Hikvision now requires installers to update firmware on a regular basis according to Hikvision's VP of Sales at the Security Industry Association's Securing New Ground Conference:
Hikvision itself refused to respond to IPVM's multiple requests for comment.
We suspect this cannot be a requirement, since enforcing it would be hard (how could they prove it? what penalties would they enforce if the installer did not?). Moreover, there could be real practical problems, e.g., newer versions of firmware may not work properly with 3rd party systems being used with, etc. Also, there is the time involved to check new firmware upgrades, validate no problems occur, roll them out to each client, etc.
On the other hand, Hikvision's cybersecurity problems have been so significant perhaps they need to go to such extreme ends to fix their issues.
Hikvision dealers we spoke with said they had not heard of this. It could be this is happening but just another instance of bad communication with their dealers or Hikvision may be willingly allowing false information to be published by SIA just to spite IPVM.
Each Hikvision dealer will, unfortunately, have to find out themselves.
That noted, what do you think about requiring installers to update firmware?