August 10, 2017
To Our Valued Partners,
This update is intended to clear up any misunderstandings stemming from an Aug. 9 online report of a so-called Hikvision “security code” being “cracked” via a security-code generating software program. The report cited that in order to reset the password in devices using firmware v3.4.50, the user must physically operate the reset menu with a mouse through the recorder’s local HDMI/VGA output.
Today, the user can reset a Hikvision recorder by contacting Hikvision Tech Support. The customer must answer the validation questions and generate the device code. Authorized Hikvision Tech Support will then provide a reset code to verified user.
Below is a history of Hikvision password recovery mechanism, which includes some details about how we have improved the process over the past several years.
Before 2015, Hikvision had a tool available to generate the security code for users who lost or forgot the password for their recorder. The tool enabled users to utilize SADP/4200 to plug-in the code to reset recorders.
It is very important to note that the only two ways to reset a recorder password were: 1.) Through SADP/4200 and within the same local network, or 2.) To physically operate the reset menu with a mouse through the recorder’s local HDMI/VGA output. Either way, this reset cannot be done via the Internet.
In April 2015, Hikvision introduced a new recovery mechanism, which provided an enhanced encrypted key that needed to be exported from the device by SADP/4200. The ability to physically operate the reset menu with a mouse through the recorder’s local HDMI/VGA output was maintained. We want to emphasize that cannot be done via the Internet; it has to be local through a mouse connected to the recorder.
In October 2016, starting with the Hikvision DVR v3.4.80 and NVR v3.4.90, the local physical reset menu was also removed. At this time, Hikvision introduced the GUID key password recovery process. o The GUID encrypted key can be exported to provide user to reset the password only to the device. The GUID key is dedicated to the device; it cannot be used on any other device. o The GUID key expires after one use. The GUID key is not valid if the device has change the admin password since the exported of key.
Below is the list of the firmware version supporting new password recovery mechanism:
|Support enhanced encrypted version|
|F Series Turbo DVR: DS-71/7200HGHI-F||v3.1.10 build 150909 and later|
|F Series Turbo DVR: DS-71/72/73/8100HQHI-F/N DS-72/73/76/81/9000HUHI-F/N DS-7200HUHI-F/S||v3.4.0 build151201 and later|
|SH Series Turbo DVR: DS-71/72/73/8100HGHI-SH DS-71/72/73/81/9000HQHI-SH||v3.1.6 build150427 and later|
|Traditional DVR||v3.1.4 build150430 and later|
|NVR||I/K/E Series: DS-76/77/8600NI-Ix(/P) DS-76/77/8600NI-Kx(/P) DS-76/77/8600NI-Ex(/P)||v3.3.0 build20150328 and later|
|.-ST and -SP Series: DS-76/7700NI-ST DS-76/7700NI-SP||v3.3.4 build20150715 and later|
Should you have any questions about password reset procedures, please contact your Hikvision representative or Hikvision Tech Support at firstname.lastname@example.org.
By setting high standards for product security and following the strict guidelines of reputable outside sources, Hikvision is committed to the utmost quality and safety of its products. We encourage our partners to take advantage of the many cybersecurity resources Hikvision offers, including the Hikvision Security Center which has detailed information about the Hikvision Network and Information Security Lab, third-party and internal testing, and videos.
Hikvision North America