A critical security vulnerability has been identified in Hikvision network cameras, potentially allowing attackers to intercept Dynamic DNS (DDNS) credentials transmitted in cleartext.
This flaw poses a significant risk to thousands of devices that have not yet received the latest security updates, particularly affecting multiple models using outdated firmware. The vulnerability arises from the cameras’ implementation of DDNS services, specifically those utilizing DynDNS and NO-IP, where credential information is sent over HTTP without encryption instead of using the more secure HTTPS protocol.
Security researchers have warned that this lack of encryption makes the cameras susceptible to man-in-the-middle attacks, enabling malicious actors to capture DDNS service credentials. Once acquired, these credentials could allow attackers to manipulate camera connections and gain unauthorized access to video feeds.
The implications of this vulnerability are particularly serious, as Hikvision cameras are widely deployed in sensitive locations, including critical infrastructure settings, which raises concerns about potential misuse of the captured data. The exposure is alarming, with over 80,000 Hikvision cameras reportedly still accessible online with various known vulnerabilities.
These devices are distributed across approximately 2,300 organizations in 100 countries, with the largest concentrations found in China, the United States, and Vietnam. Given the strategic importance of many installations, including those at critical sites, the vulnerability has garnered interest from both criminal organizations and state-sponsored groups, particularly within Russian cybercriminal forums discussing potential exploitation techniques.
In response to the discovery of this vulnerability, Hikvision has released firmware updates aimed at addressing the security concern by ensuring that cameras exclusively communicate via HTTPS for DDNS services.
The company has strongly advised users to immediately update their firmware, implement robust password policies, and isolate camera networks from critical assets using firewalls or VLANs.
Organizations utilizing affected Hikvision cameras are urged to adopt these security measures to prevent potential device compromise and safeguard their networks against unauthorized access.
Reference: