Defense Against NVR/DVR Scripted Application

March 6, 2017 Views:41

March 2nd, 2017


Dear Valued Partner,

Hikvision has determined that there is a scripted application specifically targeting Hikvision NVRs and DVRs that meet the following conditions: they have not been updated to the latest firmware; they are retained as the default port, default user name, and default password.

Hikvision has introduced secure Activation Mechanism into all of product lines since March of 2015, it is required to create password when first login. However, it was possible, before that date, to install NVRs and DVRs with default settings. Therefore, we provided updated firmware which includes this mandatory setting for customers to upgrade existing devices.
 
Hikvision strongly recommends that our customer base review the security levels of equipment installed prior to March 2015 to ensure the use of complex passwords and upgraded firmware to best protect their customers.

Below are firmware and password guidelines and specific steps to take to secure a system:


Password and Firmware Overview


•    Leaving factory-default, poorly chosen, or weak passwords in your camera or video recorder may result in unauthorized access or exploitation of your company resources.

•    Change every password in every device occasionally. Old passwords can carry additional risk.

•    Ensure all systems have the latest firmware.

•    All users, including contractors and vendors with access to your company systems, should take appropriate steps to select and secure their passwords and update your firmware on your system.


Password and Firmware Steps

 
1.    Make sure to have your device behind a firewall.

o    Make sure that your firewall is updated with the latest firmware and that the default password is changed on your router.
o    If you want to have your device work with a Hikvision or third-party online services, make sure to set up port-forwarding on your firewall.

2.    Check if your system has the latest firmware. Here is a link to  check if your product needs to be upgraded to the latest firmware.


3.    After updating firmware, please restore factory default, and ensure that you have restarted your device.

4.    Once the device is restarted, it will ask you to give a more secure password.
o    Go through the process to secure your devices.

5.    Now that you have updated your device please make sure to change your password regularly.



Additional Information and Resources



•Technical Bulletin: How to Activate Device for DVR, NVR and IP camera

 
•Video:  How to upgrade NVR locally

•Video:  How to upgrade IPC or NVR in web interface

Please visit the Security Center on our website for additional information and updates. Should you require additional support, please do not hesitate to contact our local technical support team or at support@hikvision.com.


Sincerely,
HangZhou Hikvision Digital Technology Co., Ltd.