Hikvision Anti Hacking Firmware Tested

Author: Ethan Ace, Published on Jun 03, 2015

Hikvision has had historic hacking problems, with DVRs turned into Bitcoin miners, buffer overflow vulnerabilities, and finally culminating in the hacking of a Chinese province's cameras due to weak passwords.

In response to these attacks, Hikvision promised improvements to address these issues in updated firmware.

We tested this new firmware, version 5.3.0, to see how these features functioned, any potential drawbacks, and what impact this new firmware has on Hikvision devices being hacked.

************ *** ******** ******* ********, **** **** ****** *********** ******,****** ******** ***************, *** ******* *********** ** ********** ** * ******* ********'* ******* *** ** **** *********.

** ******** ** ***** *******,********* ******** ************** ******* ***** ****** ** ******* ********.

** ****** **** *** ********, ******* *.*.*, ** *** *** these ******** **********, *** ********* *********, *** **** ****** **** *** firmware *** ** ********* ******* ***** ******.

[***************]

Key ********

**** *** ************ ***** ** *.*.* ********, ********* ******* *** much **** ****** ** ** *********** ****** *** ** ***** *** ******** simple ******* ********* ** ******** ********* *******, ***** *** ******/******** forces * ****** ******** ****** ** *** ** ****. *******, some ***** *** **** ****** ******** ************ ******** ** ****** ** increased ************* *** *************** ****.

************, **** *** ********* ** ******* ***** **** (*** ************), brute ***** ******* ******** *** *** **** ****** ** *******, as ********* **** ** ******* ***********, ******** *** ******, *** users *** ** ********, ****** **** **** ** *****, *****, IP *********, ****** *******, ***. 

*******, *** ******* ** *** **********, ***********, *** ************ **** telnet ******** ****** * ******** **** ***** **** ** ********* of ******** *******.

Firmware ************

*.*.* ******** ** ********* *** *** ******** ************* ***'* ********** ***** ** ***** *******. ***** ** ***** ******* ****** check ***** ********** ********.

****: ********* ********** ******* ********** ***** ************* ** ******** (*.*., Chinese ******* ** ***** ******** *******), ** **** *** ******* for ********* *******, **** ********* **********, ***.

Device ********** *******

*** ******* *** ******** ** ******** *.*.* ** *** *** device ********** *******, ***** ****** ***** ** ****** * ****** password (*** *** ********* ** *********'* **** ********) ****** *** camera *** ** ******** ** ********* ** * ***. ********* must ******* ** ***** * ********** *** *** * *********** of *** ***** (*********, *********, *******, ** ******* **********), ****** this ** ***** ********** "****" ** *********. ** ***** ** create * "******" ********, ***** **** *** ** ***** ***** ***** of *********. 

*** ****** ********** ******* ** ******** ** **** *****:

**** ******** ******** ****** ********* ********, *** ***** **** *** downsides:

********* ************* ********

*** **** ********* ***** ****** *********, ********** ***** ***********, ** that ********* ************* ** ********. **** ****** ** ****** ***** ****** passwords *********, ********** **** ******* ** ************-**** ********, *** ****** with ***** ********.

************ *** ******* ***** *** **** ** **** ** ********* under **** ******, ***** **** *** **** ********* ****** ********* it. *******, ************* *** ****** ****** * ******* ******* ******** ***** is **** *** *** ******** *** **** ** ********, ***** still ******* ***** *****, *********** ******** **** ********.

*** ******** *********

****** ** ******** ***** *** ** ******** **** ****** *.*.* cameras ** ***** ***** ******** ******* *********. ***** ***** ***** do *** ****** ******* ******** ** ** *** ******* *** not *******, ***** ***** *** *** ******* **** *** ***** incorrect *********. **** *** ***** ********** ******** ** ******* ***** lock ** ****** ** (*****).

Illegal ***** ****

******* ***** **** ****** *** ****** **** ******** ** ********* after **** ****** ***** ********. ************, ****** *** ** ********* informing ************* ** ****** ***** ******** ** **** *** **** other ******* **** ** ******** *** ********* ********* ** *********, checking ******** ********, ***.

**** ******, ***** **** **** ** ******* ** ****** *** camera, ** *** ** *** * ********* ** *******, *** disable *** **-****** *** *******.

******* ***** **** ********* *** ***** ** **** *****:

***** *** **** ******

***** *** ******* ******** ******* ***** **** ** **** ******* to *** * ****** ** * *** ***** *** ******* credentials. ** *** *** ******** ** ********* *******, *** ****** may ***** *** ****** ** * ****** ** **** * few ******* ** ****** ********* *** *** *******. ** *** tests, ********** **** ********** ******* ********* ** ***** ***** *** ***********, *** ****** *** blocked ** ***** *** *******.

****** *******

*******, ********* ******* ****** ******* **** *** ******* ** *.*.*, a******* ******** ******** ** *******, ***** ** ** *********** *** *** **** ** ***** open ** *******. ***, * ******* ********, ** ***** ** use, ******* **** ** *** **** ********* ** ******** ****** is ********, ****** ** ** *********, ******* *** ****** *** and **** **** ********** ** ******.

** **** *****, ** ************ ******* ******* ******* *.*.* *** *.*.*, ******* *** *********** ** open/closed ***** *** ******* ********.

**** **********

*** ********** ***** ***** *** ********** ** **** *** ****** ports ******* * ****** ******* *.*.* ******** *** *** ******* 5.2.x, **** ****** ****** (** **** ** *** *** *****, which *** *** ******** ** *******).

Compared ** ***** *************

********* ** *** *** ***** ************ ** ********* **** ** these ******** ********, *** *** ** *** ***** ** ******* them. ** ******* * ******* ** ******** ***** ** ***** manufacturers *****. ******* ****** *** *** ** ****** ********* - ****, *****, ******* ****** *** **** *******.

******* ******** * ****** ********** ******* ******* ** *********, ******** in 2.x *********. ***** *** ******** ** ****** * ****** ******** (**** more ******* **** *********, **** *****) ****** *** ****** *** be ******** ** ***** ** * ***.

**** *** ****** ***** ** ****** * **** ********, *** users *** ***** ****** *** "****", *********** *** **** ** keeping *** *******. ************, ****** *** ******** ** *******, ***** is ******* ***** *** ****/**** ***********, ******** *** ****** ** be ***** ** *****.

*******, ***** **** *** ******* *** ****** ******** ************, **** passwords ********** ** "*****". *******, **** *** *** ** *** other ************* ** ******* ***** ************ ** ******** ****** ***** attempts. ******, ****** *********, *** ****** **** *** *********** ***** the ********* ** *******, ******** *** ****** ** ********.

What ** *** *****?

** ***** ********* ** *********'* *.*.* ******** ** ****** ** prevent *******? ** **** ******** *******?

 

 

Comments (15)

******* ** ***** ** "******* *******". * ***** **** *** a ****** **** *** ** ********* ** *** ** **** as **** ********* - ***'** *** ****. *** **** ***** - *** **** ** *** ***** ** ** **** ** accept ****, **** ******** *********** ** ***, *** ******** ********* we ***, **** *** *** **** *** ***'* ***** ** it. ********* **** ** **** **** ***'** ***** ***** ********** but **** ********** **** ** *** **** & ***** ***'* keep ***** ******* ****, **** ***'* ****** ** **** ***** security ****** ***% **** ******.

*****'* **** ********** ** **** ****** ********** ****** ******** ******* as ****? ***'* *** * *** **** ***** ** **** after ****.

*****- *** ****** ******** ***** *** ********* **** ****, ****** a **** ** ** ***** ******** ** ** (*********). ********* has *** ** ******** ********* *** *** ********* ** ******* concerns *** ******. ** **** ***** **-**** *** ***** ****** reports ** *** ******** ******** ******.

***

*** ******. ********* *********'* *****: * ****** ** *** **** for ***** ***** ** *****. *** **** ** *** ********'* own *****: ***/**** (*** *******) ***** ***** *** **** ***** of ******** *************** ** ********* ** ********* (***/*******) *** ******* the ******** ********* ** ************** ** ******* ******* ******* **** have ******* ** *** ** ******** **** *** **** **+ years. *********, *****, **, **., ******* ******** ******* ****** *******, and **** ** ***** *** *** ** ** ****** ******* these ************* ** **** ******** ** ****** **** ******** ** kept **-**-****. *** ******** ** ******** ***** ** ** "***-*********" and ** **** *****'* **** *** *** **** ** **** software **-**-**** ** ******. ************, **** ********* **** **** ******* remain *********.

