Defense Against NVR/DVR Scripted Application
March 2nd, 2017
Hikvision has determined that there is a scripted application specifically targeting Hikvision NVRs and DVRs that meet the following conditions: they have not been updated to the latest firmware; they are set to the default port, default user name, and default password.
Hikvision has required secure activation since May of 2015, making it impossible for our integrator partners to install equipment with default settings. However, it was possible, before that date, for integrators to install NVRs and DVRs with default settings.
Hikvision strongly recommends that our dealer base review the security levels of equipment installed prior to June 2015 to ensure the use of complex passwords and upgraded firmware to best protect their customers.
Below are firmware and password guidelines and specific steps to take to secure a system:
Password and Firmware Overview
Leaving factory-default, poorly chosen, or weak passwords in your camera or video recorder may result in unauthorized access or exploitation of your company resources.
Change every password in every device occasionally. Old passwords can carry additional risk.
Ensure all systems have the latest firmware.
All users, including contractors and vendors with access to your company systems, should take appropriate steps to select and secure their passwords and update your firmware on your system.
Password and Firmware Steps
1. Make sure to have your device behind a firewall.
Make sure that your firewall is updated with the latest firmware and that the default password is changed on your router.
If you want to have your device work with a Hikvision or third-party online services, make sure to setup port-forwarding on your firewall.
2. Check if your system has the latest firmware. Here is a link to check if your product needs to be upgraded to the latest firmware.
DVR and NVR (How to) Upgrading the Firmware of the Hikvision DVR and NVR
Camera (How to) Upgrading the Firmware of the Hikvision IP Camera
3. After updating firmware, ensure that you have restarted your device.
4. Once the device is restarted, it will ask you to give a more secure password.
Go through the process to secure your devices.
5. Now that you have updated your device please make sure to change your password every 90 day.
Additional Information and Resources
Technical Bulletin: New Secure Activation Process for NVRs, May 28, 2015
Technical Bulletin: New Secure Activation Process for IP Cameras, May 28, 2015
Please visit the Security Center on our website for additional information and updates. Should you require additional support, please do not hesitate to contact our technical support team at 909-612-9039 or at firstname.lastname@example.org.
Team Hikvision North America