Chinese Government Owns Hikvision - Impact On Buying Hikvision Products?

JH
John Honovich
Jan 14, 2016
IPVM
UI
Undisclosed Integrator #1
Jan 24, 2016

There is no much possibility for separate integrators to go against main stream. Here we see that Hikvision is devaluating the surveillance market, but they also keep quality up. From the end customer’s perspective, it is only good. Maybe it is just normal to have lower price equipment in this highly efficient production era?

Of course, western manufacturers are hurt by such an invasion, but can they really deliver something so much more that justifies the higher price? Is it really only financial manipulation that Hikvison does, or it is more a decision to accept less profit than westerners are used to?

What about this cyber security issue? As I know it was solved. Can any technical specialist explaine if it is possible, that manufacturer can intentionally create “secret passage” in the firmware to sneak in unnoticed to do spying?

AR
Austin Rich
Jan 24, 2016

Well, how would someone get in for the scenario you are proposing? What are the possible attack vectors of a breach? Most of the customers I have worked with have isolated the cameras on a separate network or VLAN. The VMS and servers are usually third party and the only possible point of entry into the separate network. Even then, this is usually in a DMZ.

JH
John Honovich
Jan 24, 2016
IPVM

Many devices 'phone home' whether it is Axis AVHS or Hikvision Ezviz, etc.

Avatar
Mark Nay
Jan 24, 2016

Its too bad customers would rather 'save money' and expose themselves to breaches by the Chinese govt that is well documented in the Networking environment, hacks into US govt and commercial businesses.

Sure Hikvision can accept lower or no profit if they are being compensated by the Communist Party.

Avatar
Mark Nay
Jan 24, 2016

Should have had a vote for 'Never bought and will not buy'

(2)
Avatar
Oleksiy Zayonchkovskyy
Feb 14, 2016
IPVMU Certified

Hello guys,

"Governmenting" directly or indirectly profitable security related companies is a great trend now. There were several big enough scandals during last few years around well-known first line brands like Cisco, Microsoft, Fortinet and others about "not securing systems" intentionally. Why China can't do that? China just decided to take part in a silent cyber war like other high developed countries.

As for possibilities of attacks: they are many and can be divided into two major groups

1) Backdoor surveillance (attack on data the camera produce)

2) Denial of service attack on the camera itself...

As for the breach opportunities:

Of course preconfigured firmware with undocumented functions... Like Fortinet said "yes we know that our firewalls (!) had undisclosed root level service account for several years but we fixed it :-)". Such reply from the vendor sounds like "oops... sorry, we can access you perimeter any time we want, but it's O.K".

As for the isolated network - it all transfers to physical security... I don't know how it is in US but in CIS world very small amount of isolated networks for surveillance implement network based access control like 802.1x... thus any device can be plugged into the network without any notice. Such device can be portable access point or even SAT modem to allow all devices to get commands from virtually anywhere and as John has said "phone home" when needed.

And as everybody understand "the time when needed" will be used just once, cause few major incidents can lead sales to complete zero. And this one time is probably a start of a war...

If we can not take control and get data we still can make a DoS attack. Like sending a virus to activate self erasure and reboot. This will be enough to make a country blind for several days.

To sum up I think that each country should buy homemade surveillance if possible, cause the general scenario can be implemented by virtually any vendor. (no offense)

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions