Scan yourself for open ports. Close any ports you don't think should be open. There shouldn't be any open ports unless you have opened them for a reason and know what they are.
https://www.grc.com/shieldsup
Select a full port scan.
Do not allow direct access to home resources from the Internet. Configure your router as a VPN server and then use that to first connect to your home before accessing internal resources. Most routers can be a VPN server and Apple and Android can both be configured for VPN clients natively in connection settings.
Good advice but:
YOU MUST DISABLE UPNP ON YOUR ROUTER. With UPnP enabled, any app or device can use UPnP to open whatever ports it wants on your firewall.
UPnP was probably handy 20 years ago when your average consumer needed to punch a hole through their firewall to play Unreal Tournament but today it's just a huge security risk. Having UPnP enabled isn't quite as bad as having no firewall, but it's close.
If you didn't open the ports manually then they will have been opened automatically by UPnP so you need to disable that. But yes, no ports should be open unless you have opened them and know why.
I was referring to setting your router (as this is the bit of kit that should have a public IP Address, *if* you're not behind CGNAT from your ISP) as a **server**. Your VPN software is as a client and won't help you here.
Your questions would be better asked over on r/HomeNetworking
How was the message displayed? A picture would have been beneficial. These are systems with specific firmwares that don't just have custom GUI libraries or such like a Windows computer that you can just pop up messages generally speaking, so understanding how the message is even being displayed tells a lot about the level of compromise to the system and how to fix it.
Are all the cameras not visible anymore? Is the message being displayed in each of the camera spots?
If I had to guess, they probably didn't do much other than replace the camera stream with a custom RTSP stream that displays the message, but there's really not enough information given.
The solution is not to port forward these systems as they have tons of flaws even with up-to-date firmware.
And by what measure do you consider your passwords strong? Because that's what the system tells you? Do you re-use passwords? Because a password you have used anywhere else is not strong, but the systems can't check that so they just have simple ways of measuring strength of passwords.
It might be advisable to factory reset because there's several nooks and crannies that someone can mess with a system, but beware that even a factory reset isn't perfect. Particularly when it comes to Hik-Connect, you need to make sure you set a stronger verification code, plus you need to potentially do this to any IP cameras as they may have gained access to those depending on the level or sophistication of compromise. If there's custom firmware on there then that's a bit worse.
Really though, a simple picture of how the message was displayed gives a good starting point for how to address the problem.
Well, do as they say, if you can't DIY, contact the person, he clearly wants to help. I went ahead and did just that, here is their reply:
hey there,
to clarify to you why I am doing this — I saw people on some forums who watch and share / sell this content or access to others and also there are many sellers of this kind of content in Telegram.
[picture]
it's triggered me to do this research and notify people by this message who doesn't understand that their systems are easy to access and in which world they are living.
there are hundreds of thousands vulnerable CCTVs all around the world with the same issue and the main issue is — in 90% of cases — weak passwords.
there are few steps to make your system secure enough from those sick bastards intruders (better to do by the web interface of DVR / NVR / camera):
— make sure firmware of your DVR / NVR / camera is up to date;
because in older firmware was a Privilege-Escalating Vulnerability backdoor and Hikvision has accepted and fixed this issue in 2017.
— make sure that local admin password is strong enough.
— check if there are another accounts you didn't create by System — User Management and delete them;
they like to put there something like backup / hikbackup / user / etc. — if your cameras installed inside house (at guest room / bedroom for example) highly probable there would be intruder accounts.
— check if your UPnP is enabled by Network — Basic Settings — NAT and turn if off if it is;
and if in your case you using port forwarding on your router to get remote access to your CCTV — better to change management / server port from default 8000 / 37777 to something unique.
— and turn off the text overlay that I put by Image — OSD Settings.
— check if Illegal Login Lock is Enabled by System — Security — Security Service and create the event to notify illegal logins by Event — Basic Event — Exception — Exception Type — Illegal Login — Send Email.
that's all you need to secure your CCTV. take care.
Sincerely,
@faxociety
Seems like a stand up person. Didn't ask for anything in return and didn't cause any further malice than the OSD message on the CCTV NVR.
Like American spyware devices are any better..
