This must not be allowed to continue! I just do not have the words for this.
My former coworker left to work at Flock in their R&D department and every time I see Flock popup I check his LinkedIn to see if he’s still there and hyup. I didn’t take him for the type, but I mean as recently as a month ago he was praising them.
Lot of mixed feelings from this video. Author doesn’t seem to know you can also do the exact same thing with any other HikVision camera too. I was pulling (at least one) month-old feeds back in July from generic cameras using default credentials. Definitely seems like a configuration issue to not require any at all. Given the sheer amount of these (there’s a lot in my area), why could the author only find 60 feeds? Also none of these are responding to HTTP requests anymore as I have tried all links from his shodan query.
you can also do the exact same thing with any other HikVision camera too
Most people that install security cameras don’t directly connect them to the internet like this. A company that’s installing them at scale should be aware of this.
Definitely seems like a configuration issue to not require any at all
Modern Hikvision and Dahua cameras don’t have a default password. They require you to set a strong password during initial setup.
In general, a lot of electronics have moved away from generic default passwords, as many jurisdictions ban them now. Any modern device should either require you to set the password during initial setup, or have a randomly-generated password printed on a sticker under the device.
The device you found was either a very old one, or one where the owner intentionally set a basic password.
