Menu
What's new

Has my Hikvision ip camera been hacked?

F

f13dfx

Getting the hang of it
Joined
Oct 15, 2015
Messages
91
Reaction score
44
Hello all! Posting a screencap of what appears in my Hikvision camera in BlueIris. Static ip address in my home network is 192.168.0.206 using Port 8095. This Hikvision camera is part of my BlueIris outdoor perimeter DIY 24/7 surveillance system which I am running on a Lenovo TinyPC with Windows 11. I just noticed this today that there is a red-colored overlay besides the usual BlueIris overlay. I cannot get into the camera using the admin login/password.

What can I do now? I am thinking that if there was any virus installed, it may have compromised my entire BlueIris system since I use the same login/password for the other 4 ip cameras.

backyard.jpg
 
Last edited:
wittaj

wittaj

IPCT Contributor
Joined
Apr 28, 2019
Messages
25,041
Reaction score
48,824
Location
USA
That looks like the camera overlay.

Are you sure you are using the right user/password? If someone hacked it and changed it, then you wouldn't see the video feed in BI.

Go into BI under camera setting and see what the user and password is.

I am assuming the cameras are connected to the router/internet instead of Dual NIC or VLAN and that you port forward?
 
F

f13dfx

Getting the hang of it
Joined
Oct 15, 2015
Messages
91
Reaction score
44
I did go into BlueIris to double-check the login/pwd but couldn’t get in with it and yes, it’s connected to a Zyxel unmanaged switch & port forwarded.
 
Last edited:
tangent

tangent

IPCT Contributor
Joined
May 12, 2016
Messages
4,427
Reaction score
3,669
f13dfx said:
Actually, I didn’t do a port forward.
Click to expand...
It's likely the cameras have a P2P type NAT Traversal enabled, I think Hikvison calls it EasyIP or Easy4IP. Unplug your modem and router temporarily, reset the cameras, and disable that.

There's also a slight chance that a computer or device on your network (possibly even your router) is compromised and was used to hack the camera.
 
alastairstevenson

alastairstevenson

Staff member
Joined
Oct 28, 2014
Messages
15,963
Reaction score
6,794
Location
Scotland
johnfitz said:
@alastairstevenson is this what you are thinking...

Security Notification - Command Injection Vulnerability in Some Hikvision products
Click to expand...
Certainly one of various possibilities, if port forwarding is active.

f13dfx said:
Actually, I didn’t do a port forward.
Click to expand...
It could be that the camera has configured port forwarding by itself, if UPnP is enabled in both the camera and your router, as it often can be by default.
Check both their web GUIs to see.
 
CCTVCam

CCTVCam

Known around here
Joined
Sep 25, 2017
Messages
2,676
Reaction score
3,506
If you've not disabled upnp and enabled external access only via a configured VPN in your router, then you must be port forwarding if there is external access. If you have a VPN enabled, then your router shoud refuse (not acknowledge and drop causing a time out) for any connection request not sent via a properly configured VPN client. Easy to check. Just try and access your routers WAN IP from the internet eg from work or another external location (not your home wifi) without using the VPN. If you can reach your router, and either get a response (any) or a router login page, you're not secure.
 
F

f13dfx

Getting the hang of it
Joined
Oct 15, 2015
Messages
91
Reaction score
44
CCTVCam said:
If you've not disabled upnp and enabled external access only via a configured VPN in your router, then you must be port forwarding if there is external access. If you have a VPN enabled, then your router shoud refuse (not acknowledge and drop causing a time out) for any connection request not sent via a properly configured VPN client. Easy to check. Just try and access your routers WAN IP from the internet eg from work or another external location (not your home wifi) without using the VPN. If you can reach your router, and either get a response (any) or a router login page, you're not secure.
Click to expand...
I reset my cablemodem to factory defaults. Turns out uPnP was enabled by default, so I disabled that. Was able to factory reset all ip cameras & disable uPnP on all of them except for Hikvision DS-2532F-IWS which I disconnected before, ever since I discovered the red text overlay. Tried to access WAN IP of my cablemodem remotely and definitely cannot.

I plan to take down the Hikvision & try to do a factory reset without it being connected to my LAN. If successful, I plan to upgrade to latest firmware & see how it goes from there.
 
You must log in or register to reply here.
Top