Hacking Hikvision IP Camera - Password

IP camera utilizes network for video streaming and broadcasting, it's exposed to the possibility of hacking. Since the hacking scandal in domestic market, Hikvision pays great attention to the protection of video surveillance system from hacking. The company recently released latest firmware version 5.3.0 to all IP network cameras. This implementation measure can make IP cameras potentially less vulnerable.

After upgrading to the latest firmware, Hikvision system now requires the user to change the default password to start. Without password modification, user can not get access to the camera, also can not connect it to the video surveillance system. Perhaps this measure is not too much increases the reliability of protection, but on the other side, this scale is simple.

The password also has some requirements, it must contain eight characters and at least two of the four types of characters - uppercase letter, lowercase, numbers, special characters. This password allows Hikvision, but are still considered weak. A strong password must be one which contains a combination of three types of characters. Security installer, integrators, end-users often have a negative attitude to a strong password. Typically they use simple password which is easy to remember. However, using a strong password is the vital step to protect your video surveillance equipment from hacking. 

Many video surveillance systems don't have any protection algorithm for attempting login. The system will block the access to the users when entered the wrong password several times. Hikvision developed a lock system, such lock system is another innovation in firmware version 5.3.0. When access to camera settings appeared blocked, the user must wait 30 minutes before trying to log in again, or use another IP-address. Administrator at the same time can be notified via e-mail with login attempt notification.

The firmware version 5.3.0 of Hikvision will also remove support for the Telnet, since it is often successfully hacked by hackers - due to the fact that Telnet does not use encryption, and the port is often opened by default. But Hikvision IP camera retained the support of protocol SSH, which is still used - it is used with encryption and public key infrastructure, and it is less vulnerable to attack.

Hikvision - not the first manufacturer of IP cameras, which introduces such tightening security measures. Samsung requires user to make a new password that meets the even more stringent requirements than Hikvision.

Axis also forces the user to start a password, but leaves it to simply use the word pass. Dahua have no password requirements, and it is possible to enter the word admin, but why there is a mechanism for notifying the administrator of the e-mail repeated incorrect password is entered. However, in this case, access is blocked and the user can continue their attempts.