Hikvision Hacking And Chinese Province Warning

[IPVM Update: Full post now here: Hikvision Hacking Scandal]

Read a news about HiKVision DVRs vulnerable to remote wipe of surveillance footage..

The Public Security Department under the provincial government of Jiangsu, China announced an urgent report of Hikvision IP systematic flaw on 27th of Feb, 2015.

The reports says, Hikvision IP products have fatal flaws in security, the city surveillance system of Public Security Organs at all levels is hacked by IP address from abroad. The reports is proved to be true on 28th, thus hundreds of thousands of Hikvision IP products are involved in the Scandal because Hikvision takes a big part of the whole Safe City Construction Project in China.

Login to read this IPVM discussion.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

******, ****** *** *******.

** *** **** * **** ** **** ******? * ***'* find ** *** *** ******** *** ***** ******** **** ***** missing ******.

* **** **** ********* **** ** ********* ** *** *** comment.

*********** *********.

*. *** ******** **** ** * ****** ***. *'* *** so **** **** ********* ** "*** ****".

*. *** *** ********** ******** ** *** **** *** ****** under "*** ********"? * ****** ** * ***** *** * don't ********** **** **** *** ****** ** ***. **** ***** like "****** *********" ****** ** ****...

*** *** ********** ******** ** *** **** *** ******?

"*****" *** "******"

*** **** ***** ** *** **** ***** ** *** ** quote ("****** ******** ******"), ***** *** *** * *** ****** to ******. ****, * ********* ***** ********** * *****, ** *'* ******** **** ** *** ********.

** *** ********* *******, ***** *** * ***** ******** (****: only ** *** ******* ******* **** **** * **** *****).

**** ***** **** ******** ***(****** ********* ******* *******). *** ******** (****** **********):

  • "******* ******** ******** ********* ****** ***** **** **** ** *** Internet ********* ********* *** ** *** ******* ** **** ********* (weak *********, ********* *** ******* ******** ** *** *** ******* or ***** ****** *********, **** ** ******,****** ** ******* ******* monitoring, *****, ***. ), *** ******"
  • "*****, *** ******* ** *** ******** ***********, *** ****** **** be ** **** ** ****** *******.******* *** ******* ** ***** *** ******'* **** **** *** password, *** ********* *** ****** ****, *** ****** ** **** hostage ** *** ***** ******, ******** ****** ***** ******* *******."

****:********* * ******** ** *** **** ***** ** ***** **** ~80 ******* ******.

**, ** ********* *****, *** **** ** *** *** *** the **** **** * ******* ******** (*) **** ** ************ and (*) *** ****** **** *** ******** ********, ********* *** seriousness ** **** *************.

* **** ** ******** **** ********* ******** ** *** ** I *** ***** ******** **** *** **** ****** ****.

*. ******** ******** * **** ** **'* ****** **** ********* equipment *** **** **** **** *** **** *** ********** ** fix ** ****, **** **** *** *** **** ** ******* weak ******** ** *** *******'* **** (**** **** ****** ********** issue)

*. **** ********* ********* **** *******' ***** ** ***** *** they **** **** ** *** ** ****, ********* ********* **** is ******* *** **** ******** *** *** ******* *** **** buffer **** *****.

*. **** **** (***** **** ***** ************) **** **** ** is *** ******* **** ******** (********** *****), **'* * ******* itself ***(**** ****** ***********) *** **** * **** ** **** this.

*.********* **** ******* ***, **** **** ***** *** **** ****** over ***** ** **** *** ******* * *** ** ***** the **, ** *** **'* ******.

*. ***** ********' ***** ********** *** **** ******* **** **** give ******* ******* ** **** *****.

That's *** , ** ******* ** *** **** ** * ** *** **** *** ***** ** ***** ** *** ** ** *** *****.

*, ***** ***.

*********'* ***** ******* *** **** ******, ** * ********* *****. See *********** **** ****.

**** ***** ** * *** **** *******, *** ******** **** happens **** ** ******* ******* (*.*., **** ** **** ************ ***** *** *** ********* **** *** ****** ****** **, ***.)

*** ***** ******* ****,**** *** ***** ****** ******* *** ********* *******.

**** **** *** ****:********* ******* *******