Hikvision updates the Products Firmware with Security Enhancements
March 9, 2015 - Hikvision announces to release the updated version of products firmware gradually in March 2015. With this update, alerts are added to request users to change default password. The update will include the following security enhancements in the IPC version 5.3.0 and DVR/NVR version 3.2.0:
·If the default password is not changed, a change the password prompt dialogue will show up when the user attempts to log in.
·IPC/DVR/NVR will lock the current login IP address after a certain incorrect login attempt.
·Telnet access is no longer available.
·For IPC, when the user resets the password, a password strength prompt (high, middle, low) will show in the web browser.
Since March 2014, Hikvision has continuously notified customers to change default password, and has taken the following steps to strengthen the security of the products. End-users may always visit the Security Center on our website for further information and updates.
Notifications to End-Users, OEMs, Installers and System Integrators
1. On December 5th, 2014, Hikvision began to include a warning notice in each product package in order to alert end users to change the default password during installation.
2. In September 2014, Hikvision posted a notice about changing the default password in the DDNS.
3. In March 2014, Hikvision added a notice to the company website about changing the default password. It also edited its user manuals by adding a notice to change the default password.
4. In March 2014, Hikvision created the Security Center in its website. This center includes best practices for end users; information for OEM customers, installers, contractors and system integrators; and allows security researchers to disclose potential security vulnerabilities to Hikvision.
Historical Updates of Products Firmware:
1. IPC updates
a) On July 2014, Hikvision released IPC versions 5.2.0, which included the following additional safety measures:
· No plain text is shown when creating a new user account or to change the password, and the username and password cannot be reproduced or copied.
b) On December2013, Hikvision released IPC version 5.1.0, which included the following additional safety measures:
· Encrypting login information and all transmitted data.
· Telnet is disabled by default.
2. DVR/NVR updates
Security features for DVR/NVR devices operated under a number of platforms have also been upgraded as follows:
a) The following are updates on DS-7100/7200/7300/8100 series DVR:
· Version3.0.0 released in February 2014, telnet access was disabled by default. (For DS-7100 series DVR, the firmware version is 2.2.13.)
· Version3.1.3 released in December 2014, there is a prompt dialog box for changing the password if the default password is not changed; while login the DVR on local menu, the login account will be locked for some time after several incorrect login attempts. (For DS-7100 series DVR, this firmware version is 2.2.15.)
b) The following are updates on Netra DS-9100/9000/9500/9600/8000/8100/8500/8600/7600/7700 series DVR/NVR:
· Version3.1.0 released in January 2014, telnet access was disabled by default.
Hikvision is dedicated to providing top quality video surveillance products and solutions to customers worldwide. We appreciate continued support from our valued customers and partners.
HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO., LTD.