.

Device ********** *******

*** ******* *** ******** ** ******** *.*.* ** *** *** device ********** *******, ***** ****** ***** ** ****** * ****** password (*** *** ********* ** *********'* **** ********) ****** *** camera *** ** ******** ** ********* ** * ***. ********* must ******* ** ***** * ********** *** *** * *********** of *** ***** (*********, *********, *******, ** ******* **********), ****** this ** ***** ********** "****" ** *********. ** ***** ** create * "******" ********, ***** **** *** ** ***** ***** types ** *********.

*** ****** ********** ******* ** ******** ** **** *****:

**** ******** ******** ****** ********* ********, *** ***** **** *** downsides:

********* ************* ********

*** **** ********* ***** ****** *********, ********** ***** ***********, ** that ********* ************* ** ********. **** ****** ** ****** ***** camera ********* *********, ********** **** ******* ** ************-**** ********, *** shared **** ***** ********.

************ *** ******* ***** *** **** ** **** ** ********* under **** ******, ***** **** *** **** ********* ****** ********* it. *******, ************* *** ****** ****** * ******* ******* ******** which ** **** *** *** ******** *** **** ** ********, while ***** ******* ***** *****, *********** ******** **** ********.

*** ******** *********

****** ** ******** ***** *** ** ******** **** ****** *.*.* cameras ** ***** ***** ******** ******* *********. ***** ***** ***** do *** ****** ******* ******** ** ** *** ******* *** not *******, ***** ***** *** *** ******* **** *** ***** incorrect *********. **** *** ***** ********** ******** ** ******* ***** lock ** ****** ** (*****).

Illegal ***** ****

******* ***** **** ****** *** ****** **** ******** ** ********* after **** ****** ***** ********. ************, ****** *** ** ********* informing ************* ** ****** ***** ******** ** **** *** **** other ******* **** ** ******** *** ********* ********* ** *********, checking ******** ********, ***.

**** ******, ***** **** **** ** ******* ** ****** *** camera, ** *** ** *** * ********* ** *******, *** disable *** **-****** *** *******.

******* ***** **** ********* *** ***** ** **** *****:

***** *** **** ******

***** *** ******* ******** ******* ***** **** ** **** ******* to *** * ****** ** * *** ***** *** ******* credentials. ** *** *** ******** ** ********* *******, *** ****** may ***** *** ****** ** * ****** ** **** * few ******* ** ****** ********* *** *** *******. ** *** tests, ********** **** ********** ******* ********* ** ***** ***** *** ***********, *** ****** *** blocked ** ***** *** *******.

Telnet *******

*******, ********* ******* ****** ******* **** *** ******* ** *.*.*, a******* ******** ******** ** *******, ***** ** ** *********** *** *** **** ** ***** open ** *******. ***, * ******* ********, ** ***** ** use, ******* **** ** *** **** ********* ** ******** ****** is ********, ****** ** ** *********, ******* *** ****** *** and **** **** ********** ** ******.

** **** *****, ** ************ ******* ******* ******* *.*.* *** *.*.*, ******* *** *********** ** open/closed ***** *** ******* ********.

**** **********

*** ********** ***** ***** *** ********** ** **** *** ****** ports ******* * ****** ******* *.*.* ******** *** *** ******* 5.2.x, **** ****** ****** (** **** ** *** *** *****, which *** *** ******** ** *******).

Compared ** ***** *************

********* ** *** *** ***** ************ ** ********* **** ** these ******** ********, *** *** ** *** ***** ** ******* them. ** ******* * ******* ** ******** ***** ** ***** manufacturers *****. ******* ****** *** ***** ****** ********* - ****, *****, ************* *** **** *******.

******* ******** * ****** ********** ******* ******* ** *********, ******** in *.* *********. ***** *** ******** ** ****** * ****** password (**** **** ******* **** *********, **** *****) ****** *** camera *** ** ******** ** ***** ** * ***.

**** *** ****** ***** ** ****** * **** ********, *** users *** ***** ****** *** "****", *********** *** **** ** keeping *** *******. ************, ****** *** ******** ** *******, ***** is ******* ***** *** ****/**** ***********, ******** *** ****** ** be ***** ** *****.

*******, ***** **** *** ******* *** ****** ******** ************, **** passwords ********** ** "*****". *******, **** *** *** ** *** other ************* ** ******* ***** ************ ** ******** ****** ***** attempts. ******, ****** *********, *** ****** **** *** *********** ***** the ********* ** *******, ******** *** ****** ** ********.

What ** *** *****?

** ***** ********* ** *********'* *.*.* ******** ** ****** ** prevent *******? ** **** ******** *******?

Comments (15)

******* ** ***** ** "******* *******". * ***** **** *** a ****** **** *** ** ********* ** *** ** **** as **** ********* - ***'** *** ****. *** **** ***** - *** **** ** *** ***** ** ** **** ** accept ****, **** ******** *********** ** ***, *** ******** ********* we ***, **** *** *** **** *** ***'* ***** ** it. ********* **** ** **** **** ***'** ***** ***** ********** but **** ********** **** ** *** **** & ***** ***'* keep ***** ******* ****, **** ***'* ****** ** **** ***** security ****** ***% **** ******.

