Set up hikvision thermal camera with HIK connect app

[daveqrj]

Hi there,

Bought my first HIK cam second hand (but only used for demo) and trying to set it up with the HIK connect app.

DS-2TD2617-3/V1

Hikvision DS-2TD2617-3/V1 Thermal & Optical Bi-spectrum Network Bullet Camera

www.hikvision.com

I attach a few pictures.

Questions:

1. The camera is connected to a POE injector that is connected to my network switch.

I pressed the reset button on the camera for 10 seconds.

With my Android phone connected to the same WiFi that the POE injector is connected to, I open the HIK connect app I try to add the camera by selecting to add a new camera, but it does not find it. Any idea what is wrong?

2. Any comments on this camera - is it a good one or does it have issues?

3. Is the glass in front of one of the sensors missing? Or has there never been one there? Just a little worried about rain entering there.

4. I hear clicks coming from the camera coming now and then. I guess it is the filter switching on/off. It is evening here, but is that normal to go on / off within some minutes?

 

[wittaj]

The camera default address is 192.168.1.64 and I suspect your system isn't on the same IP subnet range of 192.168.1.xx

If you make your system that same subnet you will see it.

Regarding the lens, I have the Dahua version and it looks like that. That is the thermal side and I suspect glass there would impact the thermal.

 

[daveqrj]

Thanks for the quick reply!

Yes, I tried to type in that IP in the browser (which is according to the manual) but it was not found.

How would I make my system the same subnet?

Thanks for info about the lens. No problems with water getting in there?

 

[wittaj]

Mine have been running years with no issues. I would assume that the assembly is water tight without a piece of glass there.

You could download the SADP software from the Hikvision website, run it on your computer, and it will automatically detect available Hikvision devices on your network, but it may or may not work depending on your network configuration.


Unhook a computer or laptop from the internet and go into ethernet settings and using the IPv4 settings manually change the IP address to 192.168.1.100

Then power up your camera and wait a few minutes.

I would suggest you use Internet Explorer - not Edge or Chrome with IE tab, but plain ole Explorer. If you use another browser some of the settings may not hold and type in 192.168.1.64 and you will then access the camera.

Do whatever it asks to initialize the camera - maybe country and set password, etc.

Then go to the camera Network settings and change the camera IP address to the range of your system and hit save.

You will then lose the camera connection.

Then reverse the process to put your computer back on your network IP address range.

Next open up INTERNET EXPLORER and type in the new IP address that you just gave the camera to access it.

OR use SADP, but most of us prefer the above as it is one less program needed and one less chance for the cameras to phone home or for something to get screwed up.

 

[daveqrj]

Mine have been running years with no issues. I would assume that the assembly is water tight without a piece of glass there.

You could download the SADP software from the Hikvision website, run it on your computer, and it will automatically detect available Hikvision devices on your network, but it may or may not work depending on your network configuration.


Unhook a computer or laptop from the internet and go into ethernet settings and using the IPv4 settings manually change the IP address to 192.168.1.100

Then power up your camera and wait a few minutes.

I would suggest you use Internet Explorer - not Edge or Chrome with IE tab, but plain ole Explorer. If you use another browser some of the settings may not hold and type in 192.168.1.64 and you will then access the camera.

Do whatever it asks to initialize the camera - maybe country and set password, etc.

Then go to the camera Network settings and change the camera IP address to the range of your system and hit save.

You will then lose the camera connection.

Then reverse the process to put your computer back on your network IP address range.

Next open up INTERNET EXPLORER and type in the new IP address that you just gave the camera to access it.

OR use SADP, but most of us prefer the above as it is one less program needed and one less chance for the cameras to phone home or for something to get screwed up.

Thanks a lot for that great explanation! - I will try that and cross my fingers.

Any idea how I find out what IP to assign to the camera? I am not very knowledge about IP addresses.

When I have done that, do you then suppose that I could use the app to set it all up, or would I need to access the camera from the browser to configure it?

I see on the HIK website (link in the first message) that there is also a firmware upgrade. Can it be done from the app or the browser, or do I need additional tools for that?

