Finally, someone has publicly come to the defense of Dahua and Hikvision backdoors:
Tyco Specifier Defends Dahua And Hikvision Backdoors
While firewalls and other technologies can help mitigate security flaws, ultimately it has to be the responsibility of manufacturers not to ship with such dangerous defects.
Also, ironically, both Dahua and Hikvision recommend port forwarding, which directly exposes their devices to the public Internet (indeed, amazingly Hikvision Hardening Guide Recommends Port Forwarding).
And cybercriminals should be condemned and prosecuted but security manufacturers cannot be given a free pass for making defective devices. If a safe manufacturer had a flaw that allowed immediately opening a locked safe, we would certainly and reasonably blame the criminal and the safe manufacturer.
However, on the positive side, having a powerful ally like Tyco is a benefit. Related, the specifier recently posted another LinkedIn item (since deleted) where he praised Hikvision for bringing low cost products to US federal customers and the support he received from Hikvision sales people. While that is a risk to the US government, this does show the combination of low prices and heavy sales spending works with Tyco.
One (long) sentence says it all:
The articles that have been published never mention that almost 90% of these backdoor security breaches are as a result of the customer's / end users network administrators who has not kept up with the appropriate firewalls and there would have protected the Security system there data but most importantly there own infrastructure and when these particular customer / end user or clients become the victim of the backdoor breach they instinctively target the Dealers / System Integrators like myself but mostly the Security Manufacturers.
So it's not even the integrators fault, but the end-user's fault!
Poor Tyco caught in the middle of manufacturers buggy firmware and end-users reckless network setup.
All brought to you by an evil blogger looking to use sensationalist headlines to gain subscriptions. #TeamChina
Evidently #TeamHikvision is loving the Tyco specifier's post:
The industry's largest manufacturer and largest integrator are speaking truth to power...
Well there’s something that’s worth a damn. Well, maybe worth a job offer, anyway.
David’s a good guy... great guy, but anyone that knows him will realize he is in NO WAY qualified from the standpoint of his background or technical proficiencies to make these arguments.
David’s a good guy... great guy, but anyone that knows him...
And even a few that don't...
He may be a good guy, but issuing any kind of statement condoning back doors into systems just makes it look as though you have your head up your rear-end and that you're making excuses for yourself or someone who is giving you money. Tyco should be having that little blurb erased form existence immediately.
I will take UM #3’s point that David is a good guy. But I find David’s comments terribly naïve. Blaming the victim is never a good strategy. Also, he seems to be very biased towards the vendors supplying product to him. In a position like his (and I have been there), it is very easy to become complacent to people buying you expensive dinners and trips, and to overlook their product’s shortcomings.
My advice to David is: apologize. Don’t let this fester and drag Tyco’s credibility into even more question.
Interesting response from someone on Twitter:
Yep, he wanna another job, so clear as an shiny day...
Yes, David is also notorious for audacious statements such as these when he is looking for a job.
I was hoping you guys would report this. Unbelievable. It will be interesting to see Tyco's response, or lack thereof, considering the partnership.
It will be interesting to see Tyco's response
Considering Tyco almost never says anything publicly about anything controversial, I doubt there will be any public Tyco response.
The only thing that might happen is that he deletes the LinkedIn post based on Tyco's request. However, since the post is still on LinkedIn, that indicates Tyco has not requested that.
Thank you Tyco for providing material we can use against you when competing for jobs. That you think very little of the integrity of the products you sell, and unwilling to disclose up front the possible conflict of interest. I need to hurry up and make a copy of that post.
Thank you Tyco for providing material we can use against you
In fairness, this is not from Tyco corporate but a Tyco employee. On the other hand, as I have argued, there are No 'Personal' Opinions About Work, so such statements, directed or not, reflect back on one's employer.
You know John, you're right about that and I can't argue against it. But what also isn't fair is when a big company like Tyco tells customers that small integrators [like us] aren't as good as they are because they don't have the size and resources that they do. Which as you know and we know isn't always true, and sometimes to the contrary. And it isn't fair when they have they have the resources and connections to get in touch with, and wine and dine (bribe) executive decision makers about who their security integrators will be.
But hey, I hope it doesn't sound like I'm crying about the fairness of it, because that is not the American way. As long as it's legal, we'll use whatever ammo we have at our disposal.
And I mean this as a hint and a warning for the benefit of big companies like Tyco. ;)
Sad.
The underlying problem is that because manufacturers produce "bad code" & get away with it, is the reason we live in a world where security vulnerabilities exist.
We've gotten so used to it that the explanation is to blame the network infrastructure VS if products were produced, from the ground up, as being more secure we would all be better for it.
The Tyco specifier is not backing down, yesterday he defended his position:
Besides the grammatical/spelling errors "unless I has a back door issue", this person does not have a clue of what he is talking about. It's the firewall administrators fault that there are backdoors into these products? Keep talking Mr. Gonzalez, you are only broadcasting your ignorance to more people as you go. I am amazed that Tyco is not addressing this.
David is a good man, but his statement can be viewed as naive and could potentially put him in hot water with Tyco Execs.
I respect him but I do not agree with his statement, he does not take into consideration the millions of people using Hikvision and Dahua in their homes. People who do not have the means to protect themselves from easily compromised security devices.
The Tyco specifier is literally triple downing with yet another re-post of his LinkedIn post on LinkedIn, emphasizing the support he is getting:
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.