Hikvision backdoor? (WSJ article)

Cljs

Cljs

Young grasshopper
May 21, 2014
48
19
Link:
Surveillance Cameras Made by China Are Hanging All Over the U.S. - WSJ

In May, the Department of Homeland Security issued a cybersecurity warning saying some of Hikvision’s cameras contained a loophole making them easily exploitable by hackers. The department assigned its worst security rating to that vulnerability.

Also in the article: interesting description of technologies Hikvision is developing.
 
Yeah, @Cljs, montecrypto (a member on this forum) found the "backdoor" which was easily executed on any cameras that were/are port forwarded and have an outdated firmware (below 5.4.5)

Here's IPVM's Demo Video:

Here's the ICS-CERT page: Hikvision Cameras | ICS-CERT
 
  • Like
Reactions: Bink and fenderman
Also, @bp2008 made a program from the exploit that allowed you to easily change the password on the cameras that were dated earlier than version 5.4.5. You can find it here: Hikvision camera admin password reset tool

and I can personally vouch that his release of the password generator script and Password reset tool has saved me hours of waiting to get a password reset.
 
  • Like
Reactions: alastairstevenson
montecrypto said:
Neutrally-toned, paywalled article, outdated information, too much credit to DHS, no mentioning of researchers, published 6 months too late... Typical WSJ.
Click to expand...
It amazes me that they can publish something like that and not give you credit.
 
montecrypto said:
I need no credit. I need to not be able to trust my cameras. :)
Click to expand...
I understand that, but credit is due whether you need it or not....no one will be able to trust any camera ever....the true solution is open source verified firmware. There is no need for hikvision or any camera manufacturer to be in the firmware business....they suck at it.
 
You must log in or register to reply here.
Top Bottom