Hikvision Anti Hacking Firmware Tested

Author: Ethan Ace, Published on Jun 03, 2015

Hikvision has had historic hacking problems, with DVRs turned into Bitcoin miners, buffer overflow vulnerabilities, and finally culminating in the hacking of a Chinese province's cameras due to weak passwords.

In response to these attacks, Hikvision promised improvements to address these issues in updated firmware.

We tested this new firmware, version 5.3.0, to see how these features functioned, any potential drawbacks, and what impact this new firmware has on Hikvision devices being hacked.

************ *** ******** ******* ********, **** **** ****** *********** ******,****** ******** ***************, *** ******* *********** ** ********** ** * ******* ********'* ******* *** ** **** *********.

** ******** ** ***** *******,********* ******** ************** ******* ***** ****** ** ******* ********.

** ****** **** *** ********, ******* *.*.*, ** *** *** these ******** **********, *** ********* *********, *** **** ****** **** *** firmware *** ** ********* ******* ***** ******.

[***************]

Key ********

**** *** ************ ***** ** *.*.* ********, ********* ******* *** much **** ****** ** ** *********** ****** *** ** ***** *** ******** simple ******* ********* ** ******** ********* *******, ***** *** ******/******** forces * ****** ******** ****** ** *** ** ****. *******, some ***** *** **** ****** ******** ************ ******** ** ****** ** increased ************* *** *************** ****.

************, **** *** ********* ** ******* ***** **** (*** ************), brute ***** ******* ******** *** *** **** ****** ** *******, as ********* **** ** ******* ***********, ******** *** ******, *** users *** ** ********, ****** **** **** ** *****, *****, IP *********, ****** *******, ***. 

*******, *** ******* ** *** **********, ***********, *** ************ **** telnet ******** ****** * ******** **** ***** **** ** ********* of ******** *******.

Firmware ************

*.*.* ******** ** ********* *** *** ******** ************* ***'* ********** ***** ** ***** *******. ***** ** ***** ******* ****** check ***** ********** ********.

****: ********* ********** ******* ********** ***** ************* ** ******** (*.*., Chinese ******* ** ***** ******** *******), ** **** *** ******* for ********* *******, **** ********* **********, ***.

Device ********** *******

*** ******* *** ******** ** ******** *.*.* ** *** *** device ********** *******, ***** ****** ***** ** ****** * ****** password (*** *** ********* ** *********'* **** ********) ****** *** camera *** ** ******** ** ********* ** * ***. ********* must ******* ** ***** * ********** *** *** * *********** of *** ***** (*********, *********, *******, ** ******* **********), ****** this ** ***** ********** "****" ** *********. ** ***** ** create * "******" ********, ***** **** *** ** ***** ***** ***** of *********. 

*** ****** ********** ******* ** ******** ** **** *****:

**** ******** ******** ****** ********* ********, *** ***** **** *** downsides:

********* ************* ********

*** **** ********* ***** ****** *********, ********** ***** ***********, ** that ********* ************* ** ********. **** ****** ** ****** ***** ****** passwords *********, ********** **** ******* ** ************-**** ********, *** ****** with ***** ********.

************ *** ******* ***** *** **** ** **** ** ********* under **** ******, ***** **** *** **** ********* ****** ********* it. *******, ************* *** ****** ****** * ******* ******* ******** ***** is **** *** *** ******** *** **** ** ********, ***** still ******* ***** *****, *********** ******** **** ********.

*** ******** *********

****** ** ******** ***** *** ** ******** **** ****** *.*.* cameras ** ***** ***** ******** ******* *********. ***** ***** ***** do *** ****** ******* ******** ** ** *** ******* *** not *******, ***** ***** *** *** ******* **** *** ***** incorrect *********. **** *** ***** ********** ******** ** ******* ***** lock ** ****** ** (*****).

Illegal ***** ****

******* ***** **** ****** *** ****** **** ******** ** ********* after **** ****** ***** ********. ************, ****** *** ** ********* informing ************* ** ****** ***** ******** ** **** *** **** other ******* **** ** ******** *** ********* ********* ** *********, checking ******** ********, ***.

**** ******, ***** **** **** ** ******* ** ****** *** camera, ** *** ** *** * ********* ** *******, *** disable *** **-****** *** *******.

