• Hi Guest, Please subscribe to our YouTube channel for fresh new videos each week.

HikVision Firmware updates - backdoor exploit fully disclosed

Phil

Administrator
Staff member
Messages
1,426
Likes
110
Points
63
Thread starter #1
It is very important to keep your camera and/or NVR firmware up-to-date.
The below link leads to a recent full disclosure of a weakness found in the firmware of HikVision devices.
The weakness was shared with HikVision back in March 2017.
HikVision released new firmware to resolve the issue.
Now, the weakness has been publicly fully disclosed:
"The vulnerability poses a severe risk. Because the vulnerability is trivial to exploit"

You must keep your firmware up-to-date to ensure maximum security against hacking etc.

Please check HikVision's European Download portal for the latest firmware version for your devices:
DOWNLOAD PORTAL


Full disclosure here:
Full Disclosure: Access control bypass in Hikvision IP Cameras

Credit to IPVM for their report & explanation:
Hikvision Backdoor Exploit
NB - this link is to subscription/membership site - Home page here for general info - IPVM Video Surveillance Information
 

morph

New Member
Messages
12
Likes
1
Points
3
#2
Thank you for this - Can you clarify something. I have 3 sets of Hikvision cameras "DS-2CD2032-I" (taken from the Model field in config). The current firmware I have is "V5.4.0 build 160530"

If I look at their download portal I can't see any more recent firmware that would fix this problem. Your site has this 5.4.0 version as well, so ... is there no update for this model of camera to remove the exploit?

Thanks
Mike
 

Phil

Administrator
Staff member
Messages
1,426
Likes
110
Points
63
Thread starter #3
Hi Mike,
The 2032 cameras are in the R0 family - the latest firmware is here (V5.4.5):
DOWNLOAD PORTAL

NB to all - we don't update our resources (their firmware downloads) here at the Forum any longer.
It pre-dates their open/public HikVision Europe download portal, which makes it a lot easier to check & get the latest firmware than it used to be previously (when you had to find and download slowly from their main website in China).
 

Phil

Administrator
Staff member
Messages
1,426
Likes
110
Points
63
Thread starter #4
Last night I received my first credible confirmation of customer's HikVision IP cameras being hacked at site.
Their cameras became unresponsive, and they had to visit each camera (multiple physical sites) to regain control and resolve the issue.

The likelihood of your HikVision camera being hacked has been greatly increased by the public declaration of the issue and how it can be used.

HikVision have made the following Press Release:

Hikvision Security Advisory
Reminder to apply known vulnerability patch

Early in March, Hikvision was made aware of a vulnerability in certain IP cameras. We released a firmware update that resolves the issue. Please see the following release for detailed information on which cameras are affected and the links to the firmware update for each.

Recently, there has been a wave of cyberattacks. Updating all systems is an effective way to prevent your equipment from being vulnerable to cyberattacks. We have provided the solution and we urge all our partners and users to ensure that the firmware update is being applied to all the products. Thereby you can be sure that you are not affected.

Hikvision Europe Press Release - Security Advisory

Hikvision Europe - vulnerability declaration (March 2017)


PLEASE UPDATE YOUR HIKVISION CAMERAS & NVRs TO THE LATEST FIRMWARE VERSION
DOWNLOAD PORTAL
 
Last edited:

Phil

Administrator
Staff member
Messages
1,426
Likes
110
Points
63
Thread starter #5
Our customer has kindly allowed me permission to share his words with you:

This weekend, we saw several of our cameras, which are dotted around the country and port-forwarded to the Internet, suddenly become unresponsive, so we went looking for an explanation. As you have probably guessed, that turned out to be the major security flaw in the firmware of just about every camera we have. The affected cameras had basically done a factory reset and in doing so, isolated themselves from the Internet.


Gradually, we've wrestled back control, one by one, often after travelling to the site to access the camera locally. This has cost us significantly in terms of time and travelling expense and consequently knocked our confidence in Hikvision.

If you won't take my word for it, please heed theirs.
The problem is real.
HikVision hardware is being hacked.
Please update to the latest available firmware version before you experience problems / incur additional costs / suffer reputation damage.
Even if you have updated your camera's firmware recently - please note that I have this evening (28th September) spotted a new V5.50 firmware version for HikVision's two most recent families of cameras.
HikVision V5.50 firmware for their most recent IP cameras
 

Rob84

New Member
Messages
1
Likes
0
Points
1
#8
Hi, if the camera is only accessible from the internet via RSTP 554, is it still exploitable?

I'm assuming cameras on local networks, with no inbound access / port forwarding (upnp off) are secure from this exploit.
 

Phil

Administrator
Staff member
Messages
1,426
Likes
110
Points
63
Thread starter #9
Hi Rob, I'm afraid I can't really give advice specific to individual use cases and configurations - I have to advise you and all customers to update your cameras to the latest firmware version (in which HikVision will have secured against all known/reported vulnerabilities to this date), sorry.
Please bear in mind that this exploit was reported and dealt with in March 2017 - it has only recently been fully publicly disclosed. Other more recent vulnerabilities are likely to have also been dealt with since.
 

Ayhan

New Member
Messages
14
Likes
1
Points
3
#12
Is there a new firmware for my NVR >> DS-7608NI-K28P ?
Cant see this NVR in the Download Portal.

I'm currently running > V3.4.92 build 170228

Thanks
 
Messages
1
Likes
0
Points
1
#15
help i am also been hacked all camera appaear HaCKED . my device is DS-7216HWI-SH.
what is the firmware . i can i update with the name hacked?