Chinese 5.2.5 to European 5.3.0 -> Possible?

[Zak]

I tend to buy from China couple of these Hikvision DS-2CD2132F-IS cams. Two Chinese dealers said to me that there is installed "multi-language v5.2.5 firmware" which I presume to be china region model "prehacked" to "multi-language". Any idea can I upgrade to v5.3.0 without having to learn to read chinese (u know what i mean)? Is there the same region roulette hack shit had to be done all over again?

If those are "prehacked by the dealer" chinese versions there is always a possibility that the hacking has not been limited to only language change. There is always a possibility to include all kind of nasty surprises into the system like calling "home", software scanning of the network, setting up vulnerabilities and/or opening ports in the system. After all that is only embedded linux inside that can be altered as you wish (and can).

The European PAL version may or may not (?) have the same upgrade limitations than the US versions seem to have?

At least according to Hikvision v5.3.0 has been out a few weeks in Europe (Hikvision Updates the Products Firmware with Security Enhancements - Press Releases - About Hikvision - Hikvision). Any idea where to get that 530 european firmware upgrade?

 

[alastairstevenson]

Unless someone knows differently - I haven't yet seen an IPC 5.3.0 firmware version available for public download, not even on the Hikvision China site.
I'd be interested to have a look.

There is always a possibility to include all kind of nasty surprises

This is true of course for any network-connected electronic device.
The risks, while real, are very small, and there is enough public curiosity and scrutiny that any issues found will become news. Look for example at recent revelations about smart TVs from well-known manufacturers, especially the voice-controlled ones. And your toaster and fridge of course.
To mitigate the risks, your local router should be able to be configured to block outbound traffic from the defined address for the device (or if you are really paranoid and worry the device might sneakily use another use a whitelist instead of a blacklist). And you can also use a fictitious default gateway on the device itself - to inhibit the normal ability to reach the internet. The same paranoid comments apply.
In reality - it's not the camera manufacturers or their resellers we should worry about - it's those agencies that operate on the fringes of the law, as we've heard quite a lot of to their discomfort over the last few years.

I've had a reasonable look round some of the firmware that has come with Hik cameras and an NVR bought via Aliexpress, and compared with officially published files - and I've not found anything unusual apart from the 'check_rs232' utility already mentioned by @networkcameracritic in other threads.

 

[networkcameracritic]

I can see this being a problem with the hacking community with telnet not being available. Of course if you can still fiddle with the firmware, you can inject a telnet daemon and gain access that way. What interesting is that not one firmware release since 5.1.6 has been a product improvement, it's all been countermeasures for hacking Chinese cameras to English and clearly that effort has failed.