******* ***** **** ********* *** ***** ** **** *****:

***** *** **** ******

***** *** ******* ******** ******* ***** **** ** **** ******* to *** * ****** ** * *** ***** *** ******* credentials. ** *** *** ******** ** ********* *******, *** ****** may ***** *** ****** ** * ****** ** **** * few ******* ** ****** ********* *** *** *******. ** *** tests, ********** **** ********** ******* ********* ** ***** ***** *** ***********, *** ****** *** blocked ** ***** *** *******.

****** *******

*******, ********* ******* ****** ******* **** *** ******* ** *.*.*, a******* ******** ******** ** *******, ***** ** ** *********** *** *** **** ** ***** open ** *******. ***, * ******* ********, ** ***** ** use, ******* **** ** *** **** ********* ** ******** ****** is ********, ****** ** ** *********, ******* *** ****** *** and **** **** ********** ** ******.

** **** *****, ** ************ ******* ******* ******* *.*.* *** *.*.*, ******* *** *********** ** open/closed ***** *** ******* ********.

**** **********

*** ********** ***** ***** *** ********** ** **** *** ****** ports ******* * ****** ******* *.*.* ******** *** *** ******* 5.2.x, **** ****** ****** (** **** ** *** *** *****, which *** *** ******** ** *******).

Compared ** ***** *************

********* ** *** *** ***** ************ ** ********* **** ** these ******** ********, *** *** ** *** ***** ** ******* them. ** ******* * ******* ** ******** ***** ** ***** manufacturers *****. ******* ****** *** *** ** ****** ********* - ****, *****, ******* ****** *** **** *******.

******* ******** * ****** ********** ******* ******* ** *********, ******** in 2.x *********. ***** *** ******** ** ****** * ****** ******** (**** more ******* **** *********, **** *****) ****** *** ****** *** be ******** ** ***** ** * ***.

**** *** ****** ***** ** ****** * **** ********, *** users *** ***** ****** *** "****", *********** *** **** ** keeping *** *******. ************, ****** *** ******** ** *******, ***** is ******* ***** *** ****/**** ***********, ******** *** ****** ** be ***** ** *****.

*******, ***** **** *** ******* *** ****** ******** ************, **** passwords ********** ** "*****". *******, **** *** *** ** *** other ************* ** ******* ***** ************ ** ******** ****** ***** attempts. ******, ****** *********, *** ****** **** *** *********** ***** the ********* ** *******, ******** *** ****** ** ********.

What ** *** *****?

** ***** ********* ** *********'* *.*.* ******** ** ****** ** prevent *******? ** **** ******** *******?

 

 

Comments (15)

******* ** ***** ** "******* *******". * ***** **** *** a ****** **** *** ** ********* ** *** ** **** as **** ********* - ***'** *** ****. *** **** ***** - *** **** ** *** ***** ** ** **** ** accept ****, **** ******** *********** ** ***, *** ******** ********* we ***, **** *** *** **** *** ***'* ***** ** it. ********* **** ** **** **** ***'** ***** ***** ********** but **** ********** **** ** *** **** & ***** ***'* keep ***** ******* ****, **** ***'* ****** ** **** ***** security ****** ***% **** ******.

*****'* **** ********** ** **** ****** ********** ****** ******** ******* as ****? ***'* *** * *** **** ***** ** **** after ****.

*****- *** ****** ******** ***** *** ********* **** ****, ****** a **** ** ** ***** ******** ** ** (*********). ********* has *** ** ******** ********* *** *** ********* ** ******* concerns *** ******. ** **** ***** **-**** *** ***** ****** reports ** *** ******** ******** ******.

***

*** ******. ********* *********'* *****: * ****** ** *** **** for ***** ***** ** *****. *** **** ** *** ********'* own *****: ***/**** (*** *******) ***** ***** *** **** ***** of ******** *************** ** ********* ** ********* (***/*******) *** ******* the ******** ********* ** ************** ** ******* ******* ******* **** have ******* ** *** ** ******** **** *** **** **+ years. *********, *****, **, **., ******* ******** ******* ****** *******, and **** ** ***** *** *** ** ** ****** ******* these ************* ** **** ******** ** ****** **** ******** ** kept **-**-****. *** ******** ** ******** ***** ** ** "***-*********" and ** **** *****'* **** *** *** **** ** **** software **-**-**** ** ******. ************, **** ********* **** **** ******* remain *********.

