Hikvision camera resets ITSELF to factory default twice!

[d3sentryGunZ]

Hello,

There is a serious problem that has been happening for the last days which is driving me crazy. September 18, I wanted to watch my camera from IVMS-4500 and it said that the device was offline.
I thought someone disconnected it, because it is connected to 12volt DC transformer. To my surprise, not only it was connected, but the IR LED was on (I deactivated it from the settings)
Connected the camera to the pc, and it asked me for a new password and to activate it, and i was like.. what??? I thought of the minimum possibility that something or someone touched the reset button, but that is impossible.
Alright, I setted up the camera again and has been running perfectly for 3 days. Now, I went outside and again, the IR led was on. September 18 at 9:12AM and September 21 at 00:08 AM the camera ITSELF reseted to factory default.
The reset button doesn't seem to be stucked, even if it were, it does not reset the camera password because I pressed it and it only reset some settings. The worst thing I can think is that someone hacked my wifi and camera passwords.. which I think is ALMOST impossible.
I really don't know what to do. I figured out that the only way or the easiest for the camera to ask for a new password again, is to reset it to factory default by the web.

The camera is a CUBE DS-2CD2432F-IW, bought on 2016, never had any problem. Firmware is stock (V5.3.0 build 151016)

Searched on the web, and curiously nobody has been through this yet.

Any ideas?

 

[cyberwolf_uk]

I personally would block the camera from accessing the internet, change my admin password and disable any uPNP, P2P, DDNS and turn off any port forwarding.... Then run the camera for a few days to see if you are still having this issue. Also maybe look into updating the firmware to the latest version if your camera isn't a Chinese hacked camera. As there has been reports of backdoor access into Hikvision cameras using default usernames and passwords.

 

[Speed666]

Thanks one of forum collegues that published a 0day to Hikvision camera. hundred of thousands of cameras are now being reseted to factory default.
And in March he took 20BTC propably for this info: Just great.
1N9fKwsy7AphUHZJshCp4L7RJG5CvuXnAk | BitRef

Money as we see was not enough - he also wanted to be famus. So, he is.
Soon he will have a lot of enemies. In whole world.

 

[fenderman]

Thanks one of forum collegues that published a 0day to Hikvision camera. hundred of thousands of cameras are now being reseted to factory default.
And in March he took 20BTC propably for this info: Just great.
1N9fKwsy7AphUHZJshCp4L7RJG5CvuXnAk | BitRef

no, its thanks to hikvisions poor firmware implementation...stop blaming folks for outing security holes....this is ALL on hikvision...they need to focus on coding better firmware rather than how to brick china region cameras.
This reset is actually VERY good for the op...now he knows that hikvision and other firmware cannot be trusted to be secure and will implement a vpn. See it all works out in the end.

 

[Speed666]

Let me see how you will react if you have 10cams in whole country online and now you have to visit them all.
Think about who lost money and time here - not me, not Hikvision. Simple guys, from this forum also. Just like that.

 

[fenderman]

Let me see how you will react if you have 10cams in whole country online and now you have to visit them all.
Think about who lost money and time here - not me, not Hikvision. Simple guys, from this forum also. Just like that.

Only a complete idiot would have this problem....they deserve it...No one who has half a brain and reads this forum exposes their cameras direct to the internet via port forward. Anyone who does this professionally and "lost money" should not be in this business.

 

[d3sentryGunZ]

I was expecting you guys were going to told me that the camera was defective.. and now you say thousands of cameras of hikvision are hacked? what the hell? I don't get a word of what you are all saying.. but will have to take an extensive look to the Backdoor found in Hikvision cameras post...

I only use the camera to watch the front of the house.. nothing else.. no professional use here. Also no default passwords too.

 

[Speed666]

I am not talking about CCTV installers for god sake. I am talking about simple guy who bought ip camera like this one up here and has no idea about what happend.
Ok, you dont understand. You still cannot understand that this hit simple user who bought cameras by themselves. For home-use.
They bough on Ali, did port redirection. Soon they will try to upgrade cams from Ali and brick them.
Simple user will have to pay for a tech guy do fix it. Again, who will lost money?
This is not my problem. I asked to be human. I see that many of you aren't.

d3sentryGunZ - sorry to hear that. One guy from this forum put public a firmware bug information that even kid can use and now someone like you have problems.

 

[d3sentryGunZ]

I am not talking about CCTV installers for god sake. I am talking about simple guy who bought ip camera like this one up here and has no idea about what happend.
Ok, you dont understand. You still cannot understand that this hit simple user who bought cameras by themselves. For home-use.
They bough on Ali, did port redirection. Soon they will try to upgrade cams from Ali and brick them.
Simple user will have to pay for a tech guy do fix it. Again, who will lost money?
This is not my problem. I asked to be human. I see that many of you aren't.

