Hikvision Favorability Results 2019

IT
IPVM Team
Published Mar 18, 2019 13:16 PM

Hikvision favorability results declined significantly in IPVM's 2019 study of 200+ integrators. While in 2017 Hikvision's favorability was polarized, now Hikvision's net unfavorability is clear, as the summary results below show:

In this note, we share 100+ selected comments spanning negative, neutral and positive feedback arranged from most prominent to least prominent. Comments fell into the following main themes:

NEGATIVE

  • Chinese government ownership / cybersecurity concerns
  • Quality problems
  • Security flaws
  • Do not trust

NEUTRAL

  • Product just ok, cheap, hard to install, support problems
  • Neutral but mentions China / cybersecurity concerns

POSITIVE

  • Good product, good price and easy to use
  • Positive but mentions China / cybersecurity concerns

US ** ***-** ***********

** ********** ********* **** ******* **** negative **** ***-** ***********, **** **, US **** ******* ***** ** ***** than *** ******* ******* ****** ***** non-US ******* ***** ** ******. ** estimate **** ***-** ********** ********* ***** have **** *** ******* (*.*., ******** roughly ***** ** ********).

*********

******** ****** *******, ************ ********** ********* *******, ** ** points, ********* ****** ** * ***** downtward ** ******** ********* ******* *** company ** *** ********** ***** *****:

********

Chinese ********** ********

*** **** ****** ******** ********** ******** was **************'* ******* ********** *********:

  • "****** ****** ***** ************ ** ***** government."
  • "******* **** *** *******."
  • "******* ********** *********, **** **** *******."
  • "**** ** *****. ******* ************* ** security ******* **** **** *** *** well **** **. **** ** **% of *** ********** ******** ***** ******* government ****** *** *****, * ***** can't ***** ****** ** **** *** risk."
  • "*** ***** ***** ** *** ** my *******. *** *** **** *** reason ***, ********* ***** **********, *********, poor *************. ***’* *** ****** *** race ** *** ******."
  • "******* ****, ******'* **** ****** *** ban ********** ***** *** **** ***** the ***."
  • "****. *** * *** *** ** the ********* ***** ** *** *****... or ***** **********."
  • "******* *****. ******* *** ******* ******."
  • "***** ** *** ******* **********, *** made ** *** ***. *** ***** for **** ** ** *******."
  • "******* ***** ************ **** ******** *********** cybersecurity *****."
  • "* ******* **********. * ******* *** Chinese ********** **** ****!"
  • "******* ******** ********. ******* ** ********** opportunity."
  • "****** ******** ********** **** ***** *** completely ******* ** *** *********."
  • "****, **** *** * ***? **** is * ****** ******* **** ********* for *** ******* ****** ******."

******** *****

******** ****** *********** **** ***** *** company's ******** *****:

  • "******** ******!"
  • "******** ******."
  • "* ******* *** **** **** ************* of ********* ************ *******."
  • "* ******* *** **** *** ***** products ** *** ** ****** *** intentionally ***** ******** *********."
  • "********* *** ***** ******** ****** *** a *** *******. **** *** ***** race ** *** ****** ********* ** well."
  • "********* ******** **** ******** *** *******."
  • "***** ************, ***** *** ********* *********, predatory ******* *********** *** ********* *** value ** *** ********. * ***** they ****** * *** **** (**** hearsay)."
  • "********* ** ** ** ********** **** cheap, ********** *******. *** **** ***** websites **** *** *** **** ******* Hikvision, *** *****, *** **** *** your *********** ****. ****'** * ******** product **** ******** *** ********/ ****."
  • "*** ******!"
  • "******** - ******** ******."