*'* *** **'* * ******* **** ******* **** ******* ** security. **, ** **** ****** **** ***'* ********** *** ******* of ****** * ****** ********** ** ***** ****** ****** ** the ***** **** ** ** ******* *** ****** **** ** doesn't **** *** ******* ***************. **** ** *** ****** ***** that **** ******** (*** *** ********** ** ******) *** * perfect *******.

*****, ***'** *****, ** ***/**** ***** ******* ** ********. ** exists ** *** ******* ***** ******* *** *** ********* ******* with *** ********** ******** *****.

** ***** ** *** ******* ** ** **** **-**-**** *** thus ********** **** ** ***** ******** *************** *** ****** **** to *****:

  1. *** ************ ***** ** **** ************ ******* ******** ******* *** provide ********** ******* ******* *** ** ****** (** *** *************) applied.
  2. *** ******** ***** ** ********* **** ******* ******* *** ******** to **** ***** ****** ******, *** **** ************** *** ******** the ******* *** *******. **** **** ** **** *** ************ accountable, *** ******* ******** ********** ***** (*.*, ********* *******) ** update ***** ******* ******** ********.

*** ** ******* ***** ********* ** * ********: ** *** extreme **** ******* * ****** *** ***** ****** **, ** the ***** ******* **** *********** ***** *******.

*** ******** ******** ***** ** **** ******* *** ****** **** of **** ********. **** ********* ********* ****’* ****** ********* ** the ******** ** ***** ***/**** (** **** ******’* *** ****** run ** ***** *******), *** ********* *** *** **** *********** for ******* ***** *************** ** *****. * ***’* ******* **** will ****** **** ****** *** ***-********* ******** ******** **** ** some ** *** **** ********* **** *** **** ****** ** the ** *******.

**** ******* ** ****** *************** ** * ***** ***. *** I ******* **** **** *** ** ****** * ******* ** an ***********/******* ***** ******* *** ******* ** *** *** ** date (************, *** ****/*****-****** ***********). **** ******* ** ***** ‘*****’*’ typically ** ***-** ******, *** *****’* **** **** **** ****** be ******** ** ****** ***** ******* ***** ****** *** *************** and ***** **** ******** ** ** **** ***** ****** *******.

* ***** *** **** ***** ***** **** *********** ****** ** Hikvision. *** ******* *** *** *** **** *** ******** *********** passwords. **** ****** ****** ******** *********** *** ********** ** ** their *** ********. *** ******* ** * **** ******** ******* and **** ****** ***** ******* ** * **** **** ****** than **** ******.

** *** ****** **** *** * ****** **** **********, *** alone * ******** ******, **** ******* ********* ** *****. *** it ***** ** **** ***** ** ******* ** ***** ** seconds ** ****** *** **** **** ******* ** **** *******.

******* *** ************ *** **** ** **** ******* **** **** your *** *** ****** ******* *** **** ** ******** *** the *** ** *** ********. * *** ** ************** ***** to *** ************* *** ********.

* ***** **** *** * *** ** ***** ** ** was * ******* ******* *** **** ***** ********* *** **** cameras *** ********* ***** ******** (**** ******** *** ***) *** exactly ** ********** **** *** ************** ***'* *** ****** ******** protocols.

"******* *** ************ *** **** ** **** ******* **** **** your *** *** ****** ******* *** **** ** ******** *** the *** ** *** ********. * *** ** ************** ***** to *** ************* *** ********."

****'* * **** *****.

"*** **** ******* *** ********* ***** ******** (**** ******** *** not) *** ******* ** ********** **** *** ************** ***'* *** proper ******** *********."

****** **** *** ****** ******* * ******** **** ***** ***** for * *** *****, ***** ***** ** ******** ******* ****.

*****- *** ***** ** *** **** * ****** *** *** already **** ********* ** ***** ******** ********. **** *** ****** Activation ******* *** **** ** *********** *** **** **** *** takes *** ******** ** * *** *****.

** **** ******** ******** ****** **********, ********* ****, ****, ** Cameras, **** ****** ****, ****-****, *** ***** ***********, ***, ** is *** ****** ********* **** ** ********* *** ********. ** are **** ********* ******* ****** ** ****** ********* **** **** new ******* ** *** ** **** *********** ***** ********* ** taking.

**** *******

***

*** ********* **** *** **** ** ******* ** **** *** firmware?

**** ******* **** *** ******* **** ******** ** *********, ***** than ***** *** ********* **?

**** ******* ** * ************* ******* ** ******* *** ***** user *******? **** * ***/*** ***** *** **** ***** **** connection ***?

