9 Ways To Hack CCTV Cameras and How to Prevent it

If you wanted to learn how hackers hack CCTV cameras, the hackers do in movies and Tv series, then you are in the right place. In today’s tutorial, we will show you not 1 or 2 ways but a total of 9 ways to hack CCTV cameras. I hope you like reading it because this is going to be an in-depth article on hacking CCTV cameras. We are not exactly covering the CCTV camera hacking app since most of them will be a scam and will steal your data. By the below methods, you will also be able to do hikvision hack easily.

For the sake of simplicity, I will go from the easiest to the toughest methods for hacking CCTV cameras. If you find the starting methods to be too simple, go to the end.

So without any further ado, I will show you 9 ways to hack CCTV cameras. Do note some methods require technical knowledge, so I would recommend caution if you are unfamiliar with how systems and CCTV cameras work.

How to hack CCTV cameras

1) Use websites that show hacked CCTV cameras or public CCTV cameras

This is not technically hacking, but it’s the easiest method to view CCTV cameras around the world. There are many such websites that have a huge list of hacked cameras as well as public cameras. These cameras can be anywhere in the world. You can use these cameras for information gathering purposes. Sadly they don’t have a reliable CCTV camera hacking app or it would have been more interesting.

• Insecam
• Opentopia
• Earthcam

This website is one of the many. You can find a huge list of cameras that are publically available. You can always find more websites on the internet. 

2) Hack CCTV camera on the same WIFI network

That’s is a slightly more technical hack, which requires you to get your hands dirty. Really a hacking, but it works. The way you do this is by finding the Ip address of the camera, which is connected to the same network.

Every camera has a control interface that can be accessed via its IP address. The reality is many people do not even bother looking at it. They just bring the camera to connect it and forget about it. The problem with this is that the camera control interface now has a default password, which any smart hacker can easily hack. But people are unaware of this and thus have default passwords 

Okay, before you try the default password and hack the CCTV camera. You first need to find its Ip address and the control interface for login. I’m sure you know every device connected to a network has an IP address. So let’s find the that Ip address

1) Download the Angry IP Scanner

An angry Ip scanner is the perfect tool for detecting CCTV cameras on the network. Do note that this is not a stealthy scan it does make some noise on the network when it is scanning for CCTV cameras

2) Install the Angry IP Scanner

The installation of an angry IP scanner is very simple and straightforward. Download and run the setup file. Read and follow the instructions. You just need to click next as you can see in the images below: (click to zoom in)

3) Configure the Angry IP Scanner settings 

To find the information for hacking CCTV cameras, we need to look for IP cameras with Angry IP Scanner. So we will configure to find those ports and fetchers. See the image below:

Configure the following default ports for cameras: 

80, 23, 8080, 8081 and 8082

You can configure the fetchers to display the Web Detect information that can help detect web camera devices.

Then add web detect

4)Choose the IP address and port range to scan

To hack a CCTV camera, you first need to find the exact IP address and port. So we need an IP Address range to scan with the Angry IP scanner. See the picture below where a range of IP addresses was scanned. 

For privacy and legal reasons, we have decided not to show the first part of the IP. Only after a few scans were we able to find two Hikvision DVRs that are online on the network. See the image below.

You can also do this on the internet, but I recommend not to because you will be pining a lot of devices all over the internet, which may or may not have legal consequences depending on which IP address you scan. Especially government and army-related IP. Do not try to scan those.

In this case, the camera we detected was a Hikvision DVR. The default password for this can be found on the internet. Just google Hikivision default password. The default username and password: “admin/12345“

5) Note the manufacturer and device model on the banner.

 (Hikvision)

Did you get the idea? To hack CCTV cameras, you just need to know what is the manufacturer’s name and device model. Then you can find vulnerabilities and default passwords for the same. Google is the perfect place for finding default passwords.

The same process can be used for all other brands of the camera as well. As long as you know the IP address and the port of the camera, you can directly open the control interface. Then search on google for the default username and password.

3) Hacking CCTV cameras with shodan

In my previous article about Shodan, I had shown how powerful the search engine is. So we are going to be using this method to hack CCTV cameras around the world. Shodan is not a CCTV camera hacking app but a search engine.

Shodan is a search engine service that shows all Internet devices around the world, including security CCTV cameras.

So let’s hack some cameras. You can type the name of the camera brand like “Hikvision” or a very general term like “webcam.”

Details about the Camera from Shodan

To see the camera device details, just click on the link:

Here you will find all the important details like camera IP address ports and services as well as banners showing info that can be used to hack the camera.

Try the default passwords for the brand by googling. Hopefully, you will find the passwords. And if the passwords are not changed, then you will directly log in.

This shows how easily hackers can hack your cameras if they are on the public network.

