Hacked Hikvision Camera

R

Rick Simonton

Young grasshopper
Jan 1, 2019
77
10
San Fernando Valley
Hello All!
My camera Hikvision DS-2cd2632f-is was hacked. It is a gray market camera that has a 3rd party firmware.
Not up gradable with Hik firmware I belief.
The iris was stopped down, and the name was changed, along with the passwords.
The camera was still functioning but was extremely dark.
It was suggested that the installer used port forwarding for remote viewing on an iphone, making it vulnerable.
A few weeks later my router quit so I replaced it. The camera has been offline since.
The camera does not show up at all with the SADP tool, but I am able to see the camera data with iVMS 4200.
Using 1111AAAA for the password in the IVMS4200 app, I was able to change the IP address to one within the range of my router. So I now can get to the camera login page. (THANK YOU Alastairstevenson!).
I tried using 1111AAAA at the login page for both UN and PW but that did not work.
Any suggestions would be very appreciated!

Thanks in Advance
Rick
 
Rick Simonton said:
I tried using 1111AAAA at the login page for both UN and PW but that did not work.
Click to expand...
The password is case sensitive.
A common password on a hacked camera is 1111aaaa
Also now asdf1234

Rick Simonton said:
My camera Hikvision DS-2cd2632f-is was hacked. It is a gray market camera that has a 3rd party firmware.
Not up gradable with Hik firmware I belief.
Click to expand...
As an R0 series camera, it can be converted to English and updatable by using the 'Enhanced MTD hack' of the brickfixV2 method here :
Unbrick and fully upgrade your R0 / DS-2CD2x32 IP cameras -
R0 / DS-2CD2x32 BrickfixV2 brick recovery and full upgrade tool - enhanced.
 
I suggest following this advice: How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk
In a nutshell, disable any port forwards, disable UPnP, and set up a VPN server for remote access. Since the camera has already been hacked it would also be wise to prevent it from accessing the internet directly, in case the hack has also installed something persistent (which, granted, is unlikely due to the much greater difficulty of that).
 
  • Like
Reactions: alastairstevenson
bp2008 said:
I suggest following this advice: How to Secure Your Network (Don't Get Hacked!) | IP Cam Talk
In a nutshell, disable any port forwards, disable UPnP, and set up a VPN server for remote access. Since the camera has already been hacked it would also be wise to prevent it from accessing the internet directly, in case the hack has also installed something persistent (which, granted, is unlikely due to the much greater difficulty of that).
Click to expand...

I'm on it! thanks
 
In the router - the location is going to vary with the specific model, so I can't give you a screenshot to show how to disable that.
When UPnP is enabled in the router, it has been configured to be at the command of any device on the LAN, such as a camera, that requests that it opens up inbound access from the internet to specific internal destinations.

In the cameras - the location varies a bit with the firmware version, but here are a couple of examples of the location :

upload_2019-1-8_20-45-51.png

upload_2019-1-8_20-47-13.png
 
alastairstevenson said:
In the router - the location is going to vary with the specific model, so I can't give you a screenshot to show how to disable that.
When UPnP is enabled in the router, it has been configured to be at the command of any device on the LAN, such as a camera, that requests that it opens up inbound access from the internet to specific internal destinations.

In the cameras - the location varies a bit with the firmware version, but here are a couple of examples of the location :
Click to expand...

Thank You AlastairStevensen that helped a ton!
I turned off UPnP from all three cameras and my router. The akamai whitepaper does not list my router (ASUS RT-AC8600U) as vulnerable but I turned it off just the same.
 
You must log in or register to reply here.
Top Bottom