** **, * ***** * *** *************.

** *** *** **** **** ***** ******** **** *** **** machine/IP ** *** ***, *** **** *** ******* ********** ******(*), forcing *** *** ** **-************, **** *** ****** ** ******.

** *****'* ***** *** *******. ** ****** *** ** ******* with *** **** ****** ***** ********.

***** ***** ** ********* ** ******** *** **?

*****- *** ******** ** *** ********* ** *** ********* *** website.

****://***.*********.***/**/**/********.***

*** ***** *******, ****** ** ** **** ******** ********* ******* for ********* *********.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

IP Camera - 15 Year Shootout on May 22, 2017
How far have IP cameras come? We bought and tested 4 cameras across the past 15 years to understand how much and where performance has...
Axis Criticizes OEMs: "When You Buy An Axis Camera, An Axis Camera Is What You Get!" on May 19, 2017
When you buy a Honeywell camera, you likely get a Hikvision, Dahua or some other company's product. The same goes for easily 100 different...
Hackable 125kHz Access Control Migration Guide on May 19, 2017
Despite being one of the most popular credentials, 125 kHz credentials are easily copied and insecure as we showed in our test results, video...
Cisco: Hikvision Hired Us on May 16, 2017
The day after Hikvision's backdoor was confirmed by the US Department of Homeland Security, Hikvision issued a press release about a...
Hikvision Blaming Backdoor On Others, Cannot Hide From DHS on May 11, 2017
Numerous Hikvision employees are blaming their backdoor on others but Hikvision cannot hide from the US Department of Homeland Security. Blaming...
Hanwha 9MP Fisheye Camera Tested (PNF-9010R) on May 09, 2017
12MP sensor fisheye panoramic cameras are becoming increasingly common. We have tested Hikvision's DS-2CD63C2F as well as Panasonic's SFV481 4K...
Hikvision Backdoor Confirmed on May 08, 2017
The US Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued an advisory for...
Hack Your Access Control With This $30 HID 125kHz Card Copier on May 01, 2017
You might have heard the stories or seen the YouTube videos of random people hacking electronic access control systems. The tools that claim to do...
Avigilon Discontinuing Rialto Analytics Line on Apr 27, 2017
Avigilon is informing dealers/partners that the legacy VideoIQ Rialto products have been discontinued, recommending the newer ACC ES Analytics...
Last Day - IP Networking Course May 2017 on Apr 26, 2017
Today is the last day to register for the May IP Networking Course. This is the only networking course designed specifically for video...

Most Recent Industry Reports

Avigilon New COO James Henderson Profile on May 23, 2017
It has been nearly 2 years since the infamous Bryan Schmode 'resigned' as Avigilon COO. Now, Avigilon once again has a COO, promoting James...
Aura's 'Invisible Ripple' Next Gen Intrusion Detection Tested on May 22, 2017
Aura Home is a startup intrusion detection system, but it claims new, high-tech sensing that monitors the 'invisible ripples' movement creates,...
Pelco Shutting Down Clovis Line, Laying Off 200 on May 22, 2017
Pelco's Clovis facility once turned out some of the industry's most popular products. Now, the facility is mostly building "obsolete" equipment,...
IP Camera - 15 Year Shootout on May 22, 2017
How far have IP cameras come? We bought and tested 4 cameras across the past 15 years to understand how much and where performance has...
Remote Video Monitoring Providers Directory on May 19, 2017
Remote video monitoring can help integrators generate RMR plus end users lower their security costs and/or improve response to critical...
Axis Criticizes OEMs: "When You Buy An Axis Camera, An Axis Camera Is What You Get!" on May 19, 2017
When you buy a Honeywell camera, you likely get a Hikvision, Dahua or some other company's product. The same goes for easily 100 different...
Hackable 125kHz Access Control Migration Guide on May 19, 2017
Despite being one of the most popular credentials, 125 kHz credentials are easily copied and insecure as we showed in our test results, video...
Forget The Backdoor, "ALL HIKVISION PRODUCTS" On Sale on May 18, 2017
Less than 2 weeks after the Hikvision Backdoor was confirmed, Hikvision has launched a sale "ON ALL HIKVISION PRODUCTS". In this note, we examine...
Amazon Techs Installing IP Cameras Tested on May 18, 2017
In 2015, Amazon started offering video surveillance installation. Now, Amazon has made it a lot easier, with automatic add-on options and...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact