Has my Hikvision ip camera been hacked?

f13dfx

Getting the hang of it
Oct 15, 2015
98
47
Hello all! Posting a screencap of what appears in my Hikvision camera in BlueIris. Static ip address in my home network is 192.168.0.206 using Port 8095. This Hikvision camera is part of my BlueIris outdoor perimeter DIY 24/7 surveillance system which I am running on a Lenovo TinyPC with Windows 11. I just noticed this today that there is a red-colored overlay besides the usual BlueIris overlay. I cannot get into the camera using the admin login/password.

What can I do now? I am thinking that if there was any virus installed, it may have compromised my entire BlueIris system since I use the same login/password for the other 4 ip cameras.

backyard.jpg
 
Last edited:
  • Sad
Reactions: Cape Fear
That looks like the camera overlay.

Are you sure you are using the right user/password? If someone hacked it and changed it, then you wouldn't see the video feed in BI.

Go into BI under camera setting and see what the user and password is.

I am assuming the cameras are connected to the router/internet instead of Dual NIC or VLAN and that you port forward?
 
I did go into BlueIris to double-check the login/pwd but couldn’t get in with it and yes, it’s connected to a Zyxel unmanaged switch & port forwarded.
 
Last edited:
Actually, I didn’t do a port forward.
It's likely the cameras have a P2P type NAT Traversal enabled, I think Hikvison calls it EasyIP or Easy4IP. Unplug your modem and router temporarily, reset the cameras, and disable that.

There's also a slight chance that a computer or device on your network (possibly even your router) is compromised and was used to hack the camera.
 
Certainly one of various possibilities, if port forwarding is active.

Actually, I didn’t do a port forward.
It could be that the camera has configured port forwarding by itself, if UPnP is enabled in both the camera and your router, as it often can be by default.
Check both their web GUIs to see.
 
If you've not disabled upnp and enabled external access only via a configured VPN in your router, then you must be port forwarding if there is external access. If you have a VPN enabled, then your router shoud refuse (not acknowledge and drop causing a time out) for any connection request not sent via a properly configured VPN client. Easy to check. Just try and access your routers WAN IP from the internet eg from work or another external location (not your home wifi) without using the VPN. If you can reach your router, and either get a response (any) or a router login page, you're not secure.
 
have you ran any virus scans like ESET on line scanner?
 
If you've not disabled upnp and enabled external access only via a configured VPN in your router, then you must be port forwarding if there is external access. If you have a VPN enabled, then your router shoud refuse (not acknowledge and drop causing a time out) for any connection request not sent via a properly configured VPN client. Easy to check. Just try and access your routers WAN IP from the internet eg from work or another external location (not your home wifi) without using the VPN. If you can reach your router, and either get a response (any) or a router login page, you're not secure.
I reset my cablemodem to factory defaults. Turns out uPnP was enabled by default, so I disabled that. Was able to factory reset all ip cameras & disable uPnP on all of them except for Hikvision DS-2532F-IWS which I disconnected before, ever since I discovered the red text overlay. Tried to access WAN IP of my cablemodem remotely and definitely cannot.

I plan to take down the Hikvision & try to do a factory reset without it being connected to my LAN. If successful, I plan to upgrade to latest firmware & see how it goes from there.