About the phoning home, is that a concern that I should do anything to protect against or would that require a lot more configuration and custom setup?

I really appreciate your help, thanks a lot for your easy to understand replies.

 

[wittaj]

There are many IP scanners available that you can use to find all the IP addresses of your devices.

Or you can use the command prompt and type in arp -a to see all the IP addresses of your devices.

Or most routers will assign devices from 1 to 255, so pick a number higher than that as the router won't assign an IP address above it.

Yes you can upload new firmware from the browser.

Many people here do not update firmware. In some instances it bricks the device because someone tries to flash the wrong firmware. One camera may have 3 or 4 different chipsets over the life of the camera and they are not compatible with one another.. Other times it removes something you were using. Only update if the release notes specifically state it is fixing a problem you have.

Most here do not give their cameras access to the internet. They can be easily hacked and lots of backdoor vulnerabilities.

Lots of ways to do that from managed switch or dual NIC to parental controls in the router. And everything in between.

How to Secure Your Network (Don't Get Hacked!)

Many camera networks are unsecure, even those installed by professionals. This guide gives basic instruction in how to secure a camera network from the most common types of attacks. Perhaps the most important rule of securing a computer network is to not forward ports to unsecure services...

ipcamtalk.com

 

[daveqrj]

There are many IP scanners available that you can use to find all the IP addresses of your devices.

Or you can use the command prompt and type in arp -a to see all the IP addresses of your devices.

Or most routers will assign devices from 1 to 255, so pick a number higher than that as the router won't assign an IP address above it.

Yes you can upload new firmware from the browser.

Many people here do not update firmware. In some instances it bricks the device because someone tries to flash the wrong firmware. One camera may have 3 or 4 different chipsets over the life of the camera and they are not compatible with one another.. Other times it removes something you were using. Only update if the release notes specifically state it is fixing a problem you have.

Most here do not give their cameras access to the internet. They can be easily hacked and lots of backdoor vulnerabilities.

Lots of ways to do that from managed switch or dual NIC to parental controls in the router. And everything in between.

How to Secure Your Network (Don't Get Hacked!)

Many camera networks are unsecure, even those installed by professionals. This guide gives basic instruction in how to secure a camera network from the most common types of attacks. Perhaps the most important rule of securing a computer network is to not forward ports to unsecure services...

ipcamtalk.com

Thanks a lot!
I will try to do it very soon.

About the firmware update, would it not be safe to update the firmware when it is listed in the product page for that specific camera? Or how do I verify that it is compatible?

I skimmed through the guide you linked to regarding security. But would I not have to allow my camera access to the Internet in order to use the HIK connect app to see the stream and receive alerts when I am not at home and connected to my WiFi? I will not be setting up any NVR or anything, just want to connect the camera and receive alerts through the app (in a way that prevent backdoor and hacking access).

 

[wittaj]

My suggestion would be see if the camera works and does what you need. If it doesn't then do a lot of research on the update and if it will fix the problem you have and not remove something.

Here is one of many threads of someone updating for OCD behavior simply to get all cams on same firmware and bricked them. Here is one of many threads where someone had their camera go into Chinese when they tried to update it.

Unless the release notes specifically mention it fixing a problem you are experiencing, more than likely it won't fix an issue and may make the camera worse by removing functionality or worse brick it.

Here are issues I have seen people report here where they were upgrading just for the sake of upgrading:

