Today, in LA, Hikvision hosted its first cybersecurity road show in the USA:
Inside, we share feedback, good and bad from the show.
Feedback From The Hikvision Cybersecurity Road Show Kickoff
Brandon Knutson
Mar 27, 2018That sign is hilarious. No recording devices allowed for the protection of the attendees? If recording devices are that dangerous, why does Hikvision manufacture them? Ya, I'm being funny and not at the same time.
That sign was obviously done so Hik could control the outcome of their damage control road show without those meddling kids at IPVM.
JH
John Honovich
Mar 27, 2018Good - Chuck Davis. Davis was polished, knowledgeable and passionate about cybersecurity.
Mixed - The presentation was heavy on basics and the theme that everything has cybersecurity vulnerabilities (e.g., Microsoft) and that therefore Hikvision is just like everyone else.
A slide showing A*** and D****, contrasting to Axis and Dahua, made the case that Hikvision was better than them.
Hikvision becoming a CVE Numbering Authority to report their vulnerabilities was cited as another validation.
Bad - Attendance was quite poor with only ~60 attendees, even including Hikvision's many employees in attendance.
When someone in the audience asked about getting OEM firmware updates for vulnerabilities, Hikvision VP Jeremy Howard noted that it depended on the contract and how much they spend, which undermined Davis emphasis on cybersecurity.
There was no discussion about the Chinese government nor any impact of Hikvision being controlled by the Chinese government.
U
Undisclosed #3
Mar 28, 2018Hikvision becoming a CVE Numbering Authority to report their vulnerabilities was cited as another validation.
I saw that a couple of weeks ago. My first thought was "Hikvision must be planning to have a LOT of new CVE's if they feel it is worthwhile to be an NA".
bm
bashis mcw
Mar 28, 2018Maybe HIK will be 'the' central POC of CVE NA for all CCTV vulnerabilities? ;)
bm
bashis mcw
Mar 28, 2018Mixed - The presentation was heavy on basics and the theme that everything has cybersecurity vulnerabilities (e.g., Microsoft) and that therefore Hikvision is just like everyone else.
Actually more or less true statement.
JH
John Honovich
Mar 28, 2018The statement itself is true, much like the statement 'everyone makes mistakes' is true but it's also misleading since their underlying point is to say that everyone is the same.
bm
bashis mcw
Mar 28, 2018I don't find it misleading, it's facts - all manufactures, regardless industry suffer of same mistakes, in one way or another.
The main points are, 1) how can the manufacture minimise the 'mistakes' (education/punishments.. etc?), 2) How will the manufacture own the vulnerability of the mistakes(s)?
Mistakes will be made - and it's there - simple facts, and no escape from that.
(I don't eve recall how many times i've said same thing here on IPVM, but maybe in different wordings)
JH
John Honovich
Mar 28, 2018Mistakes will be made but as in any domain, the amount and severity of mistakes will vary.
Also, there is the other factor of whether these things are mistakes or are done maliciously.
Thoughts?
bm
bashis mcw
Mar 28, 2018I thought we was now talking about vulnerabilities, not backdoors... backdoors are NOT vulnerabilities. period.
BTW, good example how to own vulnerabilities;
Today I saw +30 advisories from Cisco, all with CVE, reported by Cisco itself.
How about that Hik/Dahua/Geovision/XM/Axis/TVT/Avtech/whatever?
JH
John Honovich
Mar 27, 2018
One myth, ironically, is their claim about 'great turnout', even their own marketing image shows mostly empty seats:
That's a lot of money and time to spend for such a poor turnout.
U
Undisclosed #2
Mar 27, 2018UE
Undisclosed End User #1
Mar 27, 2018This "event" follows Hik's philosophy... If you spend a ton of money and say it's great... it's gotta be great, regardless of the truth!
Sean Patton
Mar 27, 2018Isn't that the opposite of their philosophy? "Why spend so much for A*** or A****** or H***** cameras, when ours are better and cost less money?"
UE
Undisclosed End User #1
Mar 28, 2018Sean, you are totally correct, but I was just speaking to their never ending marketing and outreach spending.
New discussion
Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.
Newest discussions