HikVision Firmware updates - backdoor exploit fully disclosed

[Phil]

It is very important to keep your camera and/or NVR firmware up-to-date.
The below link leads to a recent full disclosure of a weakness found in the firmware of HikVision devices.
The weakness was shared with HikVision back in March 2017.
HikVision released new firmware to resolve the issue.
Now, the weakness has been publicly fully disclosed:
"The vulnerability poses a severe risk. Because the vulnerability is trivial to exploit"

You must keep your firmware up-to-date to ensure maximum security against hacking etc.

Please check HikVision's European Download portal for the latest firmware version for your devices:
DOWNLOAD PORTAL


Full disclosure here:
Full Disclosure: Access control bypass in Hikvision IP Cameras

Credit to IPVM for their report & explanation:
Hikvision Backdoor Exploit
NB - this link is to subscription/membership site - Home page here for general info - IPVM Video Surveillance Information

 

[morph]

Thank you for this - Can you clarify something. I have 3 sets of Hikvision cameras "DS-2CD2032-I" (taken from the Model field in config). The current firmware I have is "V5.4.0 build 160530"

If I look at their download portal I can't see any more recent firmware that would fix this problem. Your site has this 5.4.0 version as well, so ... is there no update for this model of camera to remove the exploit?

Thanks
Mike

 

[Phil]

Hi Mike,
The 2032 cameras are in the R0 family - the latest firmware is here (V5.4.5):
DOWNLOAD PORTAL

NB to all - we don't update our resources (their firmware downloads) here at the Forum any longer.
It pre-dates their open/public HikVision Europe download portal, which makes it a lot easier to check & get the latest firmware than it used to be previously (when you had to find and download slowly from their main website in China).

 

[Phil]

Last night I received my first credible confirmation of customer's HikVision IP cameras being hacked at site.
Their cameras became unresponsive, and they had to visit each camera (multiple physical sites) to regain control and resolve the issue.

The likelihood of your HikVision camera being hacked has been greatly increased by the public declaration of the issue and how it can be used.

HikVision have made the following Press Release:

Hikvision Security Advisory
Reminder to apply known vulnerability patch

Early in March, Hikvision was made aware of a vulnerability in certain IP cameras. We released a firmware update that resolves the issue. Please see the following release for detailed information on which cameras are affected and the links to the firmware update for each.

Recently, there has been a wave of cyberattacks. Updating all systems is an effective way to prevent your equipment from being vulnerable to cyberattacks. We have provided the solution and we urge all our partners and users to ensure that the firmware update is being applied to all the products. Thereby you can be sure that you are not affected.

Hikvision Europe Press Release - Security Advisory

Hikvision Europe - vulnerability declaration (March 2017)


PLEASE UPDATE YOUR HIKVISION CAMERAS & NVRs TO THE LATEST FIRMWARE VERSION
DOWNLOAD PORTAL

 

[Phil]

Our customer has kindly allowed me permission to share his words with you:

This weekend, we saw several of our cameras, which are dotted around the country and port-forwarded to the Internet, suddenly become unresponsive, so we went looking for an explanation. As you have probably guessed, that turned out to be the major security flaw in the firmware of just about every camera we have. The affected cameras had basically done a factory reset and in doing so, isolated themselves from the Internet.


Gradually, we've wrestled back control, one by one, often after travelling to the site to access the camera locally. This has cost us significantly in terms of time and travelling expense and consequently knocked our confidence in Hikvision.​

If you won't take my word for it, please heed theirs.
The problem is real.
HikVision hardware is being hacked.
Please update to the latest available firmware version before you experience problems / incur additional costs / suffer reputation damage.
Even if you have updated your camera's firmware recently - please note that I have this evening (28th September) spotted a new V5.50 firmware version for HikVision's two most recent families of cameras.
HikVision V5.50 firmware for their most recent IP cameras

 

[John Benson]

Many thanks guy.

Can you tell me what the DS-2CD2342WD-I would come under please?

 

[Phil]

R6 Series:
DOWNLOAD PORTAL

 

[Rob84]

Hi, if the camera is only accessible from the internet via RSTP 554, is it still exploitable?

I'm assuming cameras on local networks, with no inbound access / port forwarding (upnp off) are secure from this exploit.

 

[Phil]

Hi Rob, I'm afraid I can't really give advice specific to individual use cases and configurations - I have to advise you and all customers to update your cameras to the latest firmware version (in which HikVision will have secured against all known/reported vulnerabilities to this date), sorry.
Please bear in mind that this exploit was reported and dealt with in March 2017 - it has only recently been fully publicly disclosed. Other more recent vulnerabilities are likely to have also been dealt with since.

 

[RMR]

Hi please can you advise which update is right for DS-7608NI-SE/P

 

[Phil]

This page (V3.0.15):
DOWNLOAD PORTAL

 

[Ayhan]

Is there a new firmware for my NVR >> DS-7608NI-K28P ?
Cant see this NVR in the Download Portal.

I'm currently running > V3.4.92 build 170228

Thanks

 

[Phil]

Hi,
Firmware for your NVR is here:
DOWNLOAD PORTAL

The latest version is V3.4.96

 

[Ayhan]

Thanks Phil. You legend you.

 

[Manuel yau]

help i am also been hacked all camera appaear HaCKED . my device is DS-7216HWI-SH.
what is the firmware . i can i update with the name hacked?

 

[Phil]

The latest firmware for your DVR is here:
DOWNLOAD PORTAL

Basic update instructions are here:
https://forum.use-ip.co.uk/threads/how-to-update-hikvision-firmware-in-just-nine-simple-steps.1323/

 

[lwiggy]

Hi, I have a DS-7208HVI-SH and can´t find firmware for this model.

Any help is greatly appreciated.

 

[Phil]

Hi, I have a DS-7208HVI-SH and can´t find firmware for this model.

Are you sure it's HVI and not HWI?
DOWNLOAD PORTAL

 

[lwiggy]

Are you sure it's HVI and not HWI?
DOWNLOAD PORTAL

Actualy I suppose its a HVI, because its a "EPCOM by Hikvision" local distribution brand/label with model EV1008HD which has a DS-80102 board, which leads me to model DS-7208HVI-SH.

Am I wrong?