***'* *****

******* ** ********** ********* *** ******** problems *** **** *********** *** ******** Hikvision:

  • "** ***'* *** **** ******* ** don't ***** ********* **** *** ******** of *** *********."
  • "**** **** ** * **** ** say? *** ** ***** ****?"
  • "*****'* ****** ******* **** **** *******. A *** ** ********* ********. ******* to *****. ********* ** **** ***** tells *** *** *** *** **** eventually ***** ** ** *******."
  • "***'* ***** ****."
  • "*** ******* **** *****'* ***** ** flaws ** ***** ******** ** *** worth ***** ******** ****."
  • "******* **** *********** *** ****** *************."
  • "**** *****! **** ****!"
  • "************* ********** **** * ***** ****** that ****** *** ******."
  • "**** *** ***** *** ** ******** hacking ** *** ******* *** ***** secretive."
  • "***’* *****."

********* *** **** ******* *** ********* about *** ******* ********** ********* ** the ******** ** *** **** ***** *****, *** ******* ********** *** admitted ** ****.

Lack ** *******

*******, **** *********** ****** ******** ***** Hikvision ******* ******* ********:

  • "****** ****** ** **** ***** ********. On *** ***** ****, **** *** Chines *************, *** **** ** *******, very *** **, ******** ******, **** production **** *** **** ******** ********** emerging, **** ** ***********,**** **** ***** ***** ******* **** me **** ** *** **** ** even *********** ******* **** ****."
  • "***** **. ******* ** **** *******, dome *******, * *** ** ** leak. *** ******* ** *** *****. Bad ********** **** * ***** ******. Many ******* *********, *****, ** ******* changed *** ** *** * *** of **** *** **. ** **** not *** ********* *******."
  • "**** ****** ** *********. ***** *** cheaper ******* **** ******* ******-******* **********."
  • "*** *******, ***-********* ******* ****. ********* has **** **** ** **** *** industry **** *** ***** ************. ** were ******** **** *** *** *** signed **** ***."
  • "* ***'* **** ***** ******** *** camera *********. **** ******* *** **** to ***."
  • "************ *******, *** ****** ****** **-***** the ***** ******. ******** ***** ******* espionage."
  • "******? *** ***** ******* **** ****?"
  • "***** ****. ** ***'* **** ** and **** ******* *** ** ** from *** ******."
  • "******** *******, ********, *** ******** *******. Worst ***** ******* ** *********. *** price ***** ** **** * ********* of *** *** ** *** *******."
  • "*******: ******** ***** *** ***** *******."

*******

***** ***** *******, *** **** ****** theme *** **** *** ******* *** ok *** **** **** ********, ** the ********** ***** *****:

