Ok, Sean, here you go. You have your platform. Now make your case.
I'll start by countering. We have plenty of tests on Hikvision such as Hikvision NVR 4.0 Tested, Hikvision IR Bullet Camera Shootout, Hikvision NVR Load Testing.
You can define what 'scandal based reporting' is. Let's just keep in mind:
If this thread is going to gain any life someone is going to have to find an example of IPVM making a scandalous and factually questionable statement. Showing the exploit once it was in the public realm is actually not much of a big deal (once an exploit is out on the web anyone with bad intent can find it) and the maps of the exploited cameras is just a graphic representation showing the scale of the problem.
From what I've seen there are more examples of HIK making scandalous statements -
Staying mute on product vulnerabilities and then stating that "Security vulnerabilities are a PR problem"
Denying state ownership
Denying that there was a back door until it was exposed
My opinion is that if they are proclaiming themselves to be a market leader and then failing every test of transparency on their products that makes them fair game for the odd scandalous headline. Can anyone suggest another manufacturer who has acted this way?
ISC should have a Tug of War this year.
First round: Hikvision vs. IPVM!!
In my opinion, I do not believe that IPVM is trying to garner more subscriptions in their reporting. However, I do believe that some of their reporting is not accurate and needs better vetting. That said, IPVM has the amount of members that they have for a reason.
Jeffrey Zwirn, President, Zwirn Cooperation
Regardless of which company is involved, shouldn't serious security flaws in any security equipment be touted from the highest mountain top?? Broadcast loud and clear to all who need to know??
Shouldn't WE as security professionals WANT 'scandals' bought to light and made public for all to see?
Speaking only for myself, if it takes a good roasting in the media (ie; emotive headlines and lots of publicity) to force the manufacturer of any product to step up, admit the vulnerability and FIX it, then I say, Roast ON!
Far better that, than having vulnerabilities left un-patched and potential breaches left exposed in important facilities.
If the manufacturer acknowledges things and fixes vulnerabilities without the media storm, all well and good. You can report a "we found this and Company X immediately acknowledged the issue and has released a new firmware which can be downloaded from their website" - but if they won't acknowledge the issue, then.... *shrug*
As far as HikVision is concerned, full disclosure - I use their products. And not just at work, but also for my own house.
I also make sure I'm patched and firewalled and VLAN'd and secured as much as my IT prowess will allow. Not BECAUSE I'm running HikVision, but because it's bloody good sense to do so, regardless of the product!
It should also be mentioned that IPVM had most of their recent "scandal" articles as "no subscription required" to view them, so - you know - hardly forcing membership down peoples throats!
ControlByNet Cloud Surveillance | 01/24/18 01:37pm
This isn't difficult. IPVM is partial reporting, partial mkting pundit and partial knowledgebase. That is a good thing and as a paying customer I'm ok with all of it (although there has been a little more self promotion from some subscribers recently but that's probably ok also).
The top guy is a camera slammer...cheaper and higher margin the better. They've been around forever and I'm ok with it! If the customers pay for it then oh well. Customer service is less important than high volume, alarms are often the same way.
Cameras are a get-what-you-pay-for-it product. All the cheap cameras have issues, but some that will never be noticeable to a home user or small business user. The higher priced ones usually have much more features but may not be of value. Just because they come from China doesn't mean they're cheap, they often lack in other items.
We cloud-host Dahua, Hikvision, Panasonic, Sony but 90% are Axis. Axis is a much better bandwidth-controlled camera (and plug-and-play option) and it servers our type of customers much better. Yes there are differences and we know them all.
Both the camera-slammer and IPVM are for-profit and that's great as well. They'll both keep ticking just fine.
As a new subscriber to IPVM I can tell you that what my experience has been. I enjoy most of the content produced by John and team, but I've found there to be a very obvious bias against Hik in everything I read here.
When I read some of the articles about Hik's flaws, I think "Well that was dumb of Hik. Sounds like they need better QA."
I'm reminded of that old saying "Don't attribute to malice, what can easily be attributed to stupidity."
Based on comments in articles I've read, it seems that many members do believe that Hik is working hand-in-hand with the Chinese government; and IPVM moderators don't do much to temper those feelings. It's easy to see why people would so easily believe that. Just look at what's happening in US politics and their own government surveillance!
In the end, it's pretty easy to put a packet sniffer on a Hik camera and see what it's trying to send out. I haven't seen an article about that, and I'd love to. We've done some testing ourselves, but not comprehensively.
In closing, I appreciate the info I get from IPVM, but I don't expect article authors to behave like journalists. Credentialed reporters at official news agencies report on the facts and leave the opinions for the editorial column. I think of IPVM is the editorial section of the newspaper.
The easiest way would be ask subscribers, just create a poll on a main page:
- IPVM is biased when it's about Hikvision
- IPVM is impartial