Hacked Hikvision Camera

Discussion in 'Hikvision' started by Rick Simonton, Jan 7, 2019.

Share This Page

  1. Rick Simonton

    Rick Simonton Young grasshopper

    Joined:
    Jan 1, 2019
    Messages:
    70
    Likes Received:
    6
    Location:
    San Fernando Valley
    Hello All!
    My camera Hikvision DS-2cd2632f-is was hacked. It is a gray market camera that has a 3rd party firmware.
    Not up gradable with Hik firmware I belief.
    The iris was stopped down, and the name was changed, along with the passwords.
    The camera was still functioning but was extremely dark.
    It was suggested that the installer used port forwarding for remote viewing on an iphone, making it vulnerable.
    A few weeks later my router quit so I replaced it. The camera has been offline since.
    The camera does not show up at all with the SADP tool, but I am able to see the camera data with iVMS 4200.
    Using 1111AAAA for the password in the IVMS4200 app, I was able to change the IP address to one within the range of my router. So I now can get to the camera login page. (THANK YOU Alastairstevenson!).
    I tried using 1111AAAA at the login page for both UN and PW but that did not work.
    Any suggestions would be very appreciated!

    Thanks in Advance
    Rick
     
  2. pozzello

    pozzello Getting comfortable

    Joined:
    Oct 7, 2015
    Messages:
    1,439
    Likes Received:
    384
    alastairstevenson likes this.
  3. alastairstevenson

    alastairstevenson Staff Member

    Joined:
    Oct 28, 2014
    Messages:
    10,075
    Likes Received:
    3,048
    Location:
    Scotland
    The password is case sensitive.
    A common password on a hacked camera is 1111aaaa
    Also now asdf1234

    As an R0 series camera, it can be converted to English and updatable by using the 'Enhanced MTD hack' of the brickfixV2 method here :
    Unbrick and fully upgrade your R0 / DS-2CD2x32 IP cameras -
    R0 / DS-2CD2x32 BrickfixV2 brick recovery and full upgrade tool - enhanced.
     
  4. bp2008

    bp2008 Staff Member

    Joined:
    Mar 10, 2014
    Messages:
    7,940
    Likes Received:
    4,718
    I suggest following this advice: How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk
    In a nutshell, disable any port forwards, disable UPnP, and set up a VPN server for remote access. Since the camera has already been hacked it would also be wise to prevent it from accessing the internet directly, in case the hack has also installed something persistent (which, granted, is unlikely due to the much greater difficulty of that).
     
    alastairstevenson likes this.
  5. Rick Simonton

    Rick Simonton Young grasshopper

    Joined:
    Jan 1, 2019
    Messages:
    70
    Likes Received:
    6
    Location:
    San Fernando Valley
    I'm on it! thanks
     
  6. Rick Simonton

    Rick Simonton Young grasshopper

    Joined:
    Jan 1, 2019
    Messages:
    70
    Likes Received:
    6
    Location:
    San Fernando Valley
  7. Rick Simonton

    Rick Simonton Young grasshopper

    Joined:
    Jan 1, 2019
    Messages:
    70
    Likes Received:
    6
    Location:
    San Fernando Valley
    Thank You Pozzello! But I just got it up using 1111aaaa. But I'll keep this in mind for the future
     
  8. alastairstevenson

    alastairstevenson Staff Member

    Joined:
    Oct 28, 2014
    Messages:
    10,075
    Likes Received:
    3,048
    Location:
    Scotland
    Wow!
    But hopefully you won't need it in the future ...
     
  9. Rick Simonton

    Rick Simonton Young grasshopper

    Joined:
    Jan 1, 2019
    Messages:
    70
    Likes Received:
    6
    Location:
    San Fernando Valley
    I've confirmed that no ports are open (thank you NoloC) But how do I disable UPnP?
     
  10. alastairstevenson

    alastairstevenson Staff Member

    Joined:
    Oct 28, 2014
    Messages:
    10,075
    Likes Received:
    3,048
    Location:
    Scotland
    In the router - the location is going to vary with the specific model, so I can't give you a screenshot to show how to disable that.
    When UPnP is enabled in the router, it has been configured to be at the command of any device on the LAN, such as a camera, that requests that it opens up inbound access from the internet to specific internal destinations.

    In the cameras - the location varies a bit with the firmware version, but here are a couple of examples of the location :

    upload_2019-1-8_20-45-51.png

    upload_2019-1-8_20-47-13.png
     
  11. Rick Simonton

    Rick Simonton Young grasshopper

    Joined:
    Jan 1, 2019
    Messages:
    70
    Likes Received:
    6
    Location:
    San Fernando Valley
    Thank You AlastairStevensen that helped a ton!
    I turned off UPnP from all three cameras and my router. The akamai whitepaper does not list my router (ASUS RT-AC8600U) as vulnerable but I turned it off just the same.
     
  12. Rick Simonton

    Rick Simonton Young grasshopper

    Joined:
    Jan 1, 2019
    Messages:
    70
    Likes Received:
    6
    Location:
    San Fernando Valley
    Thanks for the advice BP2008, I have disabled UPnP on all 3 cameras and my router. Still working on the VPN