  • "********* *** **** **** ***** **** share ** ****** - *** **** have *********** ** ******** ****** ** the ******** *** ********** ** **** the ***** ** * [**] ********* thinks - *** ***** ********** *** doesn't **** **. ****** ****** (****) and **** ********* ***. **** *** improving *** *** **** *** ***** lack *** ********* ******* ** ***** of * ********** ********* *******. ***** all, ***** ***** ******** ****** ** more ****** **** ****** *********** **** the ******* ****** **** **** *** been ********. ** ***** ** ***-**, they **** * ******* *** ** a ****** ***-** ******* *** ***, NVR, *** ****** **** ** ********* neither ********** *** ****."
  • "**** *** * **** *** ***** of ********. ** **** ***** ******* for *** *** ******* *** ** some ***** ******* ************* ***** ***** priced ********. ***** ** *** **** problems. ***** ** ***** **** *** quality ** ***** ******* ******."
  • "**** **** **** *********** ******** ** the *** ***** (***** ***, ****-*** bullet), **** ***** ******* *** ********** price. ******* *** ********* ** ******* (why **** ** ********* ****** ** dome *******), **** ** ****** **** low/medium/high-end. ****** ***** ******** ********. ******** should ******* ** **** ** **** release ***** **** **** ** *** if ** **** ******** ****** *** issue."
  • "*** * *** ** ***** ******* but **** ** ****** *** ** price. *** ****** *** **** **** support ***** ******** ***** **** ***** camera ** ******** ******* **** **** no **** ***** *** ** *** specialty ******** **** ****...**** *** ******* I *** * ********* ******* **** 4 ********* *****. ***** ******** ** pretty ********. ***** *** * ******** not ******** ***** ** *** **** basic ********* ****** **** ** **** should. *** **** ******* ******** **** I ****** *****. **** ** **** wasted ** ** ******** ** ***** new ******* *** ****. ******** ******* for * ********* ******* ** ****."
  • "*** ********** ** ******* *** **** mobile *********** *** *** *** ** easily **********."
  • "** **** ****** *** ********* **** cameras. *******, *** ***** ******* ** good *** *** ******* *** *** practical ** ******* **** * ****** harness **** ** *** ***** *** not ****. *** ****** ** *** models *** *** ******** ******* *** different ******* ***** *** ****** *** suitable ******** ***********. ** *** **** for ***** ************* ** * *** price."
  • "***** ******* ******* **** ** ********."
  • "****** *** ***** ****. *** **** intuitive."
  •  "*** *** ********** ** *****. ******** are, ** ** *******, *** *** best. *** ******* ** *** ******** could ** ******."
  •  "***'* *** **. ******* *********. *******, my ********** ** *** **** **** the ******** ** ****-*** ***** ****** competitors."
  • "** ***** ***** ***** *** **** some ****** ** ***** ******* ******** down."
  • "******* ***** *** **** *******, *** have * **** ******* ****."
  • "***** *** *********** ****. ******** ********, customers **** *** **** ******** **** to ***. *** ******** ** *** this ** **** *** ********** **** screwing ***** ***** ***********."
  • "** *** **** * ***. *** really * *** ** **** *** if *** ***. ******* ** ****** the ****** *** ** ***. *** picture ** *** *** **** ***. I dislike *** ********. ***** *******."
  • "**** ***** *****, **** ******* *******, support ** ***** *******, *** ******* not ***."
  • "**** *** **** **** ***. *** just **** ** **** **** ***** in. ** ***’* *** **** *** I *** ***** **** *** **."
  • "**** ****** *********. *** * *** of ********* ********."
  • "* **** ***** ** ****, *** many **** ******** ** *** **** what ** ****. ******* ***** ********** and *** ********."
  • "** ** ********* ********* *** ******* projects ***** ******* ** *** **** concern. ** ** *** ****** ******* their ******** *** **** *** **** when ** ** *** ******* ******."
  • "******* *** **** ***** *** ********** reliable. ***** *** ** **** *** client ******** ** ********* ********. *** UI ** *** **** ** ***."