Just in case.. I am 99% that is not a chinese. bought it on amazon to a private seller and I am pretty sure that is a US model. I always saw that updating was very tricky or complicated so I left it out as it is because I don't want to brick it. I just disconnected the hell out of the camera, lol

 

[Mike A.]

Just in case.. I am 99% that is not a chinese. bought it on amazon to a private seller and I am pretty sure that is a US model. I always saw that updating was very tricky or complicated so I left it out as it is because I don't want to brick it. I just disconnected the hell out of the camera, lol

Could be unrelated but just to be sure, see here:

Hangzhou Hikvision Digital Technology Co. Ltd.

You can check that against the version of firmware that you have and there's a link to updated firmware that you can download. Make sure that it's a US camera before you do.

As above, you also should stop exposing your network to the outside world if you are. Just a matter of time before it or something else results in another possibly larger problem. Used to be able to get away with that sort of thing but you can't now.

 

[fenderman]

I am not talking about CCTV installers for god sake. I am talking about simple guy who bought ip camera like this one up here and has no idea about what happend.
Ok, you dont understand. You still cannot understand that this hit simple user who bought cameras by themselves. For home-use.
They bough on Ali, did port redirection. Soon they will try to upgrade cams from Ali and brick them.
Simple user will have to pay for a tech guy do fix it. Again, who will lost money?
This is not my problem. I asked to be human. I see that many of you aren't.

d3sentryGunZ - sorry to hear that. One guy from this forum put public a firmware bug information that even kid can use and now someone like you have problems.

Yes, they should not be doing this because they don't know what they are doing...at least now the hack only hurts them and is not being used as a botnet....

 

[alastairstevenson]

at least now the hack only hurts them and is not being used as a botnet....

In this specific case, yes.
But the opportunity to make use of it has been extended to a less capable set of bad actors. And annoyed the security services by diluting their 0-day stash.

What I think is really bad about this is how Hikvision have placed traps in the firmware to trip up those people who believe, as you would, that they are doing the right thing by applying firmware updates to patch security issues. And then discover in doing the update that the manufacturer has contrived to punish them because they had not obtained the product through an 'authorised source'.
And straightforward though it may be for the basically IT literate person, the 'enhanced mtd hack' is going to have only a minute effect on the installed base.

 

[BertCCTV]

Thanks one of forum collegues that published a 0day to Hikvision camera. hundred of thousands of cameras are now being reseted to factory default.

Wait a minute. You previously said that you've been aware of this vulnerability for 2 years. Now you're also saying that you know for a fact that hundreds of thousands of cameras are being reset as a result of Montecrypto's disclosure. How exactly would you know that? Sounds a little suspicious if you ask me!

 

[Speed666]

I wrote some time ago to Hik an email with this - not so well documented and forgot about that. As you see in my earlier posts here i was trying to repack firmware for special requirement. After i signed NDA i couldnt help more here. Nevermind, this is not the proper way of reporting an issue.

 

[Speed666]

Btw if You are a professional, you dont need a help from a forum like fenderman tries to insist. There are meetings sponsored by manufacturers where you can learn, and many more. Also your seller supports you. If you say you are professional and you dont need very special assistance, you dont need a forum help to work.

That was great to ask me to pack a firmware for many of us, now you treat me like an idiot. Doesn't matter right now.

Great that montecrypto published it, i think that he will soon have a huge problems. We will have too.

Check 5.5.0 firmware changes and you will see by yourselves.

 

[fenderman]

Btw if You are a professional, you dont need a help from a forum like fenderman tries to insist. There are meetings sponsored by manufacturers where you can learn, and many more. Also your seller supports you. If you say you are professional and you dont need very special assistance, you dont need a forum help to work.

That was great to ask me to pack a firmware for many of us, now you treat me like an idiot. Doesn't matter right now.

Great that montecrypto published it, i think that he will soon have a huge problems. We will have too.

Check 5.5.0 firmware changes and you will see by yourselves.

Stop it already...hikvisions own best practices recommend port forwarding - that tells you how dumb they are...there are lots of professional installers here...you are an idiot since you install these cameras improperly...otherwise you would not have any issues...
Also further note that there a MANY high ranking hikvision employees who are members on this website...hmmmm i wonder why...

 

[Speed666]

You are not worth a response.

 

[normel]

Same here.. I am installer and received about 50 complains last 2 days. Some camera's factory reset ( inactive ) some ip adresses changed out of the range.. Couldnt be coinsidence knew it.

 

[fenderman]

You are not worth a response.

Good..
Shut your mouth and stop shilling for hikvision..

 

[fenderman]

Same here.. I am installer and received about 50 complains last 2 days. Some camera's factory reset ( inactive ) some ip adresses changed out of the range.. Couldnt be coinsidence knew it.

Why are the camera's port forwarded?