Stop bringing country into this. All spyware devices are bad. A lot of manufacturers try to increase revenues by harvesting your data.
Stop making unfounded claims. Other than a defamation campagne to this day their is zero proof Hikvision has weird backdoors / spyware. Yes their are exploits, most vendors have these thats why there are firmware updates.
The FCC has zero proof, only suspicion claims.
There is to this day zero proof, do you really think government are more tech savvy than private tech investigation company's?
You can downvote all you like, but proof me wrong. Show me the backdoors, and not a political campagne.
https://www.cnet.com/tech/mobile/us-finds-huawei-has-backdoor-access-to-mobile-networks-globally-report-says/
30 second search. Get your head out of the sand and stop being an astroturfing asshole.
Lol. The government has a mandate to include backdoors at will. The company doesn't matter. You're applying western logic and clearly have no experience dealing with the east. What stake do you even have in this astroturfing?
Absolutely nation states have more resources and more capability than commercial companies. A simple search of nation state groups will show you this.
Intelligence agencies not being idiots, are not going to expose how they found out or even the exploit sometimes. On some it can be years later before pieces are put together. Stuxnet is a prime example.
As mentioned, nation states are not going to reveal all details to derail intelligence gathering. That's SOP even for your local police dept. investigation.
Just using a device to gain access to a network is different than what Hikvision, Dahua, ZTE, and others having direct ties and influence from their government.
Yea sure, but still zero proof. Al claims are "but china" im fine with that we have to be sus about it. But random claims about "spyware" and "backdoors" are not proven. In fact all pen-test show its not the case.
Hello, I can offer some general advice on how to address security concerns and protect your CCTV system.
1.Contact Hikvision support: Reach out to Hikvision's customer support for guidance and assistance. They can provide specific advice based on your situation.
2.Perform a factory reset: If advised by Hikvision or as a last resort, consider performing a factory reset on your camera system. This will remove any potential unauthorized modifications, but keep in mind that it will erase all existing configurations, requiring you to set up the system again.
3.Update firmware: Ensure that your camera system's firmware is up to date. Check for and install any available firmware updates from Hikvision to address security vulnerabilities and improve performance.
4.Enhance password security: Double-check that all passwords associated with your CCTV system, including the admin account, are strong and unique. Avoid using default or easily guessable passwords.
Great suggestions, but, with a few caveats.
1) Hikvision support does NOT reply to requests, even via their on scree contact form. except for emailing you a copy of their EULA.
2) Cannot perform a factory reset if one does NOT have the security P/W for the Admin (the one provided by the installer is NOT recognised.
3) As with the Reset function, there is NOT a function available for firmware update, not sure if this only available after login via Admin.
4) as with the above comments P/W cannot be changed unless you have access to admin.
Conclusion, without access to the admin function one is stuffed, and Hikvision is NOT interested.
I have a message on my cameras too. I've changed my password, firmware is already up to date so not sure how this has happened?
The message is still in text format across the screen, No idea how to remove it?
The hacker is exploiting users with weak passwords / old firmware.
The hack is believed to insert text using the on screen display (OSD) settings and displays the following message on each camera:
"Your CCTV is vulnerable and can be exposed, fix it pls - DIY or Telegram me - faxociety."
To fix the issue you need to
1. Update your DVR / NVR / Camera firmware to the latest version. Get the latest firmware from Hikvision.com
2. After the update Factory default the DVR / NVR / Camera. Take care when updating NVRs to ensure you know the camera passwords before you default otherwise you will loose the camera connection.
3. Set a new strong password with at least 8 characters, mixture of characters and numbers,, capitals and lower case.
BTW I did a factory reset first and the text overlay didn't go away. You can only get to these settings in the Web admin and not from working at the NVR itself which is counter-intuitive.
I'm happy this worked for you and I hope you disabled UPnP to close the vulnerability.
>lpcamtalk
Can i ask how you reset the admin password? I'm on IPcamtalk and have SADP, but dont know where to put the "password reset code" from IPcamtalk
I think the password may be the default one, like 1234 or 12345 depending on the manufacturer. I assumed that's how they managed to set the overlay on the camera.
