Hikvision Responds To Cracked Security Codes

Author: Brian Karas, Published on Aug 15, 2017

Hikvision has responded to IPVM's report on Hikvision's security code being cracked, both with a 2 page update to dealers and communication directly with IPVM.

In this note, we examine Hikvision's response, evaluating the positive and negative elements of it.

Good

On the positive side, Hikvision:

  • Revamped the password reset procedure to a method that is more challenging to crack
  • Has been releasing new recorder firmware that makes an improved method available to users

Bad

On the negative side, problems remain:

  • Hikvision knew about the cracked codes for a long time but never notified dealers until after IPVM published
  • The new method still cannot be disabled
  • The new method still risks being cracked

********* *** ********* ** ****'* ****** ***********'* ******** **** ***** *******, **** ***** * **** ****** ** ********** ************* ******** **** ****.

** **** ****, ** ******* *********'* ********, ********** *** ******** and ******** ******** ** **.

****

** *** ******** ****, *********:

  • ******** *** ******** ***** ********* ** * ****** **** ** more *********** ** *****
  • *** **** ********* *** ******** ******** **** ***** ** ******** method ********* ** *****

***

** *** ******** ****, ******** ******:

  • ********* **** ***** *** ******* ***** *** * **** **** but ***** ******** ******* ***** ***** **** *********
  • *** *** ****** ***** ****** ** ********
  • *** *** ****** ***** ***** ***** *******

[***************]

Improved ******** ******** ** *********

******* *** ******** (*******) ******** *** ********** ***** ***** *** distributed ****** *** ******* ** ******* ******* ******, ********* **** the *** ******* ** ********* ****** ****** *** *******, *** access ** **** ******** **********. **** ****** **** ** ****** to ** ** ** ****** *** / ** *******

New ******** **** ******

********* ****** *** *** ******, ***** **** ***** ** ** the "**** *** ******** ********" ** **** ******, ****** **** did *** ******* ********* *******, **** ** ** ** *** based ** ****** ********** ** ********** ** * *********/******** ***** exchange.

*** ******* ******** ** ******* ** ****** **** **** ***** collected *******, **** ** ********* *******, * **** ** **** is ******** *** **** ****/**** ******** * ******** *****.

***** *** ******** ******* *** ***** ** *** ******'* ******* date *** ****** ******, *** *** ****** ******* ** ****** in ** ***** **** ** *** *********, ***** ** *** Hikvision ********* *** *******:

  • ****** ****** ******
  • ****** ****
  • ******* ***** ******** ** ***** ******** ***
  • ****** ** *** ******** ** ****** ****** ******** ** ******

*** ***** *******, *** ******** ***** ****, *** **** ** form * ****** *****-******* ******, ***** ** **** **** ** Hikvision *******. ** ******* ** **** ******, **** *** ** our **** *****, ** ***** *****:

(**** *** ****** ****** ** ********* ** ********* ** *** end ** *** ******, ***** ***** ** ****** *** ********* support ** ****** ** *** **** ** ******** *** *******)

******** ***** **** ********* ******* ** *** ***** ** *** new ******** *** ****** **** **********, "********" *** "********" ***** examples ** ****** ***** ** ********.

*** ********* ******** **** ** **** *** * ****, ***** previous ***** **** ****-*******. *******, ********* ****** **** *** ***** are **** *** **** * ***, ***** ******** ***** ***** be **** ** ********* ****** ** ***** *** * ***** date.

********* ** *********, *** ***** **** ******** **** ******* **** be ******* ** *** ****** *** ********, ** *** ***** password ******* ***** *** ****** *********** ******.

No ******** ****** ******

** ******** ****** ** *** ****** ** ****** ** ****** collect *** ******** ***** ********* ******, ** *** *** ******** code ********* ** ********* ** ***** *** ***** ********. ********* provides ************ *** ***** ******* ****, ******-**** ********** ******* ***** ********* **** * *******. **** ***** ******* vulnerable ** ****** *** *** ****** *** *** *** ******** is ******** **.

Firmware ******* *********

********* ****** ******** *.*.** *** ***** (*.*., *.*.*, *.*.**) ******* the *** ******** ***** *********.

*********'* ******** ******** ********* **** ******* ********* *** ********** *********, **************'* ***** ******* **** ******* ********** ***** ******* ******** *** **** ** *** *********, ****** with **** ***** ***** ***** ****'* ******. ****: ********* ***** America ******* ***** ******** ********* ** *** *** ******** ******** as ***** *** ** ******** *********** ** *** *** *****.

No *********

**** *** *** ******, *** *** ****** **** *** ***** disabling **** ******** ***** **********. **** ***** **** ****** *** can ******** * ******'* ****** ****** *** ******* ** ****** a ******** ***** ******* ** *********. ** **** *** **** to ******** ********* ** ******** * ***** **** (***** ** likely ***** ***** ************ / ********** ** *******), **** **** can *** **** **** ** **** **** *** ******'* ***** account.

Still *********

** *** ***, ***** ***** ****** ** ********* ****** ********* that *** **** * ****** ** ********** *** *** * computation **** ******* ** * *** ****** ** **********, ***** can **** ** **** ** **** *** ** *** ***** password ** *** ******. ****, *** **** ** ***** **** to ** *******, ******* ** ******** ********, *** ****/** *** code ** *******, ***** ********* ****** ** *** ***** ** vulnerable ** ******.

Failed ** ****** / ****

****** ********* *** ******* ***** **** *** ******** ***** ********* in ******** ******** *** ****, ******* *** *********** ******, **** did *** **** ***** ** ****, ** ******* *** ******* firmware ** ******* * ******** *****. *************, ********* *** * history ** **** ************** ****** ******** ***************, **** ** ** the***-******.*** *************,********* ***** ** ******* ***** ****** **** ***** ** *** publicized, ********* *************. **** ************* ****** **************** **** ***** **** ******** ********* **** ** **** ***** to ******* ** **.

Overall - ************ *** **** ******

** *** ******** ****, ********* *** ***** ***** **** ** the ********* **** *** *** ************* **** ** ******* **** issue *** ****** *** ******* ********* *** ******** ** ***** password *****.

** *** ******** ****, ********* ****** **** ********* **** ******* a **** **** ***, ****** **** ******* *** ** ** be ******** ****** ***. ***** ****** **** ** ***** * method ** ***-*** ** ****** ***** ******* ********** ** ***** codes. ****, *** *** ****** ** ***** ** **** ** being *******, *** *** ***** ** ********* ******* ********** ** authorization/ownership, ******* ***** ***** ** ********* ********* *********** **********.

*********'* ****** ** ********** ** ***** ********, *** ************* ** government *** ********** ********, *** *** ** ***** ********* ***** security ***** **** ** ***-*********** *******-***** ******** ****** ***** ** their ********.

Comments (22)

John Honovich

IPVM | 08/15/17 11:35am

********* *** * ********* ****:

  • ** **** ***-******** ****** *** ******** ** ***** ******** ***************, Hikvision ***** ** **** **** ***** ***** *** *********.
  • ** **** *** ** **** **, **** *** ******* ** no *** **** ******* ** **. *** ** ******* **** reports ** **, ***** ********** **** ** **** **** ******** as ****** **** **** ************* *** ***** ***** **** **** is ***** ******.

* ***** ********* ** ****** *** ***** ***-****** *** *****. Not **** ** ** *** ***** ***** *** ** ***** them ***** / ****** *****.

*** ** *** ***** ********* ****** ****** ***** ******?

Undisclosed Manufacturer #1

08/16/17 12:08am

* ***** ****** **** ******* **** '********' ** *** **** on ***** ****** *** ***** * ***** ****** ** ***** behind ******* *******, ******* **'* '****' ** ***. **'* ********** that **** ** *** ******* ** *** *************** ***** **** time **** *** ********* ** ****.

Undisclosed Integrator #3

In reply to Undisclosed Manufacturer #1 | 08/16/17 06:52pm

*** * ***** *** ***** ****** ***** ******** ******* ** Japan *** ******** ***** ****** ****, * ***** ** ***** be ********** *** **** ** ******* **** ******* ** *******-******* business/society:

****://***.*****-****.***/*******-*******/*************-*******-****/****-**-****/

"** *** **, *** *** ***** *** ********* *** **** shortcomings *** **** ******* *** **** ****** ******* ** ***** from *** ****. ********* *** ********* ********* ** ******* ***** responsibility *** ***** ********.

"*** ********, ****** *** ************ ***, ****** *. **** ***** openly ***** ********** *** ********* ** *******. **** ** ********* that ** ******* ******** ***** **** ** **—** ***** ** a *********** **** ** **** *** ****** ********** ** ******* from."

****** ****: * ** *** ********* *********, *** ********* **** can **** **** ******* ** *** **** ***** ****** ** or *** ** ** *********. **** *** ***** ******** ** America *** **** **** ** ** ***** ** *** ****** norms ** **** ******* **** ******** *** *********.

John Honovich

IPVM | In reply to Undisclosed Integrator #3 | 08/16/17 05:04pm

****, ****** *** ********* ** *****.

******* *******:*****, ******** ** ******* ********, ***** **** ********** ******

*** *******:*****’* ************ ******** ***** **** ****

*** *** *******:******* ********** ***** ** ******** **** ***** ************

***/*** ** ** **** **** ****** ****** '****', *** * fundamental ******* ********.

Undisclosed Integrator #3

In reply to John Honovich | 08/16/17 05:37pm

***, *** ********* ** ***'* ******? *** ***** ***** **** theft, ******, *** ***** ***** ** ******** *****-**** ** ***** no ****** *** *********, *** ****'* ****** *** *** ****. Unfortunately *** ********* **** *** ********* ** ****** ********* ** the ****** **** ** ******** **, **** **** ** **** by **** **** *** * **** *********'* ************* ** ** so ** ******* **** *** (** **** ** ** ******** getting *** ** *** ********* ********* ** *** ******** **).

**** ** *** **** ********* ****, ** ******* ** **** what ****** **** **!

John Honovich

IPVM | In reply to Undisclosed Integrator #3 | 08/16/17 07:10pm

***, *** ********* ** ***'* ******?

**** ******** *** ************* ******, ** *** ****, ********* ***** to ** ** ******** ** *** **** ***** ************* ****** are **** ***********. **** *** '***********' ** ** **** *** problems **** *** ******. ** * ********* ******, *** **** overall *** **** **** ** *** *** *** ** **** that ** **** ********** *** *** ** *** ** **** do.

Undisclosed Integrator #3

In reply to John Honovich | 08/16/17 09:00pm

* **** ****** **** *** *********.

Thumbnail dsc03686 2

Mick Brown

08/16/17 07:31am

*** *********

Undisclosed Integrator #2

08/16/17 03:33pm

* **** **** ***** ****** *** *** ** ********* *** admin ********. **'* **** *** ******* ********* ** *** ******** like *********.

*'** **** ** ** ******* ***** ***** **** ** *** and ***. ********** ** ****** ** *** ******** ***** *****, well ***'* ***** **, **** *** *** ******* ***** ************ by ******...

** * **** ****, ***, *** ** ***** *** ********, has *** ****** ******** **** **** ***** ***** ****** **** of *********. **'* * **** ***** *'** **** ** ******. I ** *** ***** ** ***** ** ****** *** *** sake ** ***** ********. * ****** **** **** *** ******* this ** **** ** ********. **'* **** ****** ** **** before **** **** ******, ** ***** ** ******* ***? ***

Thumbnail brk1

Brian Karas

IPVM | 08/16/17 03:52pm

* **** **** ***** ****** *** *** ** ********* *** admin ********. **'* **** *** ******* ********* ** *** ******** like *********.

