Hikvision Defaulted Devices Getting Hacked

Yes. I have been locked out of two of my HikVision cameras that had not had the default password changed.


Sent from my iPhone using Tapatalk
 
I would say this is not really getting hacked and more some kid is changing the password on someone's cam that is to dumb to change the default passwords. 2 different things IMHO.
 
h_2_o said:
I would say this is not really getting hacked and more some kid is changing the password on someone's cam that is to dumb to change the default passwords. 2 different things IMHO.
Click to expand...
There is more to it...based on the article and the comments, it appears (at least for now) that this password change occurred on devices that only have the 8000 server port open....unless you can change the password via ivms(with only the server port open) they must have been doing something else to gain access to the camera.
 
Don't hikvision make you change the password when you first setup the camera? Also why would you have port 8000 open.
 
Camit said:
Don't hikvision make you change the password when you first setup the camera? Also why would you have port 8000 open.
Click to expand...
read the article, this affects devices running older firmware...
Because hikvision uses port 8000 to communicate with hikvision apps..
 
  • Like
Reactions: johnyfalco
i think it was a rhetorical question. like "who in their right mind would have port 8000 open" anyone who knows what they are doing would forward a different "public" port to 8000
 
Trax95008 said:
i think it was a rhetorical question. like "who in their right mind would have port 8000 open" anyone who knows what they are doing would forward a different "public" port to 8000
Click to expand...
I don't think so.. Anyone who knows what they're doing won't forward any ports ..
 
changing port numbers does nothing, its very easy to fingerprint services running on any port and with all the bots out there they can scan every IP on the internet and fingerprint every available service and usually versions too without much effort.

Your getting scanned for attack surfaces pretty much the moment your exposed to the internet.. Obfuscation wont help you at all.
 
In fact there is a program out the that will scan one port on the entire internet in like 5 minutes.

Sent from my Nexus 6P using Tapatalk
 
fenderman said:
There is more to it...based on the article and the comments, it appears (at least for now) that this password change occurred on devices that only have the 8000 server port open....unless you can change the password via ivms(with only the server port open) they must have been doing something else to gain access to the camera.
Click to expand...

You can change the password with only the server port (manually can be done from both iVMS-4200 and even iVMS-4500).

For those using password "12345", well, doh... 3 years and a half ago I found an indian company that had 1612 (!!!!) Hikvision devices online with "12345" password, I even wrote an entry on our company blog about it.
Passwords por defecto en un equipo de CCTV: lo que NO hay que hacer - Securamente - El blog de Securame
 
  • Like
Reactions: fenderman
Securame said:
You can change the password with only the server port (manually can be done from both iVMS-4200 and even iVMS-4500).

For those using password "12345", well, doh... 3 years and a half ago I found an indian company that had 1612 (!!!!) Hikvision devices online with "12345" password, I even wrote an entry on our company blog about it.
Passwords por defecto en un equipo de CCTV: lo que NO hay que hacer - Securamente - El blog de Securame
Click to expand...
I no longer have 4500 installed but I don't recall an option to change the password...
 
What is the exposure for those NVRs that were hacked, and subsequently recovered via an admin password change? Any risk of malicious scripts left behind by the hackers?
 
Apart from ports 80,554 and 8000 there is also port 443 opened on my router. Anyone know what is it for? Seems like this is the where the attack came from.
 
You must log in or register to reply here.
Top Bottom