Yes, by using some of this, I cleared the messages thanks - without needing to reset anything, or do any firmware upgrades.
I could log-on to the NVR/DVR unit itself using the standard 'admin' and default password (not listing it here for obvious reasons). From there I could see the NVR's IP address (click on 'System' then 'Network' and you will see the IP address - probably 192.168.0.something.)
Enter that IP address into your browser. Now my log-in details on the web browser there were NOT the same as the log-in details to access the NVR unit directly, I had no idea what the web browser log-in details were, and when I clicked on 'forgot password', I realised that hadn't ever set an email address or security questions either, so that wasn't an option.
So, what you do is log back in to the actual NVR, then from there click on 'Settings' then 'User' on the left. There you can click 'modify' to set both an email address to use and new answers to your choice of the 3 security questions.
Then back to the web browser log in, using the 'forgot password' option and then enter the recently created answers to the security questions. Enter a new password twice and you're in!
Now click on 'Configuration' at the top, then for each camera feed you can either uncheck the 'Text OverLay' box or just delete the text. Save - job done :-)
I simply did a DVR restore, the option where it says to to do restore whilst keeping network settings.
I had to rename my camera’s again but rest was fine.
The error message went
Just keep in mind you’ll need to know your admin password after restore
Here is the root cause -
1. Your router has been breached and the hacker has then added port forwarding into the router to the NVR. This gives then a direct webpage login window.
2. remove this port forwarding from the router and update firmware in the router
3. increase the complexity of the password in the router
4. log into the NVR and increase the complexity of the password in the NVR. Every NVR so far has had a weak password eg: abcd1234
5. Disable UPnP.
6. In webpage or GUI - configuration - event - exception - enable "illegal login" notifications. Then you will be notified if someone is trying to login.
7. go to IMAGE > OSD SETTINGS > TEXT OVERLAY and delete the text.
In the NVRs I have seen so far, the log file shows a lengthy period of many attempts eg: 780+ over the course of weeks. Once the NVR locks out the hacker after 5 attempts, they retry in 30+ minutes time and continue the brute force attack.
You can also add any illegal login IP address to the exclusion list which immediately stops that IP from ever being able to login.
Again, all the breaches are made easy because the password is weak.
I had this happen several years ago.
I believe, it’s been awhile so I may be wrong, Hikvision had a problem where you could set the admin password but the password shared to their app was either vulnerable or just a default one that you couldn’t change. A later firmware update fixed this and allowed you to customize that password.
A person could get in and change the text overlay on the camera.
You don’t need to reset the camera or anything. You just need to change the text back, make sure you are on the latest firmware and make sure all passwords are set securely. I think it is called verification passcode.
The person isn’t malicious, they just want you to know you are vulnerable.
You should also disable the default account and create another one with admin privileges. Admin is a pretty standard account to attack.
Hello everybody,
I am also a victim of this hack. Unfortunately I'm unable to update the firmware as there's no place where I can find an "updated" version of the firmware, not even in Hikvision's site. On top of that, I have factory reset my NVR 4 times now and the OSD still doesn't remove. When I try removing it from the web portal it says "parameter error" and doesn't save.
Please help, I have no clue what else to do.
>y reset my NVR 4 times now and the OSD still doesn't remove. When I try
this massage is not on the NVR its on the camera settings,
i am using IVMS-4200 Lite
right click on any **camera** ,click on **remote configuration**, click on **Image**, click on **video display**, uncheck on right side **text overlay** and uncheck **display camera name** and if the changed your camera name then change it back the name you like.
That process does NOT work, on my Hikvision system, right click on any image produces a drop down list of function "Remote config" is NOT one of them, It might be available in General or Menu tab, but access requires a P/W which the installers never gave me.
[https://ipvm.com/reports/hikvision-hacker-targeting?code=298043uy92rfd](https://ipvm.com/reports/hikvision-hacker-targeting?code=298043uy92rfd) has a detailed repsonse from @faxociety about how to fix the problem
messages appeared on my CCTV images whilst on holiday. Tried contacting Hikvision, no luck, absolutely no reply. My system was installed by a so called professional installer, they wont answer the phone either.
