Hikvision Security Flaw - Dynamic DNS intercept - Update Now
A critical security flaw has been discovered in Hikvision network cameras that could allow attackers to intercept Dynamic DNS (DDNS) credentials transmitted in cleartext, potentially exposing thousands of devices to unauthorized access and manipulation. The vulnerability affects multiple Hikvision camera models that had used firmware versions before recent security updates. The issue stems from the cameras’ implementation of DDNS services, specifically DynDNS and NO-IP, where credential information was transmitted without encryption over HTTP rather than the secure HTTPS protocol. Security researchers found that attackers could potentially execute man-in-the-middle attacks to capture DDNS service credentials. These credentials could then be used to manipulate camera connections and gain unauthorized access to video feeds.
Products Affected;
- DS-2CD1xxxG0 versions prior to V5.7.23 build241008
- DS-2CD2xx1G0 versions prior to V5.7.23 build241008
- DS-2CD3xx1G0 versions prior to V5.7.23 build241008
- DS-2CD29xxG0 versions prior to V5.7.21 build240814
- DS-2CD1xxxG2 versions prior to V5.8.4 build240613
- DS-2CD3xx1G2 versions prior to V5.8.4 build240613
- DS-2CD2xxxG2 versions prior to V5.7.18 build240826
- DS-2CD3xxxG2 versions prior to V5.7.18 build240826
- DS-2CD2xxxFWD versions prior to V5.6.821 build240409
Hikvision has released firmware updates to address this security concern, modifying the cameras to communicate exclusively via HTTPS for DDNS services. The company strongly recommends that users:
- Update to the latest firmware immediately
- Implement strong password policies
- Isolate camera networks from critical assets using firewalls or VLANs
- Regularly monitor for unauthorized access attempts
- Organizations using affected Hikvision cameras should prioritize these security measures, as the combination of exposed DDNS credentials and other known vulnerabilities could lead to complete device compromise and potential network infiltration.