• Dahua 5241E-Z12E that someone updated and then constantly reboots.
• Axis Q1786 that lost the ability to see the percentage of focus and zoom in theGUI.
• Dahua 49225 and 49425 PTZ that Dahua intentionally removed autotracking with an update to force people to buy the more expensive PTZ.
• Hikvision DS-2DEA425IW-DW PTZ that Hikvision intentionally removed autotracking with an update to force people to buy the more expensive PTZ (*V5.7.3 220315 -Remove auto-tracking functions on DE4A).
• Hikvision ANPR camera losing half the FPS and loses the ability to read US plates - those are big deals to have happen, especially if you live in the USA.
• Hikvision ANPR DS-2CD4A26FWD camera that lost all ability to read plates - kinda makes a plate reader camera useless.
• Hikvision camera that the user lost ability to control the LED light function at night.
• Hikvision DS-7616NI-Q2 NVR that has the APIs changed. This is a big deal if you run automation.
• Hikvision DS-7616NI-K2 NVR that loses basic functionality when updated.
• Hikvision wifi camera that loses the ability to use wifi after a firmware update and was intentionally removed due to too many complaints that the camera was dropping signal.
• DH-DB61 Doorbell that loses API functionality. A big deal for someone with automation.
• DS-2CD2387G2-LU that loses API functionality. A big deal for someone with automation.
• Hikvision iVM4200 v3.8 - loses the free ability to use the computer as storage and now need to subscribe.
• Dahua IPC-HFW1320S that started phoning home using 60MB/hr and costing someone thousands of dollars in data overages when he got his next mobile bill.
• Dahua 5442 that will not allow playback of the SD card.
• Dahua NVR58XX-4KS2 that had custom protocol (ability to add a camera via RTSP) removed possibly to force people to purchase same brand cameras.
• SmartPSS that intentionally removed the ability to use the Intercom for those with VTO devices after firmware version 2.02.08
• Countless other instances where the camera or NVR simply bricked and became useless.
• Countless examples where the camera or NVR went into Chinese.
• Manufacturers are now preventing their equipment to be updated with an older working firmware after it was updated to a more recent firmware.

Don't do it unless it is fixing a problem you are experiencing or adds a feature you really need.

Hikvision (and Dahua) don't sell to us homeowners directly, so unless you are 1000% sure that you have a legit unit that hasn't been hacked into English, it is always a gamble.

Best advice if you want to update is to get it from the seller.

Many units being sold are Chinese hacked units into English that will either brick or go into Chinese upon updating. Some vendors will be upfront and tell consumers that as part of their website, but many do not or the consumer forgets...here is one such example....

So just because the camera is saying an update is available doesn't necessarily mean it is indeed the right firmware for the camera.


Regarding access to the device remotely, that comes down to your level of risk and acceptance.

The only way to completely prevent hacking is to not allow the device to connect to anything and truly be a CCTV system.

But that is unrealistic to most.

Most here will agree that port forwarding directly to the camera is the least safe. Although the great internet has many articles that state it is OK lol like whatismyipaddress.com that states:

"Port forwarding is an excellent way to preserve public IP addresses. It can protect servers and clients from unwanted access, "hide" the services and servers available on a network, and limit access to and from a network. Port forwarding is transparent to the end user and adds an extra layer of security to networks. In short, port forwarding is used to keep unwanted traffic off networks. It allows network administrators to use one IP address for all external communications on the Internet while dedicating multiple servers with different IPs and ports to the task internally. Port forwarding is useful for home network users who may wish to run a Web server or gaming server on one network."

Next are the other options. There is a debate as to if P2P (what Hik-Connect uses) or OpenVPN or something like ZeroTier is the next safer option.

Arguments are made both ways.

P2P you are relying on the camera manufacturer's servers to not be hacked. You have zero control over those. Dahua has recently been shutting down the older P2P servers that were more easily hacked.

Same with ZeroTier or Wireguard or Tailscale and the like. You are relying on someone else's servers to make that connection. Anytime you are relying on someone else, it can be hacked.

OpenVPN is hosted locally, either native to the router or installed on a computer.

In theory you have the most control over this since it is all in your house.

But it relies on opensource coding that can be hacked as well.

You are relying on your computer and router to be up to date and not allow bad actors in. And sadly, like NVRs and cameras, routers are not routinely updated either. But that is the same regardless of the solution you are using.

Or just say F it and use port forward and scanning QR codes blindly like most of society. At the end of the day, most don't get hacked. It just sucks if you are one of them that do.

At a bare minimum, set up a crazy strong password. Consider not using admin for the username - make a new username. Put the camera on a guest network so at the very least it doesn't exploit your entire network and connected devices, etc.