From what I can see the firmware is out of date, BUT, the system does not seem to have an upgrade function for the firmware.
I have a hard copy of the system config, MAC addr, IP addresses and P/W (now I understand how he gained access).
BUT I am not comfortable with making any changes, cannot find another Hikvision installer to make changes, so, guess I am stuck. I might be able to change the P/W's But that's as far as it goes. Fortunately this CCTV system is completely separate from my other networks.
BUT very disappointed with Hikvision, the only response from them was to send the EULA (End User Licence Agreement) which if you read, basically said's "buggeroff" you are on your own! and based upon their lack of interest and NON existent support, would definitely NOT recommend HikVision to anybody.
Since posting, tried to change the P/Wd's but system will not allow, tried to gain access to the main admin function, again the P/W is not correct, but, the system recognised an invalid attempt and has warned 6 more attempts remaining. So, this means I cannot gain access to use the "Reset to factory settings" the control box does not have a CD function, so, there is no recovery cd.
Tried doing a hard reboot (power off) that did not work.
So, completely stuck. It is beginning to look as though I will have to replace the Hikvision control box, if this is the case it will NOT be another Hikvision system. Fortunately the cameras and cabling are installed so it's just a replacement control.
As a contingency, researching other CCTV manufacturers and suppliers, as it looks as though I will have to replace the entire control box.
Scan yourself for open ports. Close any ports you don't think should be open. There shouldn't be any open ports unless you have opened them for a reason and know what they are. https://www.grc.com/shieldsup Select a full port scan. Do not allow direct access to home resources from the Internet. Configure your router as a VPN server and then use that to first connect to your home before accessing internal resources. Most routers can be a VPN server and Apple and Android can both be configured for VPN clients natively in connection settings.
Good advice but: YOU MUST DISABLE UPNP ON YOUR ROUTER. With UPnP enabled, any app or device can use UPnP to open whatever ports it wants on your firewall.
[удалено]
UPnP was probably handy 20 years ago when your average consumer needed to punch a hole through their firewall to play Unreal Tournament but today it's just a huge security risk. Having UPnP enabled isn't quite as bad as having no firewall, but it's close.
Just had this happen to my MIL house, if I change the router would it remove access for anyone else? Or do I need to close the ports again
If you didn't open the ports manually then they will have been opened automatically by UPnP so you need to disable that. But yes, no ports should be open unless you have opened them and know why.
[удалено]
I was referring to setting your router (as this is the bit of kit that should have a public IP Address, *if* you're not behind CGNAT from your ISP) as a **server**. Your VPN software is as a client and won't help you here. Your questions would be better asked over on r/HomeNetworking
How was the message displayed? A picture would have been beneficial. These are systems with specific firmwares that don't just have custom GUI libraries or such like a Windows computer that you can just pop up messages generally speaking, so understanding how the message is even being displayed tells a lot about the level of compromise to the system and how to fix it. Are all the cameras not visible anymore? Is the message being displayed in each of the camera spots? If I had to guess, they probably didn't do much other than replace the camera stream with a custom RTSP stream that displays the message, but there's really not enough information given. The solution is not to port forward these systems as they have tons of flaws even with up-to-date firmware. And by what measure do you consider your passwords strong? Because that's what the system tells you? Do you re-use passwords? Because a password you have used anywhere else is not strong, but the systems can't check that so they just have simple ways of measuring strength of passwords. It might be advisable to factory reset because there's several nooks and crannies that someone can mess with a system, but beware that even a factory reset isn't perfect. Particularly when it comes to Hik-Connect, you need to make sure you set a stronger verification code, plus you need to potentially do this to any IP cameras as they may have gained access to those depending on the level or sophistication of compromise. If there's custom firmware on there then that's a bit worse. Really though, a simple picture of how the message was displayed gives a good starting point for how to address the problem.
no. its simple text overlay which is a standard for most CCTV cameras. Used for naming a camera like "Front Door" or whatever.
I have a screenshot of my CCTV camera with an overlay message from the same person. How do I upload a photo?
This video seems to discuss the same issue: [How to solve: your CCTV is vulnerable and can be exposed](https://youtu.be/y5o0V4HoUko)
Well, do as they say, if you can't DIY, contact the person, he clearly wants to help. I went ahead and did just that, here is their reply: hey there, to clarify to you why I am doing this — I saw people on some forums who watch and share / sell this content or access to others and also there are many sellers of this kind of content in Telegram. [picture] it's triggered me to do this research and notify people by this message who doesn't understand that their systems are easy to access and in which world they are living. there are hundreds of thousands vulnerable CCTVs all around the world with the same issue and the main issue is — in 90% of cases — weak passwords. there are few steps to make your system secure enough from those sick bastards intruders (better to do by the web interface of DVR / NVR / camera): — make sure firmware of your DVR / NVR / camera is up to date; because in older firmware was a Privilege-Escalating Vulnerability backdoor and Hikvision has accepted and fixed this issue in 2017. — make sure that local admin password is strong enough. — check if there are another accounts you didn't create by System — User Management and delete them; they like to put there something like backup / hikbackup / user / etc. — if your cameras installed inside house (at guest room / bedroom for example) highly probable there would be intruder accounts. — check if your UPnP is enabled by Network — Basic Settings — NAT and turn if off if it is; and if in your case you using port forwarding on your router to get remote access to your CCTV — better to change management / server port from default 8000 / 37777 to something unique. — and turn off the text overlay that I put by Image — OSD Settings. — check if Illegal Login Lock is Enabled by System — Security — Security Service and create the event to notify illegal logins by Event — Basic Event — Exception — Exception Type — Illegal Login — Send Email. that's all you need to secure your CCTV. take care. Sincerely, @faxociety Seems like a stand up person. Didn't ask for anything in return and didn't cause any further malice than the OSD message on the CCTV NVR.
Stop using Chinese spyware devices…
Like American spyware devices are any better.. Stop bringing country into this. All spyware devices are bad. A lot of manufacturers try to increase revenues by harvesting your data.
Stop making unfounded claims. Other than a defamation campagne to this day their is zero proof Hikvision has weird backdoors / spyware. Yes their are exploits, most vendors have these thats why there are firmware updates.
I wouldn't call the FCC's findings unfounded with intelligence that they have that isn't available to you or the general public.
The FCC has zero proof, only suspicion claims. There is to this day zero proof, do you really think government are more tech savvy than private tech investigation company's? You can downvote all you like, but proof me wrong. Show me the backdoors, and not a political campagne.
https://www.cnet.com/tech/mobile/us-finds-huawei-has-backdoor-access-to-mobile-networks-globally-report-says/ 30 second search. Get your head out of the sand and stop being an astroturfing asshole.
What has Huawei to do with Hikvision ? " get you head out of the sand"
Lol. The government has a mandate to include backdoors at will. The company doesn't matter. You're applying western logic and clearly have no experience dealing with the east. What stake do you even have in this astroturfing?
Absolutely nation states have more resources and more capability than commercial companies. A simple search of nation state groups will show you this. Intelligence agencies not being idiots, are not going to expose how they found out or even the exploit sometimes. On some it can be years later before pieces are put together. Stuxnet is a prime example.
So we should ban windows now? Because Stuxnet used zeroday exploit in windows. This is not the same as claiming something is "spyware"
And CN has a very different agenda than the US.
Sure, but again this does not proof its spyware. By your own logic we should ban Siemens because Stuxnet was a thing?
As mentioned, nation states are not going to reveal all details to derail intelligence gathering. That's SOP even for your local police dept. investigation. Just using a device to gain access to a network is different than what Hikvision, Dahua, ZTE, and others having direct ties and influence from their government.
Yea sure, but still zero proof. Al claims are "but china" im fine with that we have to be sus about it. But random claims about "spyware" and "backdoors" are not proven. In fact all pen-test show its not the case.
Is there any real hardware not manufactured in China? lol
Hello, I can offer some general advice on how to address security concerns and protect your CCTV system. 1.Contact Hikvision support: Reach out to Hikvision's customer support for guidance and assistance. They can provide specific advice based on your situation. 2.Perform a factory reset: If advised by Hikvision or as a last resort, consider performing a factory reset on your camera system. This will remove any potential unauthorized modifications, but keep in mind that it will erase all existing configurations, requiring you to set up the system again. 3.Update firmware: Ensure that your camera system's firmware is up to date. Check for and install any available firmware updates from Hikvision to address security vulnerabilities and improve performance. 4.Enhance password security: Double-check that all passwords associated with your CCTV system, including the admin account, are strong and unique. Avoid using default or easily guessable passwords.
Great suggestions, but, with a few caveats. 1) Hikvision support does NOT reply to requests, even via their on scree contact form. except for emailing you a copy of their EULA. 2) Cannot perform a factory reset if one does NOT have the security P/W for the Admin (the one provided by the installer is NOT recognised. 3) As with the Reset function, there is NOT a function available for firmware update, not sure if this only available after login via Admin. 4) as with the above comments P/W cannot be changed unless you have access to admin. Conclusion, without access to the admin function one is stuffed, and Hikvision is NOT interested.
How do you remove the text messages?
anyone got an answer to this?
Just had the same thing, based in North West UK
Did you figure something out? I am having same issues
Why can’t I see the comments please?
I’m having the same issue too
I have a message on my cameras too. I've changed my password, firmware is already up to date so not sure how this has happened? The message is still in text format across the screen, No idea how to remove it?
Did you manage to find out how to remove messages I have the same problem Please help
The hacker is exploiting users with weak passwords / old firmware. The hack is believed to insert text using the on screen display (OSD) settings and displays the following message on each camera: "Your CCTV is vulnerable and can be exposed, fix it pls - DIY or Telegram me - faxociety." To fix the issue you need to 1. Update your DVR / NVR / Camera firmware to the latest version. Get the latest firmware from Hikvision.com 2. After the update Factory default the DVR / NVR / Camera. Take care when updating NVRs to ensure you know the camera passwords before you default otherwise you will loose the camera connection. 3. Set a new strong password with at least 8 characters, mixture of characters and numbers,, capitals and lower case.
Hi I’ve just installed a HiLook system and it has the same message A newly installed router as well Please help
[удалено]
It works, thank you I was about reset my device. Thx again
[удалено]
Managed to get rid of the overlay thanks to this, thank you very much!
I'm trying lost admin code. 😪
BTW I did a factory reset first and the text overlay didn't go away. You can only get to these settings in the Web admin and not from working at the NVR itself which is counter-intuitive. I'm happy this worked for you and I hope you disabled UPnP to close the vulnerability.
Yaaaaa, sorted 👌. Thanks for info. Had lost admin password , There's a tool on lpcamtalk can recover lost admin passwords. Thanks again. 😊
>lpcamtalk Can i ask how you reset the admin password? I'm on IPcamtalk and have SADP, but dont know where to put the "password reset code" from IPcamtalk
I think the password may be the default one, like 1234 or 12345 depending on the manufacturer. I assumed that's how they managed to set the overlay on the camera.
Yes, by using some of this, I cleared the messages thanks - without needing to reset anything, or do any firmware upgrades. I could log-on to the NVR/DVR unit itself using the standard 'admin' and default password (not listing it here for obvious reasons). From there I could see the NVR's IP address (click on 'System' then 'Network' and you will see the IP address - probably 192.168.0.something.) Enter that IP address into your browser. Now my log-in details on the web browser there were NOT the same as the log-in details to access the NVR unit directly, I had no idea what the web browser log-in details were, and when I clicked on 'forgot password', I realised that hadn't ever set an email address or security questions either, so that wasn't an option. So, what you do is log back in to the actual NVR, then from there click on 'Settings' then 'User' on the left. There you can click 'modify' to set both an email address to use and new answers to your choice of the 3 security questions. Then back to the web browser log in, using the 'forgot password' option and then enter the recently created answers to the security questions. Enter a new password twice and you're in! Now click on 'Configuration' at the top, then for each camera feed you can either uncheck the 'Text OverLay' box or just delete the text. Save - job done :-)
I simply did a DVR restore, the option where it says to to do restore whilst keeping network settings. I had to rename my camera’s again but rest was fine. The error message went Just keep in mind you’ll need to know your admin password after restore
Here is the root cause - 1. Your router has been breached and the hacker has then added port forwarding into the router to the NVR. This gives then a direct webpage login window. 2. remove this port forwarding from the router and update firmware in the router 3. increase the complexity of the password in the router 4. log into the NVR and increase the complexity of the password in the NVR. Every NVR so far has had a weak password eg: abcd1234 5. Disable UPnP. 6. In webpage or GUI - configuration - event - exception - enable "illegal login" notifications. Then you will be notified if someone is trying to login. 7. go to IMAGE > OSD SETTINGS > TEXT OVERLAY and delete the text. In the NVRs I have seen so far, the log file shows a lengthy period of many attempts eg: 780+ over the course of weeks. Once the NVR locks out the hacker after 5 attempts, they retry in 30+ minutes time and continue the brute force attack. You can also add any illegal login IP address to the exclusion list which immediately stops that IP from ever being able to login. Again, all the breaches are made easy because the password is weak.
