A security flaw has been uncovered in the surveillance cameras of Hikvision, one of the industry’s most popular providers. By simply gaining access to some standard internet ports, hackers can remotely hijack Hikvision cameras – no password or username required.
According to cybersecurity analyst Lee Matthews at Forbes:
The attack can be executed via HTTP (port 80) or HTTPS (port 443). Once a camera has been compromised, the attacker can use it as a starting point to explore the rest of a victim’s network. Past attacks on connected cameras have also sought to enlist the devices into botnet armies capable of launching massive DDoS (distributed denial of service) attacks or spam campaigns.
This vulnerability is about as serious as they come, rated 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS).
White hat hacker to the rescue
The vulnerability was detected by Watchfull_IP, a white hat hacker. According to Hikvision, dozens of models from the past 5 years were affected. The vulnerability is particularly concerning considering that Hikvision products comprise 40 percent of the global security camera market. Additionally, many security camera providers rebrand Hikvision products as their own – which means the full extent of impacted cameras may be greater than currently estimated.
Fortunately, Hikvision stepped up to address the problem shortly after they were made aware of it, working with Watchfull_IP to develop a patch and release updated firmware to fix the flaw within two months.
Protect your devices
If you have Hikvision security cameras, what should you do to protect yourself? Lee Matthews relates:
Hikvision has rolled out firmware updates for affected devices on its global portal. It’s also a good idea to block outside access to port 80 and 443 on your network even if you’ve applied the new firmware. If remote access to camera feeds is required, it should always be done via a VPN.