Subscriber Discussion

Hikvision Hacking And Chinese Province Warning

Avatar
DILEEP LAL
Mar 01, 2015
IPVMU Certified

[IPVM Update: Full post now here: Hikvision Hacking Scandal]

Read a news about HiKVision DVRs vulnerable to remote wipe of surveillance footage..

The Public Security Department under the provincial government of Jiangsu, China announced an urgent report of Hikvision IP systematic flaw on 27th of Feb, 2015.

The reports says, Hikvision IP products have fatal flaws in security, the city surveillance system of Public Security Organs at all levels is hacked by IP address from abroad. The reports is proved to be true on 28th, thus hundreds of thousands of Hikvision IP products are involved in the Scandal because Hikvision takes a big part of the whole Safe City Construction Project in China.

(2)
JH
John Honovich
Mar 01, 2015
IPVM

Dileep, thanks for sharing.

Do you have a link to that report? I can't find it yet but googling for China domestic news often missing things.

I have also forwarded this to Hikvision to ask for comment.

U
Undisclosed #1
Mar 01, 2015
IPVMU Certified
In reply to John Honovich

New response to old news.

(1)
UM
Undisclosed Manufacturer #2
Mar 01, 2015
In reply to Undisclosed #1

1. The original news is 3 months old. I'm not so sure this qualifies as "Old news".

2. Did you understand anything of the link you posted under "new response"? I reread it 3 times and I don't understand what they are trying to say. This looks like "Google Translate" posted as news...

U
Undisclosed #1
Mar 01, 2015
IPVMU Certified
In reply to Undisclosed Manufacturer #2

Did you understand anything of the link you posted?

"admin" and "123456"

the rest seems on the same level as the OP quote ("public security organs"), which was all I was trying to source. Also, I read Dahua press releases as a hobby, so I'm somewhat used to the language.

JH
John Honovich
Mar 01, 2015
IPVM

On the Hikvision website, there are 2 press releases (note: only on the Chinese version from what I have found).

Here is the more detailed one (google translate English version). Key excerpts (google translated):

  • "Jiangsu Province Internet Emergency Center found that some on the Internet Hikvision equipment due to the problem of weak passwords (weak passwords, including the initial password to use the product or other simple passwords, such as 123456,888888 by network traffic monitoring, admin, etc. ), was hacked"
  • "First, all exposed in the Internet environment, the device will be at risk of hacker attacks. Hackers use viruses to crack the device's user name and password, and implanted the script file, the device is held hostage by the virus source, scanning attack other network devices."

Note: Jiangsu is a province on the East coast of China with ~80 million people.

So, as described above, the risk is not new but the fact that a Chinese province (1) made an announcement and (2) are saying they are actually infected, increases the seriousness of this significantly.

I will be speaking with Hikvision tomorrow to see if I can learn anything else and will report back.

UE
Undisclosed End User #3
Mar 02, 2015
In reply to John Honovich

1. Jiangshu released a copy to it's branch that Hikvision equipment has some hack risk and need all department to fix it ASAP, NOTE they not say this is because weak password or the product's bugs (like RTSP Buffer overfilled issue)

2. Then Hikvision announced that Jiangsu' claim is truth and they will help to fix it ASAP, Hikvision emphasise this is because the weak password and not mention the RTSP buffer over issue.

3. Some guys (maybe from other manuafacture) said that it is not because weak password (management issue), it's a product itself bug(RTSP buffer overfilledl) and make a test to show this.

4.Hikvision then claimed yes, they ever found the RTSP buffer over issue in 2014 and release a fix to solve the FW, so now it's solved.

5. Today Hikvison' stock Suspension and they claimed they will give further explain on this issue.

That's all , my english is not good so i am not sure the above is clear to you or to the truth.

(3)
JH
John Honovich
Mar 02, 2015
IPVM
In reply to Undisclosed End User #3

C, thank you.

U
Undisclosed #1
Mar 02, 2015
IPVMU Certified

Chinese Surveillance Camera Supplier Confirms Hacking Loophole

JH
John Honovich
Mar 02, 2015
IPVM

Hikvision's stock trading has been halted, as C mentioned above. See this Chinese news link.

This makes it a lot more serious, and critical what happens when it resumes trading (i.e., does it dive like Avigilon after the CFO debacle or does the market ignore it, etc.)

For those wanting more, here are Baidu search results for Hikvision scandal.

JH
John Honovich
Mar 03, 2015
IPVM

Full post now here: Hikvision Hacking Scandal

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions