There is no much possibility for separate integrators to go against main stream. Here we see that Hikvision is devaluating the surveillance market, but they also keep quality up. From the end customer’s perspective, it is only good. Maybe it is just normal to have lower price equipment in this highly efficient production era?
Of course, western manufacturers are hurt by such an invasion, but can they really deliver something so much more that justifies the higher price? Is it really only financial manipulation that Hikvison does, or it is more a decision to accept less profit than westerners are used to?
What about this cyber security issue? As I know it was solved. Can any technical specialist explaine if it is possible, that manufacturer can intentionally create “secret passage” in the firmware to sneak in unnoticed to do spying?
Its too bad customers would rather 'save money' and expose themselves to breaches by the Chinese govt that is well documented in the Networking environment, hacks into US govt and commercial businesses.
Sure Hikvision can accept lower or no profit if they are being compensated by the Communist Party.
Should have had a vote for 'Never bought and will not buy'
IPVMU Certified | 02/14/16 01:20pm
"Governmenting" directly or indirectly profitable security related companies is a great trend now. There were several big enough scandals during last few years around well-known first line brands like Cisco, Microsoft, Fortinet and others about "not securing systems" intentionally. Why China can't do that? China just decided to take part in a silent cyber war like other high developed countries.
As for possibilities of attacks: they are many and can be divided into two major groups
1) Backdoor surveillance (attack on data the camera produce)
2) Denial of service attack on the camera itself...
As for the breach opportunities:
Of course preconfigured firmware with undocumented functions... Like Fortinet said "yes we know that our firewalls (!) had undisclosed root level service account for several years but we fixed it :-)". Such reply from the vendor sounds like "oops... sorry, we can access you perimeter any time we want, but it's O.K".
As for the isolated network - it all transfers to physical security... I don't know how it is in US but in CIS world very small amount of isolated networks for surveillance implement network based access control like 802.1x... thus any device can be plugged into the network without any notice. Such device can be portable access point or even SAT modem to allow all devices to get commands from virtually anywhere and as John has said "phone home" when needed.
And as everybody understand "the time when needed" will be used just once, cause few major incidents can lead sales to complete zero. And this one time is probably a start of a war...
If we can not take control and get data we still can make a DoS attack. Like sending a virus to activate self erasure and reboot. This will be enough to make a country blind for several days.
To sum up I think that each country should buy homemade surveillance if possible, cause the general scenario can be implemented by virtually any vendor. (no offense)