**** ** *** *********** ****, *** **** ***********, ** ******* HOW *** ***** ** *********. *** *******, ********* *****, *** Genetec ** ********** **** ** *** ** ***** ***** *********, according ** ********** **** **** *********.******* ******** *** **** ** ** ******* **** ** *** factory. *** *** ***** ** **** ** *** ******* ** not, *** ** **** ****** **** *** **** *** *** be ****** ***** ****** *** *******.

***** ******* **** * ******** ****** **** ***** ** ** pressed, ***** ***** *** ****** ** ********, ********* ******** ****** to *** ****, ******* ** **** ******* ******, ** ** the **** **** *********.

********* ***, ** **** ** *********** **** *** **** ****** on **** ** ****. ***** *** *** *** **** ** a ***** ***** ** ****** (***:********* **** ********** *** ******* ******** ** **+ *** ******), ** ***** ** * ********** ************* ** * ****** password ***** ** **** ** ***** *** ** ***** *******.

Thumbnail marty2016

Marty Calhoun

IPVMU Certified | 08/16/17 01:21pm

"********* ** ********** **** **** *********" **** **** **** * grain ** ****!

Undisclosed #4

In reply to Marty Calhoun | 08/16/17 05:42pm

**** *** ****, ******...

********* ****** *** *** ******, ***** **** ***** ** ** the "**** *** ******** ********" ** **** ******...

Thumbnail brk1

Brian Karas

IPVM | In reply to Marty Calhoun | 08/16/17 05:57pm

**** **** **** * ***** ** ****!

***? ** *** **** ** * *** ** ***** *** admin ********* ** ***** *******? ** *** **** ** * history ** ******** ******** ****** **** ***** *********? (*** **** here, *** ** ****** ********** ***** **** ******, ***.)

Undisclosed #5

08/16/17 05:46pm

** "********" *** "********" *** ******** ** ***** *****, **** it ***** **** ** ***** ** ** *-********* *********** ****** or * ***** **** ****. **** ** ***** *.* ******* possible ************ (***** ** ***** ********* *** **********). * ****** how ****** *** ******* *** ******* * ***** ***** ******?

********* ****** ********* *** ** **** ** *** ********* ** they *****'* **** ** *******

  • ***** ******** ***** ********** ** * ***** **** ***** ***** the **** ******, **** ******* ******** *** ******** ** ***** force *******. **** ***** ***** ***** ******* ************** ****** ** it ****** ** **-****.

  • ******* * ****** (** * **** **** ****) ** *** many ************ ******** *** ****. **** ******* **** ******* ** too **** ****** ***** ******** *** ****, ** ***** **** do **** *******.

*****'* ***** *** ***** ** ***** ***** ** ********* ** generate *** ****. * ***** **'* * ***** ******* ** be **** ** ***** *** ******* ** ******* ****** ** an ***/*** ******* ****** ****, *** * ***** **** ****** absolutely ******* ******** ****** ** *** ****. *** *** ** cameras * ***** ****** **** * ******* ***** *** ******** button ** *** ****** ** *** **** ****** ** ******* access.

Undisclosed Integrator #7

In reply to Undisclosed #5 | 08/16/17 10:33pm

*** ***** *****? *** "************" ** ******* *** ** *** wild *** ***** *** ******** ***** *****. ** *** *** hit *** *** ** *** ** ****** **** *** *** own **.


****://******.**/*****/************************.**
Thumbnail brk1

Brian Karas

IPVM | In reply to Undisclosed Integrator #7 | 08/16/17 10:51pm

***** *** ****** **** ** ** **** **** *** '***** Number', *** ***** ****** *** ******** **** ***** **** **** the ******, *** **** *** ****** ********* ** ****-**** ***** characters.

*** *** ****** ******* **** * ********* ******* ********, **** the ****** ** **** *********. **** ***** ** ***** *** same '***** ******' (*** * ******* **** *** ***), *** enough ***** ******** *** ********* **** ******** ****/*******/******* ******* ****** help.

Undisclosed Integrator #7

In reply to Brian Karas | 08/16/17 07:03pm

* *** ***** *** ************* **** ** *** ******* ***** the *** ****. ** *********.

** *** *** *** ******** ***** ****** ** ** ***** the **** ** ** ** ******. ** ** **** **** security ****** ********* *** ****** ** ***** ******* **** **** the *** ********* *** ** **** ** ***** **** ** square ***.

Thumbnail brk1

Brian Karas

IPVM | In reply to Undisclosed Integrator #7 | 08/16/17 07:07pm

** ** **** **** ******** ****** *********

***** ** **** *********** **** *********, * ***** **** ** agree **** ***. **** ** *** * ***** **** ****** need ** ***** ** **** ***** (*** ** ******* *****) to **** **** **** ****** *** ************ *******, *** **** a ********* **** ** ** *** *********.

Thumbnail brk1

Brian Karas

IPVM | In reply to Undisclosed #5 | 08/16/17 11:02pm

** *******, *** ******** **** **** ****** ****** **** ***** requests ** *********. ***** *** * ***** *** * ****'* publish, *** ** ******** *** **** ******. *** * ** them *** * ****** *****-**** ****** ** *** *** ** the ****, *** **** *** ******* **** ** ** * digits.

***** *** ********* * *** ** ******** ***** *** *** method, ****** **** ******* *** ** **** ** ********* **** some ****** *******.

* ******* ***** ******* *****-***** *******. *** *** ******** ** determining ***** ** *** ******** ***** ******* '***** * ***' that ***** *** **** ***** ** ****** * ***** ****, or ** * ****** **** *** ******** ******* ***** *** unit ****** **?

** *** **** ***** ****** * ******* **** ******* *** 'priming', ** ***** ** * *** **** *********** ** * distributed ***-*** ******. ***** ** * **** ** ***** **** is *** * **** ** ********* **'*, *** **** ****** picks * ****** **** *** ****** **, *** ***** ****. Even **** ********, *******, ***, **** ***** ****** ******* ** a **** ****** ** ******* **** ****. **** ******** ***** then **** ** *********** **** ** ***** *** *********.

** *** ******* ********, ***** ********* ******* *** ** ******** details ** **** ******* ***** *** ******** ***** ******** *********, I ***** **** ****** **** **********, **** ** ******* ** disable **, ***** ****. ** ** *** **** *** ****** to ******* ********* ********* **** ***** **** ** ******* ****-****** exploit, *** **** ****** **** *********'* ******** *** *** ******** for ***** ************.

********* * *********** ***-****** ***** **** ******* **********. ***** $**,*** to ****** **** *** ***** *** *** ********* ** * show ** *****.

Undisclosed Integrator #6

08/16/17 06:40pm

@ *****. *****'* ******* ****** *** ********* **** ********* *** Genetec. ****, **** ** *** ********* ****/**** *** ** ***** to ********* ******* *****. ** ** ***** *** ****** ***** using ***** ** ********* **** *** *** ********* ** *** external ******* (** ********), *** ***** *** ****** ** * Central ******* ****** ******* ********* ** *******, ** ***** * Security *******?

Thumbnail brk1

Brian Karas

IPVM | In reply to Undisclosed Integrator #6 | 08/16/17 07:09pm

** ** ***** *** ****** ***** ***** ***** ** ********* that *** *** ********* ** *** ******** ******* (** ********), but ***** *** ****** ** * ******* ******* ****** ******* Milestone ** *******, ** ***** * ******** *******?

***, ***** ** ***** * ******** *******. ** ******* *** get *** ***** ******** ***** *** **** **** * ********, then **** **** ****-***** ****** ** * **** ********* ** the ******** *******. **** **** *** *** *********** ******* ***** information (** ********* ** *******, ***** *********, ***.) *** *** that ** ****** ***** ********** ** *** *******.

*** *********** **** *** ********, (****** *****, *** ** ******-***** VMSes), *** ************* **** ** ** ******, *** **** ** internal ******* (***** *********) **** *********. **** ******** ****** ** different **** * ***** ******-******** **** ******** ********* ** *** internet, *** * ***** * ******.

Undisclosed #8

08/17/17 04:13am

* ***** * ***-**** **** ********** "*** *******" ** *** near ******.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Hacking

Hikvision Backdoor Exploit on Sep 18, 2017
Full disclosure to the Hikvision backdoor has been released, allowing easy exploit of vulnerable Hikvision IP cameras. As the researcher, Monte...
September IP Networking Course on Sep 14, 2017
LAST Chance - Registration is ending. Register now. This is the only networking course designed specifically for video surveillance professionals...
Fortune 500 Company Bars Dahua and Hikvision on Aug 30, 2017
A Fortune 500 company has barred Dahua and Hikvision cameras from a large RFP due to cyber security concerns, IPVM has confirmed with the...
Security Press Wrong About New NY State Video Law on Aug 29, 2017
SecurityInfoWatch wrongly declared: N.Y. governor signs bill outlawing video surveillance of neighbors SDM wrongly affirmed: It is now illegal to...
Hikvision Happy With Bad Security Unless Hit With Bad Press on Aug 28, 2017
Hikvision is happy to have bad cyber security unless they are hit with bad press, as we detail inside. When you look at the pattern of their...
‘Experts' Fail On Dumbo IP Camera ‘Hack' on Aug 24, 2017
Dumbo, revealed by Wikileaks, has become big news. Unfortunately, 'experts' in the security industry have gotten it wrong, incorrectly contending...
Avigilon CEO Attacks Asian Companies Cyber Insecurity on Aug 18, 2017
Avigilon CEO is taking aim at their Asian competitors. And he is going directly after these company's cyber security issues. In this note, we...
Vulnerability Directory For Access Control Cards on Aug 14, 2017
Knowing which access credentials are insecure can be unclear, especially because most look and feel the same. Even the most insecure 125 kHz types...
Hikvision Security Code Cracked on Aug 08, 2017
Hikvision's 'security code' feature has been cracked and a program generating security codes is being distributed online. IPVM has obtained and...

Most Recent Industry Reports

Reseting IP Cameras - 30 Manufacturer Directory on Sep 22, 2017
Every camera has a reset button (well, almost) but it is not always clear what these buttons do, how long they need to be held, what settings they...
80+ OEMs Verified Vulnerable To Hikvision Backdoor on Sep 22, 2017
Over 80 Hikvision OEM partners, including ADI, Interlogix, LTS, and Northern Video, have been verified as having products vulnerable to the...
Genetec Launches Cloud Access Control (Synergis SaaS) on Sep 21, 2017
Genetec's cloud everything expansion continues, with their announcement of Synergis SaaS edition, joining their cloud video offering Stratocast,...
Genetec CEO Warns Against Insider Threats on Sep 21, 2017
With Dahua and Hikvision cybersecurity issues becoming indisputable, a new counter has emerged. Just put them behind a firewall, buy cheap...
New IPVM Calculator V3 Released on Sep 20, 2017
The New IPVM Calculator V3 is released. An entirely new architecture delivers the following benefits: Turbo The calculator is now ~50% faster in...
Automatic Door Operators For Access Tutorial on Sep 20, 2017
Opening and closing doors might sound simple, but it takes a high-tech piece of door hardware to pull it off. Integrating automatic door operators...
'Clowns' Allege Ubiquiti 'Completely Fraudulent' on Sep 20, 2017
A short seller has alleged Ubiquiti is 'completely fraudulent'. Ubiquiti's CEO has responded calling them 'clowns'. Here is the short...
Avigilon 'Blue' Cloud Entry Examined on Sep 19, 2017
Avigilon is moving to the cloud. The company announced their Avigilon Blue platform, designed to be a web-managed surveillance system, utilizing...
HID Buys Mercury Security on Sep 19, 2017
One of the biggest access control deals in years. Mercury Security, the most widely used access hardware OEM, and partner to 20+ manufacturers,...
Hikvision Backdoor Exploit on Sep 18, 2017
Full disclosure to the Hikvision backdoor has been released, allowing easy exploit of vulnerable Hikvision IP cameras. As the researcher, Monte...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact