Hikvision’s latest security issue (affects Hikvision OEM brands as well)

We have noticed an increasing number of Hikvision cameras being hacked over the last few weeks. If you’re using a Hikvision camera, please pay attention to this post and check if your camera is safe.

The main reason why we are informing end users about this particular security issue is due to how easy it is to gain access into affected devices. It is called a “Hollywood hack”, one press of a button and they’re in. The ease of use combined with the fact that it is a widely known and discussed issue means that it poses a real threat to many users.

Was I hacked?

In most cases, your camera settings will get changed for no apparent reason or the camera will be reset to its factory defaults. A hacked camera might even appear to work completely fine, so we recommend securing your camera anyway.

Please note that this is a tech article, if you’re not familiar with some of the processes below, please try using our AngelBox for additional security or contact your local dealer/camera manufacturer.

Which devices are vulnerable and how are they being attacked?

Certain Hikvision firmware versions have a static password hard-coded into the firmware. This means that no matter how complex the password, every camera can be directly accessed. Most cameras will end up being reset to their factory defaults, in certain cases, the attacker might use the gained access to take over the camera for their own purposes or try to access your network.

For the camera to be vulnerable, its HTTP port (usually port 80, where you access the configuration page of your camera) has to be publicly available. This means that you either have to have it forwarded on your router for remote access or you need to have UPnP enabled in the camera and in the router, as well.

Cameras NOT affected: cameras which are used in closed local networks only, cameras which are only streaming to public through RTSP port or cameras connected to Angelcam through AngelBox.

Both official Hikvision devices and OEM brands selling Hikvision hardware are affected. The brands include, for example, some models from Annke, Digital Watchdog, Hunt, Lorex, Swann, TrendNet and so on.

What to do to secure your cameras?

First, please be warned that you’re performing all these actions at your own risk. We are not responsible for any damage or failures resulting from following the recommendations.

If you’re not familiar with the following, we recommend contacting your local distributor and asking them for an assistance.

To make this matter even more complicated, there are two version of Hikvision devices.

-Devices sold officially through authorized security dealers

-Grey imports usually sold on Amazon, Ebay or Alibaba

The grey imports tend to be translated Chinese versions. Upgrading firmware in such cameras results in “bricking” them (effectively destroying their software completely). These cameras have a “CH” in their serial number. If you have such cameras, you can try any following recommendations except for a firmware upgrade. To upgrade your firmware, please contact your dealer/seller or try following one of many online guides at your own risk.

  1. If you have a HTTP port remotely accessible and you don’t need it, close the port.
  2. In addition to point 1, disable UPnP in your camera network settings and disable UPnP in your router settings as well. It will prevent local devices from opening ports on the router automatically. This feature is usually disabled by default, so just make sure it stays that way.
  3. If you have an officially sold Hikvision device, upgrade the firmware. Most devices should have a firmware 5.5.0 available for download and this specific security issue should be fixed there. Depending on your location, feel free to use one of the following portals:
    http://www.hikvisioneurope.com/portal/?dir=portal%2FProduct%20Firmware%2FFront-ends
    http://www.hikvision.com/en/download_89.html
    http://tech.hikvisionusa.com/firmware/2-uncategorised/2-firmware
    In order to do this process properly, upgrade the firmware by following the recommended manufacturer’s procedure and then reset the camera to its factory defaults. By doing this, you will make sure that there are no configuration changes left after the attack.

    If the device is not Hikvision, but its OEM brand, please contact the manufacturer directly.
  4. If you either can’t change anything mentioned above or if you simply want to improve the general level of security when using Angelcam, try using our AngelBox – a device with end to end video encryption which makes it effectively impossible for the camera to be hacked.
  5. As an additional option, we recommend setting up a VLAN for your security system and disabling the devices from this VLAN to access the rest of your local network. Even if the cameras get hacked, the hacker won’t be able to gain access to the rest of your network.