*****'* **** ********** ** **** ****** ********** ****** ******** ******* as ****? ***'* *** * *** **** ***** ** **** after ****.

*****- *** ****** ******** ***** *** ********* **** ****, ****** a **** ** ** ***** ******** ** ** (*********). ********* has *** ** ******** ********* *** *** ********* ** ******* concerns *** ******. ** **** ***** **-**** *** ***** ****** reports ** *** ******** ******** ******.

***

*** ******. ********* *********'* *****: * ****** ** *** **** for ***** ***** ** *****. *** **** ** *** ********'* own *****: ***/**** (*** *******) ***** ***** *** **** ***** of ******** *************** ** ********* ** ********* (***/*******) *** ******* the ******** ********* ** ************** ** ******* ******* ******* **** have ******* ** *** ** ******** **** *** **** **+ years. *********, *****, **, **., ******* ******** ******* ****** *******, and **** ** ***** *** *** ** ** ****** ******* these ************* ** **** ******** ** ****** **** ******** ** kept **-**-****. *** ******** ** ******** ***** ** ** "***-*********" and ** **** *****'* **** *** *** **** ** **** software **-**-**** ** ******. ************, **** ********* **** **** ******* remain *********.

*'* *** **'* * ******* **** ******* **** ******* ** security. **, ** **** ****** **** ***'* ********** *** ******* of ****** * ****** ********** ** ***** ****** ****** ** the ***** **** ** ** ******* *** ****** **** ** doesn't **** *** ******* ***************. **** ** *** ****** ***** that **** ******** (*** *** ********** ** ******) *** * perfect *******.

*****, ***'** *****, ** ***/**** ***** ******* ** ********. ** exists ** *** ******* ***** ******* *** *** ********* ******* with *** ********** ******** *****.

** ***** ** *** ******* ** ** **** **-**-**** *** thus ********** **** ** ***** ******** *************** *** ****** **** to *****:

  1. *** ************ ***** ** **** ************ ******* ******** ******* *** provide ********** ******* ******* *** ** ****** (** *** *************) applied.
  2. *** ******** ***** ** ********* **** ******* ******* *** ******** to **** ***** ****** ******, *** **** ************** *** ******** the ******* *** *******. **** **** ** **** *** ************ accountable, *** ******* ******** ********** ***** (*.*, ********* *******) ** update ***** ******* ******** ********.

*** ** ******* ***** ********* ** * ********: ** *** extreme **** ******* * ****** *** ***** ****** **, ** the ***** ******* **** *********** ***** *******.

*** ******** ******** ***** ** **** ******* *** ****** **** of **** ********. **** ********* ********* ****’* ****** ********* ** the ******** ** ***** ***/**** (** **** ******’* *** ****** run ** ***** *******), *** ********* *** *** **** *********** for ******* ***** *************** ** *****. * ***’* ******* **** will ****** **** ****** *** ***-********* ******** ******** **** ** some ** *** **** ********* **** *** **** ****** ** the ** *******.

**** ******* ** ****** *************** ** * ***** ***. *** I ******* **** **** *** ** ****** * ******* ** an ***********/******* ***** ******* *** ******* ** *** *** ** date (************, *** ****/*****-****** ***********). **** ******* ** ***** ‘*****’*’ typically ** ***-** ******, *** *****’* **** **** **** ****** be ******** ** ****** ***** ******* ***** ****** *** *************** and ***** **** ******** ** ** **** ***** ****** *******.

* ***** *** **** ***** ***** **** *********** ****** ** Hikvision. *** ******* *** *** *** **** *** ******** *********** passwords. **** ****** ****** ******** *********** *** ********** ** ** their *** ********. *** ******* ** * **** ******** ******* and **** ****** ***** ******* ** * **** **** ****** than **** ******.

** *** ****** **** *** * ****** **** **********, *** alone * ******** ******, **** ******* ********* ** *****. *** it ***** ** **** ***** ** ******* ** ***** ** seconds ** ****** *** **** **** ******* ** **** *******.

******* *** ************ *** **** ** **** ******* **** **** your *** *** ****** ******* *** **** ** ******** *** the *** ** *** ********. * *** ** ************** ***** to *** ************* *** ********.

* ***** **** *** * *** ** ***** ** ** was * ******* ******* *** **** ***** ********* *** **** cameras *** ********* ***** ******** (**** ******** *** ***) *** exactly ** ********** **** *** ************** ***'* *** ****** ******** protocols.

"******* *** ************ *** **** ** **** ******* **** **** your *** *** ****** ******* *** **** ** ******** *** the *** ** *** ********. * *** ** ************** ***** to *** ************* *** ********."

****'* * **** *****.

"*** **** ******* *** ********* ***** ******** (**** ******** *** not) *** ******* ** ********** **** *** ************** ***'* *** proper ******** *********."

****** **** *** ****** ******* * ******** **** ***** ***** for * *** *****, ***** ***** ** ******** ******* ****.

*****- *** ***** ** *** **** * ****** *** *** already **** ********* ** ***** ******** ********. **** *** ****** Activation ******* *** **** ** *********** *** **** **** *** takes *** ******** ** * *** *****.

** **** ******** ******** ****** **********, ********* ****, ****, ** Cameras, **** ****** ****, ****-****, *** ***** ***********, ***, ** is *** ****** ********* **** ** ********* *** ********. ** are **** ********* ******* ****** ** ****** ********* **** **** new ******* ** *** ** **** *********** ***** ********* ** taking.

**** *******

***

*** ********* **** *** **** ** ******* ** **** *** firmware?

**** ******* **** *** ******* **** ******** ** *********, ***** than ***** *** ********* **?

**** ******* ** * ************* ******* ** ******* *** ***** user *******? **** * ***/*** ***** *** **** ***** **** connection ***?

** **, * ***** * *** *************.

** *** *** **** **** ***** ******** **** *** **** machine/IP ** *** ***, *** **** *** ******* ********** ******(*), forcing *** *** ** **-************, **** *** ****** ** ******.

** *****'* ***** *** *******. ** ****** *** ** ******* with *** **** ****** ***** ********.

***** ***** ** ********* ** ******** *** **?

*****- *** ******** ** *** ********* ** *** ********* *** website.

****://***.*********.***/**/**/********.***

*** ***** *******, ****** ** ** **** ******** ********* ******* for ********* *********.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Hikvision vs Dahua Mobile Apps Tested on Dec 07, 2016
With smartphone use and low-cost video recorders surging, many user's main interface to their surveillance system is their phone. With mobile video...
Sony IP Camera Backdoor Uncovered on Dec 06, 2016
A backdoor has been uncovered in ~80 Sony IP camera models, attackers can remotely enable telnet on the camera, and then potentially login as root,...
Milestone Favorability Results on Dec 06, 2016
In our second installment of manufacturer favorability results (first was Pelco), we turn to Milestone. 100+ integrators rated and explained what...
XiongMai Master Password List Emailed By Chinese Spammer on Dec 05, 2016
XiongMai created an international uproar as their devices drove massive botnet attacks of major Internet sites. After pledging to recall cameras...
Hikvision Cloud Security Vulnerability Uncovered on Dec 05, 2016
A security researcher uncovered a critical vulnerability in Hikvision's global cloud servers. This vulnerability allowed an attacker to remotely...
Pelco Favorability Results on Dec 02, 2016
This is the first in a series of studies of manufacturer favorability. 100+ integrators rated and explained their views of each manufacturer. We...
CODEC Guide 2016 on Nov 30, 2016
CODECs are core to surveillance, with names like H.264, H.265, and MJPEG commonly cited. How do they work? Why should you use them? What issues may...
Exacq M Series Gets Aggressive Against Hikvision on Nov 22, 2016
The most common complaint against Western NVRs is too high prices. With Chinese recorders, such as Hikvision and Dahua, running sub $500 and...
Hikvision 'Phone Home' Raises Security Fears on Nov 10, 2016
The escalating attention towards Hikvision's China government ownership and Genetec's removal of Hikvision due to cyber security concerns has...
$38+ Million Funding Powers VMS Challenger IronYun on Nov 09, 2016
VMS and video analytics have received little funding this decade. However, one Taiwan startup, IronYun, has bucked this trend, with a relatively...

Most Recent Industry Reports

Hikvision vs Dahua Mobile Apps Tested on Dec 07, 2016
With smartphone use and low-cost video recorders surging, many user's main interface to their surveillance system is their phone. With mobile video...
Paxton Drops US Reps, Plans Major Expansion on Dec 07, 2016
Paxton is gearing up to make a big run at  US access control success. The first step they have made is to cut all US Rep Firms, in anticipation of...
Axis Partner Elder Care Video Analytics (Smartervision) on Dec 07, 2016
Can video analytics be used to improve the care of the elderly? Axis and a video analytics startup, Smartervision, are working together to do so....
Power Drill Selection Guide on Dec 06, 2016
Boring holes is a basic part of running cables for most security system projects. To do so, you will need to choose the right drills for various...
Milestone Favorability Results on Dec 06, 2016
In our second installment of manufacturer favorability results (first was Pelco), we turn to Milestone. 100+ integrators rated and explained what...
XiongMai Master Password List Emailed By Chinese Spammer on Dec 05, 2016
XiongMai created an international uproar as their devices drove massive botnet attacks of major Internet sites. After pledging to recall cameras...
Hikvision Cloud Security Vulnerability Uncovered on Dec 05, 2016
A security researcher uncovered a critical vulnerability in Hikvision's global cloud servers. This vulnerability allowed an attacker to remotely...
Door Operators Access Control Tutorial on Dec 05, 2016
Doors equipped with door operators, specialty devices that automate opening and closing, tend to be quite complex. The mechanisms needed to...
Pelco Favorability Results on Dec 02, 2016
This is the first in a series of studies of manufacturer favorability. 100+ integrators rated and explained their views of each manufacturer. We...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact