If you thought that the most outrageous behavior would be to ship tens of millions of cameras with a magic string backdoor so easy a 5 year old could exploit it, you would be wrong, according to Hikvision NA CEO Jeffrey He.
The truly most outrageous behavior, according to Hikvision, was IPVM releasing an 84 second video demonstrating how their backdoor worked, embedded below:
Jeffrey He declared:
I must point out that there are misperceptions about Hikvision. These misperceptions were intentionally spurred by a single source which misleads our community on the real risks we are all facing. That third party is here to distract from combatting criminal and terrorist activities which should be the main focus of the security industry. Even worse, that third party provided step-by-step video tutorials on how to hack vital security equipment on the end-user premises. This is the most outrageous behavior I have seen in my 27 years in the global security industry. [emphasis added]
Jeffrey is embarrassed, it is understandable. What can he say? Another 'coding error' by 1 'bad' engineer out of their claimed 10,000 'engineers'?
It is much easier to place blame on others than to fix their underlying engineering problems or, worse, their ownership and control by the Chinese government.
Why the video?
- To show Hikvision backdoor's insertion was no 'coding error.'
- To show how severe the risk was of the backdoor, given its ease of exploit.
- To leverage the instructions that were already distributed globally to hackers and researchers.
- To educate our industry about these problems in an extremely quick, visual manner.
The fact that the video was only 84 seconds shows how badly and simple to exploit the backdoor is.
If Hikvision wants to complain that they are the victims of outrageous behavior, fine by us. It will, though, keep it in public conscious and do nothing to solve Hikvision's actual problems.