Unplug and update your Hikvision security cameras and NVRs now

Disclosure: This post contains affiliate links. If you click through and make a purchase, I will earn a commission, at no additional cost to you. Read my full disclosure here.

Over 100 million Hikvision devices, namely their security cameras and network video recorders (NVR), have the “highest level of critical vulnerability”. What that means for you, as an owner of any Hikvision devices that might be exposed to the internet, is that you must immediately disconnect them from your network and install a firmware update.

Hikvision security cameras are popular within the community, mainly because of their low price and support of the Real Time Streaming Protocol (RTSP), allowing for an easy integration with Home Assistant and NVR applications such as Blue Iris and Frigate. Hikvision owners aware of the risks such devices bring with them, will have placed them on their own VLAN, blocked from the internet. There will, however, be plenty of users who do not use a privacy and security minded setup. It is the latter group that are currently at risk of having their privacy invaded.

What the Hikvision security vulnerability means for you

The security vulnerability putting you at risk is one of the worst I have come across since I started writing on the subject. It is potentially worse than what previously happened to eufy security cameras. Hikvision has released a statement on what it allows attackers to do. Basically, anyone can access your Hikvision security camera and NVR, without a username or password, and the device won't even log the access.

Only access to the http(s) server port (typically 80/443) is needed. No username or password needed[,] nor any actions need to be initiated by camera owner. It will not be detectable by any logging on the camera itself.

Hikvision spokesperson

It was the security researcher, Watchful_IP, who specializes in ARM based embedded IoT, who made and published the discovery. Thankfully, Hikvision was fast to react and published a series of firmware updates within a day.

Should you be using Hikvision in the first place?

If you don't know much about Hikvision, it is high-time to educate yourself on what it means to buy their security cameras and NVRs. Hangzhou Hikvision Digital Technology Co., Ltd.is owned by the Chinese government, and the U.S. government has in the past placed the manufacturer and supplier of video surveillance equipment under sanctions. In March of this year, the FCC (Federal Communications Commission) stated that Hikvision equipment and services “pose an unacceptable risk to U.S. national security”.

It has been reported that Hikvision supplies “thousands of cameras that monitor mosques, schools, and concentration camps in Xinjiang”. The European Union has banned any Hikvision products from being used on any of the parliament's premises, due to the unacceptable risk that the manufacturer “contributing to serious human rights abuses”. Furthermore, in June 2021 South Korea banned their products for one year and the Indian Navy has destroyed and replaced their existing Hikvision security cameras.

IPMV.com who reported on the current security vulnerability, has long been critical of Hikvision. They claim that the Chinese Central Government created and control the company. They also conclude that Hikvision is all too keen to obscure that fact. The choice whether you buy their products is yours, but keep these few paragraphs in the back of your mind when you do so.

About Liam Alexander Colman

is an experienced Home Assistant user who has been utilizing the platform for a variety of projects over an extended period. His journey began with a Raspberry Pi, which quickly grew to three Raspberry Pis and eventually a full-fledged server. Liam's current operating system of choice is Unraid, with Home Assistant comfortably running in a Docker container.
With a deep understanding of the intricacies of Home Assistant, Liam has an impressive setup, consisting of various Zigbee devices, and seamless integrations with existing products such as his Android TV box. For those interested in learning more about Liam's experience with Home Assistant, he shares his insights on how he first started using the platform and his subsequent journey.

Leave a comment

Share to...