Hacked Hikvision Camera

Rick Simonton

Young grasshopper
Joined
Jan 1, 2019
Messages
77
Reaction score
10
Location
San Fernando Valley
Hello All!
My camera Hikvision DS-2cd2632f-is was hacked. It is a gray market camera that has a 3rd party firmware.
Not up gradable with Hik firmware I belief.
The iris was stopped down, and the name was changed, along with the passwords.
The camera was still functioning but was extremely dark.
It was suggested that the installer used port forwarding for remote viewing on an iphone, making it vulnerable.
A few weeks later my router quit so I replaced it. The camera has been offline since.
The camera does not show up at all with the SADP tool, but I am able to see the camera data with iVMS 4200.
Using 1111AAAA for the password in the IVMS4200 app, I was able to change the IP address to one within the range of my router. So I now can get to the camera login page. (THANK YOU Alastairstevenson!).
I tried using 1111AAAA at the login page for both UN and PW but that did not work.
Any suggestions would be very appreciated!

Thanks in Advance
Rick
 

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
I tried using 1111AAAA at the login page for both UN and PW but that did not work.
The password is case sensitive.
A common password on a hacked camera is 1111aaaa
Also now asdf1234

My camera Hikvision DS-2cd2632f-is was hacked. It is a gray market camera that has a 3rd party firmware.
Not up gradable with Hik firmware I belief.
As an R0 series camera, it can be converted to English and updatable by using the 'Enhanced MTD hack' of the brickfixV2 method here :
Unbrick and fully upgrade your R0 / DS-2CD2x32 IP cameras -
R0 / DS-2CD2x32 BrickfixV2 brick recovery and full upgrade tool - enhanced.
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,006
Location
USA
I suggest following this advice: How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk
In a nutshell, disable any port forwards, disable UPnP, and set up a VPN server for remote access. Since the camera has already been hacked it would also be wise to prevent it from accessing the internet directly, in case the hack has also installed something persistent (which, granted, is unlikely due to the much greater difficulty of that).
 

Rick Simonton

Young grasshopper
Joined
Jan 1, 2019
Messages
77
Reaction score
10
Location
San Fernando Valley
I suggest following this advice: How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk
In a nutshell, disable any port forwards, disable UPnP, and set up a VPN server for remote access. Since the camera has already been hacked it would also be wise to prevent it from accessing the internet directly, in case the hack has also installed something persistent (which, granted, is unlikely due to the much greater difficulty of that).
I'm on it! thanks
 

Rick Simonton

Young grasshopper
Joined
Jan 1, 2019
Messages
77
Reaction score
10
Location
San Fernando Valley

Rick Simonton

Young grasshopper
Joined
Jan 1, 2019
Messages
77
Reaction score
10
Location
San Fernando Valley

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,930
Reaction score
6,778
Location
Scotland
In the router - the location is going to vary with the specific model, so I can't give you a screenshot to show how to disable that.
When UPnP is enabled in the router, it has been configured to be at the command of any device on the LAN, such as a camera, that requests that it opens up inbound access from the internet to specific internal destinations.

In the cameras - the location varies a bit with the firmware version, but here are a couple of examples of the location :

upload_2019-1-8_20-45-51.png

upload_2019-1-8_20-47-13.png
 

Rick Simonton

Young grasshopper
Joined
Jan 1, 2019
Messages
77
Reaction score
10
Location
San Fernando Valley
In the router - the location is going to vary with the specific model, so I can't give you a screenshot to show how to disable that.
When UPnP is enabled in the router, it has been configured to be at the command of any device on the LAN, such as a camera, that requests that it opens up inbound access from the internet to specific internal destinations.

In the cameras - the location varies a bit with the firmware version, but here are a couple of examples of the location :
Thank You AlastairStevensen that helped a ton!
I turned off UPnP from all three cameras and my router. The akamai whitepaper does not list my router (ASUS RT-AC8600U) as vulnerable but I turned it off just the same.
 
Top