*'* *** **'* * ******* **** ******* **** ******* ** security. **, ** **** ****** **** ***'* ********** *** ******* of ****** * ****** ********** ** ***** ****** ****** ** the ***** **** ** ** ******* *** ****** **** ** doesn't **** *** ******* ***************. **** ** *** ****** ***** that **** ******** (*** *** ********** ** ******) *** * perfect *******.

*****, ***'** *****, ** ***/**** ***** ******* ** ********. ** exists ** *** ******* ***** ******* *** *** ********* ******* with *** ********** ******** *****.

** ***** ** *** ******* ** ** **** **-**-**** *** thus ********** **** ** ***** ******** *************** *** ****** **** to *****:

  1. *** ************ ***** ** **** ************ ******* ******** ******* *** provide ********** ******* ******* *** ** ****** (** *** *************) applied.
  2. *** ******** ***** ** ********* **** ******* ******* *** ******** to **** ***** ****** ******, *** **** ************** *** ******** the ******* *** *******. **** **** ** **** *** ************ accountable, *** ******* ******** ********** ***** (*.*, ********* *******) ** update ***** ******* ******** ********.

*** ** ******* ***** ********* ** * ********: ** *** extreme **** ******* * ****** *** ***** ****** **, ** the ***** ******* **** *********** ***** *******.

*** ******** ******** ***** ** **** ******* *** ****** **** of **** ********. **** ********* ********* ****’* ****** ********* ** the ******** ** ***** ***/**** (** **** ******’* *** ****** run ** ***** *******), *** ********* *** *** **** *********** for ******* ***** *************** ** *****. * ***’* ******* **** will ****** **** ****** *** ***-********* ******** ******** **** ** some ** *** **** ********* **** *** **** ****** ** the ** *******.

**** ******* ** ****** *************** ** * ***** ***. *** I ******* **** **** *** ** ****** * ******* ** an ***********/******* ***** ******* *** ******* ** *** *** ** date (************, *** ****/*****-****** ***********). **** ******* ** ***** ‘*****’*’ typically ** ***-** ******, *** *****’* **** **** **** ****** be ******** ** ****** ***** ******* ***** ****** *** *************** and ***** **** ******** ** ** **** ***** ****** *******.

* ***** *** **** ***** ***** **** *********** ****** ** Hikvision. *** ******* *** *** *** **** *** ******** *********** passwords. **** ****** ****** ******** *********** *** ********** ** ** their *** ********. *** ******* ** * **** ******** ******* and **** ****** ***** ******* ** * **** **** ****** than **** ******.

** *** ****** **** *** * ****** **** **********, *** alone * ******** ******, **** ******* ********* ** *****. *** it ***** ** **** ***** ** ******* ** ***** ** seconds ** ****** *** **** **** ******* ** **** *******.

******* *** ************ *** **** ** **** ******* **** **** your *** *** ****** ******* *** **** ** ******** *** the *** ** *** ********. * *** ** ************** ***** to *** ************* *** ********.

* ***** **** *** * *** ** ***** ** ** was * ******* ******* *** **** ***** ********* *** **** cameras *** ********* ***** ******** (**** ******** *** ***) *** exactly ** ********** **** *** ************** ***'* *** ****** ******** protocols.

"******* *** ************ *** **** ** **** ******* **** **** your *** *** ****** ******* *** **** ** ******** *** the *** ** *** ********. * *** ** ************** ***** to *** ************* *** ********."

****'* * **** *****.

"*** **** ******* *** ********* ***** ******** (**** ******** *** not) *** ******* ** ********** **** *** ************** ***'* *** proper ******** *********."

****** **** *** ****** ******* * ******** **** ***** ***** for * *** *****, ***** ***** ** ******** ******* ****.

*****- *** ***** ** *** **** * ****** *** *** already **** ********* ** ***** ******** ********. **** *** ****** Activation ******* *** **** ** *********** *** **** **** *** takes *** ******** ** * *** *****.

** **** ******** ******** ****** **********, ********* ****, ****, ** Cameras, **** ****** ****, ****-****, *** ***** ***********, ***, ** is *** ****** ********* **** ** ********* *** ********. ** are **** ********* ******* ****** ** ****** ********* **** **** new ******* ** *** ** **** *********** ***** ********* ** taking.

**** *******

***

*** ********* **** *** **** ** ******* ** **** *** firmware?

**** ******* **** *** ******* **** ******** ** *********, ***** than ***** *** ********* **?

**** ******* ** * ************* ******* ** ******* *** ***** user *******? **** * ***/*** ***** *** **** ***** **** connection ***?

** **, * ***** * *** *************.

** *** *** **** **** ***** ******** **** *** **** machine/IP ** *** ***, *** **** *** ******* ********** ******(*), forcing *** *** ** **-************, **** *** ****** ** ******.

** *****'* ***** *** *******. ** ****** *** ** ******* with *** **** ****** ***** ********.

***** ***** ** ********* ** ******** *** **?

*****- *** ******** ** *** ********* ** *** ********* *** website.

****://***.*********.***/**/**/********.***

*** ***** *******, ****** ** ** **** ******** ********* ******* for ********* *********.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

2Gig Intrusion Megatest (GC2 & GC3 Panels Tested) on Mar 28, 2017
2Gig is one of the most widely used intrusion systems, with two product lines that are the main offering of many alarm companies, huge national...
Axis Camera Vulnerabilities From Google Researcher Analyzed on Mar 23, 2017
A Google security researcher has reported 6 vulnerabilities for Axis cameras, affecting multiple models and firmware versions. In this report, we...
OpenEye Takes Aim At Exacq on Mar 23, 2017
First Milestone targeted Exacq with a takeover offer, and now OpenEye is gunning for them with an offer to swap out Exacq for their cloud-managed...
VMS Update Automation Compared on Mar 20, 2017
Updating VMS software can be a tedious and time consuming processing, which historically has required users to access each machine, download update...
Uniview Weak Local / Strong Remote Password Policy Tested on Mar 14, 2017
With the continuing onslaught of cyber-security breaches (see Dahua backdoor recently discovered, Hikvision defaulted devices getting hacked)...
Genetec Comments on Washington DC MPD Hack on Mar 13, 2017
This January, the Washington DC police video surveillance system was hacked with ransomware, impacting 123 of 187 cameras. Last month, IPVM...
Hikvision New Security Vulnerability on Mar 12, 2017
Hikvision has disclosed a new security vulnerability that affects 200+ of their IP cameras over the past few years. In this note, we examine the...
FLIR Responds to Dahua Backdoor on Mar 10, 2017
FLIR is the first Dahua OEM partner to issue a statement following Dahua's backdoor disclosure: Certain FLIR and Lorex branded products that...
Hikvision Firmware Decrypted on Mar 09, 2017
A developer has decrypted Hikvision's firmware, allowing examination of Hikvision's device source code and contents. In this report, we overview...
Dahua Backdoor Uncovered on Mar 06, 2017
A major cyber security vulnerability across many Dahua products has been discovered by an independent researcher, reported on IPVM, verified by...

Most Recent Industry Reports

Chinese Government Spies on Churches With Video Surveillance on Mar 27, 2017
The Chinese government is using video surveillance to spy on churches in China, reports UCANews, explaining: The [Chinese government]...
Burglar Alarm Sirens Guide on Mar 27, 2017
Sirens are used to alert users to an alarm condition. In this note, we examine how to choose, locate, and install alarm sirens, including Siren...
Dahua Distributor Bad Breakup on Mar 27, 2017
A Dahua distributor in Europe claims that Dahua took over his top customers, revoked his distributorship status, and left him with a large amount...
Everbridge Mass Notification Service Examined on Mar 24, 2017
Everbridge is expanding in the security space. In January 2017 Everbridge acquired PSIM platform IDV, and have also begun integrating with other...
Hikvision Removing Auto 'Phone Home' on Mar 24, 2017
Facing pressure over their cameras auto phoning home and their Chinese government ownership, Hikvision has begun quietly removing automatic...
Axis Camera Vulnerabilities From Google Researcher Analyzed on Mar 23, 2017
A Google security researcher has reported 6 vulnerabilities for Axis cameras, affecting multiple models and firmware versions. In this report, we...
OpenEye Takes Aim At Exacq on Mar 23, 2017
First Milestone targeted Exacq with a takeover offer, and now OpenEye is gunning for them with an offer to swap out Exacq for their cloud-managed...
Lock Keyways For Access Control Guide on Mar 23, 2017
Lock keyways can be the difference between a lock working or not. Understanding keyways is important for access control. Indeed, a member recently...
Broken Browser Support for Video Surveillance on Mar 22, 2017
Modern web browsers have left the security industry behind. Current Chrome, Firefox, and Microsoft Edge browsers do not support NPAPI plugins,...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact