We have recently been advised of a hack involving changing the on screen display of users.
Below are some steps from Hikvision themselves:
- Change your NVR password – its likely too easy. Create strong passwords that consist of a combination of uppercase and lowercase letters, numbers, and special characters. It is crucial for passwords to be a minimum of eight characters long and avoid easily guessable information such as names, birthdates, or common words. https://www.sourcesecurity.com/security-videos/password-security-securing-hikvision-dvr-nvr-and-ip-camera.html
- 2. Upgrade your firmware From Hikvision AU website
- 3. DISABLE UPnP for your router. Disable UPnP (Universal Plug and Play): Suggest that your customers disable the UPnP feature on their routers. UPnP can be exploited by hackers to gain unauthorized access to devices on the network. By deactivating UPnP, only authorized devices and services will be allowed to connect to the network.
- 4. Edit the On Screen Display to remove the message https://www.youtube.com/watch?v=Qtjl8AFnTEQ
By adhering to these recommendations, customers can significantly reduce the risk of their CCTV systems being compromised and prevent unauthorised access.
BELOW IS THE FULL EMAIL FROM HIKVISION
We have discovered and determined that certain Hikvision NVRs and DVRs may be impacted by a scripted application.
“When the UPnP/NAT feature is enabled and the ports are open, the hacker scans the router to find the IP addresses/ports and then tries brute force attacks utilising generic passwords in an attempt to log into the device”
By accessing the camera or NVR/DVR web page they then over right the OSD Text Overlay and display the message:
“Your CCTV is vulnerable and can be exposed,
Fix it pls – DIY or Telegram me – faxociety”
The devices may be affected if:
- Weak passwords that contain only letters and numbers are used
- They are exposed directly on the open Internet when UPnP/NAT feature is enabled or Port forwarding using default port settings;
We recommend that actions be taken to mitigate potential risks. Please ensure the following hardening practices are employed to provide additional resilience for your customers.
- As always, password strength is critical. Ensure your customers set up complex passwords containing letters (uppercase and lowercase), numbers, and special characters.
- Please avoid using the same password multiple times when deploying security systems.
- In general, we recommend that you disable the UPNP/NAT feature on devices, this will not affect communication with the Hik-Connect server.
In order to delete the text overlay access the devices via your browser, navigate to the menu configuration, image, OSD setting, and then delete the texts. Please then take the above preventative actions.