4) Hacking CCTV with GOOGLE search queries

Step 1: Go to the Google website 

https://www.google.com

Step 2: Enter any one of the following lines in the search result:

• Inurl: view/index.shtml
• Inurl: view/view.shtml
• Live applet
• intitle:”live view” intitle: axis
• Intitle: live applet
• allintitle:”Network Camera”
• intitle: axis intitle:”video serve

Step 3:  Find a website with a format similar to http://xx.xx.xx.xx/CgiStart?page=Single&Language=0

where xx.xx.xx.xx will be an IP address

Step 4: Open a link from the search results, and then viola the hacking is done. You have hacked a CCTV camera using google search query:

If you are prompted for a username password just google for the default passwords of that model and try to hack into it.

5) Hack Cameras with Routersploit

Routersploit is a tool for originally hacking routers. But with a recent update, they have included the option to hack cameras of certain models using exploits available on the internet. This has made routersploit a camerasploit, so to speak.

So start the hack make sure you know the IP address and device Model of the camera you want to target. The first method is the perfect example of the same where you can find the information. You can use this hack when the default passwords have been changed.

To install routersploit on Kali Linux, open a terminal and type the following commands in the same order as below:

git clone https://github.com/threat9/routersploit

cd routersploit

python3 -m pip install -r requirements.txt

python3 rsf.py

With this, the routersploit module will start. Now once it has started, type the following in the Kali Linux terminal.

To start hacking the camera, we need to use the following commands:

use scanners/cameras/camera_scan

show options

set target xx.xx.xx.xx

Here xx.xx.xx.xx is the Ip address of the camera

Now to run the exploit scanner type:

run

As you can see, the tool will run multiple exploits and check if the device is vulnerable. If the device is vulnerable, then you can hack the camera with the respective exploit. Making an article on each respective exploit is not possible since they are way too many exploits. But you can probably google the particular website and get the info you need.

6) Hack CCTV camera by brute force attack

Hacking Cameras with brute force is very similar to hacking websites with brute force. I had previously made an article that showed how to hack web services with xhydra. Xhydra is not a CCTV camera hacking app but a Windows Penetration testing Tool.

Today we will use xhydra to hack CCTV cameras:

Since people keep passwords hacking, passwords of CCTV cameras is very easy.

Similar to the ssh hack, just type the IP address and port, which is used by the camera interface.

You can pass your own password list, as well.

By trying the possible passwords, we can easily hack the CCTV cameras. Also, many cameras do not have any protection mechanisms which can be useful for blocking brute force.

Alright, you are thinking now that this method is too hard or complicated; it’s not. I recommend you read my ssh hack article since you probably haven’t used xhydra before.

You need the following information:

• Camera IP address
• camera port

7) Hacking Cameras with exploit tools

Sometimes some exploits have ready-made tools made by expert hackers. One such tool is the hikvison exploit tool. This tool can reset the username password directly.

In March 2017, this security flaw was discovered in Hikvision cameras that allowed hackers direct access to device information such as model, serial number, firmware version, and users.

Hikvision did issue an update, but the reality is how many people update camera firmware? People are too lazy to update their phones to forget about cameras.

So, the Hikvision IP camera exploit is very easy to use, as shown in the diagram above, you just need to run it on a computer or laptop to explorer and hack CCTV camera that is online on the internet or in your local network.

Download the Hikvision Backdoor exploit tool

You need to make sure you have collected all the necessary information about hacking CCTV cameras.

 How to use this exploit tool: 

To use the exploit tool just follow the simple steps below:

1. Type the camera IP address and port number

2. Click on “get user list.”

3. Select the user whose password you want to change

4. Type a new password and click on confirm.

In these simple steps, the password has been hacked without requiring the original password. This is just one tool for Hikvision. There are many on the internet for other brands as well.

Now that the password is reset, just open the camera in the browser and log in.

 The below Hikvision camera models that are affected by this security vulnerability issue. 

If you have any one of the affected models. Then just upgrade the firmware to fix the issue so that your camera does not get hacked.

8) Hacking CCTV cameras with a man in the middle attack

Unlike websites, cameras do not have a secure SSL certificate. When someone logs in a camera their username password is generally plain text.

I hope you had an evil smile when you heard the word plain text. I’m sure you know we can hack anything as long as its plain text with tools like zanti.

We can start sniffing with zanti or ned creds. We can also use sslstrip.

Below are the few articles which show sniffing in detail:

Man in the middle with net creds

MITM on android with zanti

You just need to wait for someone to sign-in on the camera for this hack to work. You can use any one of the above methods to hack CCTV cameras with mitm.

I hope you have the patience for the same. Hacking

9) 0day exploits

These are exploits that are focused on particular models of devices and brands. The best sources of these exploits are google, exploitdb, etc. Since the exploits are very unique and vary from device to device I cannot show you how to do a 0day exploit. However, if you want to find methods for them then simply google the model number of the camera and add the term 0 days.

For eg: Hikvision iVMS-4200 0day.

With this search, you will find all the zero-day exploits for this particular model. Some of these exploits are already weaponized while some need to be weaponized by you. This is why I have shown it as the last method just because of the extreme difficulty and complexity.

Checkout this Defcon video which shows such and exploits:

Congratulations, you have learned how to hack CCTV cameras like professional hackers. I hope you enjoyed the article and will not fall for the scammers that provide the CCTV camera hacking app. Happy hacking.