This is an open letter to Chuck Davis, Director of Cyber Security at Hikvision USA.
A Hikvision document states that Hikvision has disabled ONVIF by default for 'security reason':
We are hoping you can help. When you started, you said that you intended to improve communication with the public. This would be a good topic since Hikvision is effectively criticizing ONVIF and raising concerns about the industry's de facto interoperability standard.
Questions:
- What is the 'security reason' here? Is the security reason inherent in ONVIF or is it simply Hikvision's own implementation?
- If there is a 'security reason' to disable it by default, does enabling it create a vulnerability?
Answering this would not only help your partners and customers but would establish greater credibility for Hikvision as it attempts to repair its 'PR problem'.