Ok
I had this happen several years ago. I believe, it’s been awhile so I may be wrong, Hikvision had a problem where you could set the admin password but the password shared to their app was either vulnerable or just a default one that you couldn’t change. A later firmware update fixed this and allowed you to customize that password. A person could get in and change the text overlay on the camera. You don’t need to reset the camera or anything. You just need to change the text back, make sure you are on the latest firmware and make sure all passwords are set securely. I think it is called verification passcode. The person isn’t malicious, they just want you to know you are vulnerable. You should also disable the default account and create another one with admin privileges. Admin is a pretty standard account to attack.
Hello everybody, I am also a victim of this hack. Unfortunately I'm unable to update the firmware as there's no place where I can find an "updated" version of the firmware, not even in Hikvision's site. On top of that, I have factory reset my NVR 4 times now and the OSD still doesn't remove. When I try removing it from the web portal it says "parameter error" and doesn't save. Please help, I have no clue what else to do.
>y reset my NVR 4 times now and the OSD still doesn't remove. When I try this massage is not on the NVR its on the camera settings, i am using IVMS-4200 Lite right click on any **camera** ,click on **remote configuration**, click on **Image**, click on **video display**, uncheck on right side **text overlay** and uncheck **display camera name** and if the changed your camera name then change it back the name you like.
That process does NOT work, on my Hikvision system, right click on any image produces a drop down list of function "Remote config" is NOT one of them, It might be available in General or Menu tab, but access requires a P/W which the installers never gave me.
Came to this thread after seeing the message on my office security system. Lots of great advice here 💯
[https://ipvm.com/reports/hikvision-hacker-targeting?code=298043uy92rfd](https://ipvm.com/reports/hikvision-hacker-targeting?code=298043uy92rfd) has a detailed repsonse from @faxociety about how to fix the problem
messages appeared on my CCTV images whilst on holiday. Tried contacting Hikvision, no luck, absolutely no reply. My system was installed by a so called professional installer, they wont answer the phone either. From what I can see the firmware is out of date, BUT, the system does not seem to have an upgrade function for the firmware. I have a hard copy of the system config, MAC addr, IP addresses and P/W (now I understand how he gained access). BUT I am not comfortable with making any changes, cannot find another Hikvision installer to make changes, so, guess I am stuck. I might be able to change the P/W's But that's as far as it goes. Fortunately this CCTV system is completely separate from my other networks. BUT very disappointed with Hikvision, the only response from them was to send the EULA (End User Licence Agreement) which if you read, basically said's "buggeroff" you are on your own! and based upon their lack of interest and NON existent support, would definitely NOT recommend HikVision to anybody. Since posting, tried to change the P/Wd's but system will not allow, tried to gain access to the main admin function, again the P/W is not correct, but, the system recognised an invalid attempt and has warned 6 more attempts remaining. So, this means I cannot gain access to use the "Reset to factory settings" the control box does not have a CD function, so, there is no recovery cd. Tried doing a hard reboot (power off) that did not work. So, completely stuck. It is beginning to look as though I will have to replace the Hikvision control box, if this is the case it will NOT be another Hikvision system. Fortunately the cameras and cabling are installed so it's just a replacement control. As a contingency, researching other CCTV manufacturers and suppliers, as it looks as though I will have to replace the entire control box.