If you want to learn how to hack Hikvision camera, just read this blog post. By learning how this process works, you can better protect yourself.
But remember that the idea behind this article is to warn you about the need to always upgrade your cameras and devices connected to the Internet.
DISCLAIMER: This article intent is to help people to better protect the devices connected to the Internet. Please don't hack CCTV camera or devices that don't belong to you. The Hikvision backdoor exploit tool can be used to test vulnerabilities on your IP cameras, so you can correct them by firmware upgrade. I'm not responsible for any of your acts. You've been warned.
Now that you've been warned it's time to learn about the Hikvision exploit tool that allows you to hack an IP camera very easily.
What is the Hikvision backdoor exploit tool?
It's a tool developed to exploit a vulnerability on Hikvision IP cameras.
This tool can be used to check if the IP camera is using an old firmware that allows a hacker to change the device credentials (username and password) and have access to the camera as an administrator.
You can find this tool with the name "Hikvision Password Reset"
To use this tool you just need to know the IP address and port that the camera is using. This information is basic and easy to find.
The Hikvision backdoor
A security flaw was discovered in Hikvision IP cameras in 2017.
This backdoor allows direct access to the camera as an administrator by sending specific commands to the device that is connected to the network.
It's not necessary to have the username and password to get access to the camera because it's possible to list the information available in the device and change it, meaning, you can set a new username and password.
The picture below shows how the Hikvision backdoor is exploited.
This backdoor problem was corrected by Hikvision and is no longer available on cameras that have the firmware (internal camera software) updated.
But the cameras that are using old firmware version are at risk!
How to use the Hikvision backdoor exploit
The Hikvision backdoor exploit tool is very simple to use.
Just follow the steps below to use it:
1. Type the camera IP and port
2. Click "get user list"
3. Select the user to change the password
4. Type a new password and click the button
After following these steps, you just need to type the camera IP and port on a Web Browser and login by using the credential you just created.
After using the backdoor exploit tool to create change the admin password you can just use the credentials to login in the camera via Web Browser.
Firmware versions that have the backdoor
There are specific firmware versions that have this backdoor, see the list:
V5.2.0 build 140721
V5.2.0 build 141016
V5.3.0 build 150513
V5.3.6 build 151105
V5.3.8 build 151224
V5.3.5 build 161112
V5.4.0 build 160401
V5.4.0 build 160520
V5.4.1 build 160525
V5.4.0 build 160530
V5.4.3 build 160705
V5.4.3 build 160808
V5.4.4 build 161125
V5.3.9 build 170109
New Hikvision cameras and the ones that have the new firmware don't have this backdoor problem. So make sure you upgrade your IP cameras.
Other problems with Hikvision cameras
Some Hikvision cameras also have a security flaw that allows people to send a command and take a camera screenshot.
Just type the following command in the web browser, using the camera IP.
<camera IP>:<camera port> onvif-http/snapshot?auth=YWRtaW46MTEK
As you can see in the camera just sends you a picture !
The camera also can show all the information about model, serial number, etc
Just enter the following command to get a response from the camera
<camera IP>:<camera port> System/deviceInfo?auth=YWRtaW46MTEK
Just replace the <IP camera> with the camera IP address and the <camera port> with the IP camera port and the camera will send the information:
<DeviceInfo xmlns="http://www.hikvision.com/ver10/XMLSchema" version="1.0">
As you can see this information is very critical because a hacker can exploit more vulnerabilities in the camera.
After upgrading your IP camera just make sure it doesn't have this problem,
How to hack Hikvision DVRs
Hikvision manufactures IP cameras and DVRs (Digital Video Recorders) that can also be targeted by hackers when they are connected to the Internet.
Old Hikvision DVRs used to have a default username and password and that is a huge problem because people just need to try to login into the DVR by using the credentials admin/12345.
The method is very simple, just find a Hikvision DVR that is online on the Internet and try this username and password combination.
If people using this DVR didn't change the default password you can get in.
How to find a Hikvision DVR on the Internet
OK, now you know that old DVRs (using old firmware) allow people to keep the default password, but the question is how to find a Hikvision DVR on the Internet?
The answer is simple, you just need to use an IP scanner.
An IP scanner can search for devices that are connected to the Internet
Download the IP Scanner
Click the link below to download the Angry IP Scanner software
The Angry IP Scanner is Free, you just need to download, install and change some simple configuration to allow the software to find the DVRs on the Internet. This process is very simple and anybody can do it.
Configure the software Angry IP Scanner
The picture below shows the Angry IP Scanner software that allows scanning for devices on the Internet. You just need to enter the correct information.
In this example the software will scan the IP range and return the information for Hikvision DVRs. See in the right side of the screen that information that shows the name "DNVRS-webs" and "DVRDVS-Webs"
This Web detect information is for Hikvision DVRs, now all you have to do is open the device in a Web Browser and try the admin/12345 combination.
To make sure the software will look for the DVRs just open the preference window to enter the ports 80,23,8080,8081 and 8082 that are the most common used by DVR installers. (see the picture below).
You also need to make sure the fetcher "Web detect" is available in the list.
Open the configuration menu and look for the fetchers
Understanding how the process works
Now that you have the step-by-step on how to find a DVR on the Internet and test the credentials combination to login, it's important to understand a little bit more about how the process works. Take a look at the picture below:
As you can see, the laptop on the left is running the Angry IP scanner software that is configured with an IP range to search on the Internet.
Let's say for example that this IP range is from your Internet cable provider, that it will scan for the people that use the same network as you such as Comcast, Verizon, or any other network you are connected to.
Could be also an IP range for an entire country, you just need to input the first and last IP in the software and it will search for that range.
On the right side of the picture there's the router that will return the information about the DVR and show if it's a DNVRS-webs" or "DVRDVS-Webs" as you previously saw.
The software will search for different devices connected on the Internet.
Was the backdoor intentionally created?
There is a discussion around the subject, some people believe that the backdoor to access to the cameras was intentionally created, Hikvision however states that it was only a test code that was on camera and was accidentally forgotten by the programmers.
How Hikvision is handling these problems?
Hikvision is a big security camera manufacturer located in China and has the responsibility to deal with this kind of problems.
Since the security problems were reported the company took action to solve the problem by developing a new firmware for the cameras.
The truth is that the company acknowledge the security flaws and that makes its products a lie more reliable beside the fact that a backdoor was available in some camera models with specific firmware.
Is safe to use Hikvision cameras?
There's no device that is connected to a network and can be considered 100% safe. The risk is always there, no matter the device brand.
Historically, Hikvision has presented more security flaws compared to other camera manufacturer but there's always a firmware to correct the problem.
So, if you have a Hikvision device just keep it updated and take extra measures to protect your network from hackers to minimize the risks.
Hikvsion is a well-known camera manufacturer that sells thousands if cameras around the world and that makes the company a target for hackers.
There are a lot of other non-branded Chinese cameras that have security flaws but due to the fact that they are small companies they are not in evidence and don't drive attention to their devices.
Make sure you test your cameras to see if they have some security flaws.
Share this article with friends, so they can also test they IP camera.
Want to learn more ?
If you want to become a professional CCTV installer or designer, take a look at the material available in the blog. Just click the links below:
Please share this information with your friends...
Claudemir Martins is a former Samsung Engineer with 15+ experience in the surveillance industry. He has been traveling around 17 different countries to teach people how to design, and install CCTV systems.