***** ******* ********** ********:

  • "**** ****** ** ***** *********--****** **** western *************. ******* ****/******** **** ** cybersecurity. ******* ********* ***** ***** *** don't ***** ** ** * *** fail."
  • "****: **** *******, ****** ***********, ******* available, ***** *********, **** *******. *******: Negative ************ ********** **** ***** ******* products ***** ********* **** ******* **** as * ****** ** ***** ****************. **********, * ***'* **** ***** we *** ******** *** ***** **** called ** * ****** ** ******** security ** * ************* *** ******** tariffs ** ***** *** ********. ** doesn't ****** ****** ** *** **** require ********** *** **** ********* **** ********* customers *** ****** ** ***** *** & *******."
  • "** ********* ******* ******* ********, *** we **** ** ***** **** ********* conquered *** ******** ******. *** ***** cameras *** ****, **** **** ***** quality, **** ** **** **** ******** and *** ***************** (*** ******* ***, *** ******* low *****, *** ******* *********** *** a ******* ********** ** * **** image ******** *********.) ************ ******* *** good, *** **** *** *** ** cheap ** ******** - ** ****** choose * **** ******** ***** ** possible. *********** ************ *********, ** ** long *********, ********* ** *** ******* CCTV *****. * *** ********** ** cameras **** ** ******* *** ********* low **** *******. ** ***'* **** VMS, ***** **** **** * *** software. ** *********** * *** ** problems **** **** ** ******** & firmware *** ** ****** ** * lot ** ****** ****, ******** **** security *** ***** ****** ** ***** and ****** ******** *** **** *** when ********* ******* **** ******."
  • "**** *** **, *** ** **** the ***** ******* ****, *********/******** * let-down *** **** ************ *****-******** ******** overall **********, ** **** *** **** on **** ******/****** **** ********."
  • "***** *** *** *** ** ***********, higher-end ******* *** *** ****** **** against ***********. ******** ***** ******** *** VMS *******."
  • "* **** *** *** **** ******* I ***** **** * ****** **** I ****... *** *** *** *** who *** ******* *** * *** dollar *** ****** ** *** **** if ***** ** ********."
  • "****** *********** *** *** ***** ** exceptional, *** *** ******** ***** **** cybersecurity *** **** **** * **** palatable ****** *** **. ** **** to **** **** **** ****** ****** to."
  • "******* *** **, *** ** *******, Cybersecurity *** ***** *** *****."
  • "***** ******** ******* **** ***** *** really ***'* **** *** *** ********* baggage **** ***** **** *********."
  • "**** ****** *****, **** ******* ******, good ***** *** **** ************* *** reliability ****** ****** ***'*."
  • "**’* **** ***** - ***** *** effective *** *** ***** *** ** the ******. ** *** * *****. The ********** *********** *** **** ** security ** * ******* *** ***** we **** *** *** *** ****** specifically ** ******** ****** ** ********."
  • "**** * *** ** ******* ****** from * *** ** *** **** tests. ******* ******** ***."
  • "**** **** ********* & **** ***** quality ******** **** **** **** ****** such ** *** ** ********** ***, cybersecurity ***."
  • "******* ***** ** **** ** ************* Division *** ****** * ******** **** the ***** *********."
  • "** **** ***** ********* *********, *** the ******** * **** ** **** it ***** **** *** ** * good ***** ********. ** **** ***** wanted *** ********* ** ****** * lot ** ** *** ** *** field. ** ***** **** ***** ***** be * ****** ********** ** ******* and * ****** ****** ** *** publicity ****** **** ***** *** ********."
  • "****** ****** ** **** *** ***** and *******-**** ********. ***'* **** **** they *** ***** ** *** ******* - *** **** **** **** *** up **..."
  • "**** ******* *** *** *****. * really ******* *** **** **** *** Chinese ********** ********* **** ****. * try ** **** **** *** *** Internet ** ** ***** ****** ** customers ** *** ******** ****. * wish ***** *** * *.*. *********** at * ******* ***** *****."
  • "***** ******** ** ***** ******. *********** is ** **** ** ******. ********: political ******."
  • "******* ******** ****** *** **** ** have **** ******* ******* *** * camera ** **** ***** *** ****."
  • "***** ***, **** * ***, ** do **** *****, **** ***** *** they **** ** **** **** *** world!"

********

*** ******** **********, *** ***** *** good ******* ******** **** *** *******, as *** ******** ***** ********:

  • "**** *******. ***** **** * ***** of ********. *****."
  • "******* ** ***** ***** ** **** high. **** ***** * **** *********, to *** ***** ***** * ****** have ** ** ** ******* ************ to **** * **** *** *** my ******."
  • "********* & **** *****. **** ** absolute ***** ** *** ******* ********** spying ** ********** ************ *** *** effect ** ***. *'* ** **** concerned **** *** ************ *** ****** of **** **** ********, *****, *** Google ****."
  • "********* ** ***** ***** ** ** our **** ******* **** ***** ********* changes. ** *** **** ******* **** our ******* ***** *** ********* ****** involved **** ****** *********. **** *** OK **** **. **** *** ***. We **** ***** *** ** ****** with *********. ** **** *** **** minor ****** ****** ***** **** **** addressed *******. *** ** *** ** favorite ************ *** ** ******."
  • "******** *** ***** *******. **** *** making ***** ******* *******. * ***'* believe ******* ****** *********** *** ****, plus *** *****, *** *** ** spying ** ** *** ******* (*** government)."
  • "* ***** ********* *** ****** * lot ** *** ***** **** *** past *** ***** (************** **) - I *** ** - *** *** product ****** ** * ****** *******. Good ******* *** *** * **** in **** **** (** ***** *********) are ***** ******* ****. *** *******, I ***'* **** *** - *** product ** * ****** *******. *** we ***'* **** **."
  • "**** ** ***** ******* ** *** and ******* ***** ***** *** ***********. US *** **** *** ****** ** in ******."
  • "**** ******** ***** ***** ** ********** if ** *** *** *** *** cheep ********* *******. *** ***'* **** a $*,*** *** ** ****** * $500 ****. ******* ***** ** ***** IVMS ****** **** ** ***** ***. That ** **** ****** ** **** situations."
  • "**** ********, **** ** ******* *** configure."
  • "* **** ******** *** ** ******* on *********, * **** *** ******* to ** **** ******* *** ** a ***** ***** *****. * **** never **** *** ** ***** *** hard/software *** ******* *** ***** *** work ****. ********* ** *** *** of ** ****** ******* ******."
  • "**** ******* *** *** *****. ******* rich."
  • "******* ** **** *** ***** ******** support **** ** ******* ** ****** design *** *************."
  • "****** ************* *** *** ****** ****** many ****** ** *******."
  • "***** *******, **** *********. **** *** pleasant **. ***** ******* *** **** is **** **********."
  • "*** ***** ******** * *** *** understand **."
  • "****** ******** *** * *********** *****. Easy ** *****, **** *** ****** gets *** *** ****."
  • "***** ******* *** ********** *** *** price. **** ******* ****** ****** ******* they ***** **** *****, *** ****** don't **** ** *** ******. **** seem ** **** *****."
  • "**** **** *** *** **** *** small-mid **** *************."
  • "******* *** *** ***** ***'* ** beaten."
  • "**** **** *** ***** *************. **** is * *** ****."
  • "***** *******, *******, ** **** *** this ******* *** *** ****** *** is ** **** **** ***** ******"
  • "** ********* *** ********* ******** ** it ********* ******* ** **** ***** OEM *****. ** **** ********* *** to ******* ************, *******, *** ***** points."
  • "**** ******** **** ******* ********* *** have *** ********* *******, ********** **** the ***** ** ******** ** ******* older ****** ******* ** * ****-********* manner."
  • "********** ******* *** * ***** ****** of *******."
  • "*** ***** ***** ** *** ***-***** cameras ** **** ** *** ***** quality."

*******, **** **** ******** ********** ********* problems **** *** ******* ********** *********:

  • "**** *** *******, **** ** ******* and ***. *** ******* ********** ** an ***** *** **** *********."
  • "***** *** *********. ***’* **** *** price ***** *** ***- ** ******-***** customers ******* *********** ** **********. ******* is ****** ** *** **** *** to **** **** **** ********* *** overall ** * *******, * ***** say********. *** ** ** ******* ** high-security ************."
  • "**** **** *** *** **** *** I **** ******** **** **** *** disappear ** *** ** ******* ** their *********."
  • "******** ******** *****, **** ******** ** make *********** ******* **** ***** ***********."
  • "************* **'* ****** *****, **** **** even ****** ******* *****, ********* ** better ** ***** ** *** ****** of ***** *** *** ******** ** camera/Ezviz (******** ** ******** ** *****). But ** ******** ******* ***************** ** ***** * ********** ********* model **** *****. ****, ***** *** more ************ ** ********* ******** ** Dahua, ******* ** * ****** ******** model **** * ***** ***** ****'* all."

*******

********* ** ********* *********, **** **** challenges ********, ****** *** ********* ** the ** ********** *** ******** ** China's ******** *******.

** *** ***** ****, *** ******* is*** ******* (**** $* ******* ****** revenue), *** ****** ******* **** *** owner, *** ******* ********** *** ********* to ***** ***** ** *********.

********* **** ***** ****** ** ***** *** 2010's growth ** **%+ *** **** *** whether **** ****** ********** **** ******* down ** ****** ****** ******, ****** with ***** ******, ** * ******** into *******, ******* ** ** ****.

Comments (26)
Avatar
Sergio Guzman
Mar 18, 2019
Pine Crest School • IPVMU Certified

This is a big deal. This is showing the overall community is moving into security concerns over the dollar. Wonderful. As an I.T. guy, I appreciate this shift in attitude.

(11)
UM
Undisclosed Manufacturer #1
Mar 18, 2019
In reply to Sergio Guzman

Some would argue it is the IT guy that introduces security concerns for vulnerable products. It's not the vulnerable product's fault! 

(1)
(4)
(5)
U
Undisclosed #2
Mar 18, 2019
IPVMU Certified
In reply to Undisclosed Manufacturer #1

It's not the vulnerable product's fault!

bugs don’t compromise cameras, hackers do!

(1)
(6)
Avatar
Sergio Guzman
Mar 21, 2019
Pine Crest School • IPVMU Certified
In reply to Undisclosed Manufacturer #1

I disagree and agree with you.

It is our job to do the research in placing technology. There are various degrees that play into this. Most of us are not electrical engineers or programmers. Some of us run small businesses and do not have the time or resources to get into the special details of protecting our system without following the advice of top rated communities that provide best practices. My company has an SGO, but not everyone has that luxury to have a person dedicating their time to reading up on the latest policies.

Common factors to a Sysadmin Tier 2 would be disabling UNP, P2P,  Anonymous Visits, & SSH. You can isolate the Camera from ever using the internet. Great.

But that is not everyone. What happens when you trust a company like Hikvision and you decide you want your data on a cloud server? You're running a small warehouse and you only need 10 perimeter cameras could be easily hosted online. You've isolated your system physically or through some VPNs or VLANs, but you still need to broadcast outside.

Now you have a device that can be programmed to broadcast through various tunnels on a timer. The device is now inside your property, and a thief who is sophisticated is using sophisticated software to listen for the insecure broadcast channels, and now tunnel their way in. 

Now you're a simple warehouse vulnerable to someone staking out your security vulnerabilities.

(2)
UI
Undisclosed Integrator #4
Mar 20, 2019
In reply to Sergio Guzman

It could also suggest that Hikvision contributors to IPVM are also moving away from IPVM because of the continual brand bashing..... 

(1)
(3)
JH
John Honovich
Mar 20, 2019
IPVM
In reply to Undisclosed Integrator #4

It could be, it's hard to tell which 'contributors' left or join.

And if this was in the UK, I am sure the results would be more positive for Hikvision.

But, keep in mind, since our previous Hikvision favorability survey in 2017, the company was revealed to have a massive backdoor, the company was banned by the US government and the company's profiting from human rights abuses have all become public. These are negative factors for most people.

(1)
(1)
(1)
UI
Undisclosed Integrator #5
Mar 20, 2019
In reply to Undisclosed Integrator #4

You are spot on... we are actually considering not renewing our membership because of that

(4)
Avatar
Sergio Guzman
Mar 21, 2019
Pine Crest School • IPVMU Certified
In reply to Sergio Guzman

Something I did not speak about is the threat China holds in its current expansion. I know this may seem like it's just politics, but do you really want all your security equipment to be made by one country? Talk about Trojan horses. The competition China held over other camera companies is almost impossible to compete against.

These companies need our money to keep on competing, trying to make a simple sale while compromising many factors on national security isn't wise.

I already make these decisions when purchasing servers. I look at their motherboards and country behind their manufacturing seriously. It is not something I isolate to just cameras.

(3)
U
Undisclosed #2
Mar 18, 2019
IPVMU Certified

has IPVM ever done an end-user only poll, similar to the integrator only polls?

More than a few of the integrators and manufacturers, while no doubt sincere, also have significant ‘skin in the game’ and stand to gain from the looming Fall of the Hikuan Dynasty (2012-????).

On the other hand, end users have the most financially to gain (arguably even more than Hik dealers), in the short term at least, from the PRC’s state-sponsored discounting.

it would be interesting to know how far and to what degree the negative sentiment extends into the chain.

 

(1)
(2)
JH
John Honovich
Mar 18, 2019
IPVM
In reply to Undisclosed #2

We have done some end user surveys but end users are, on average, significantly less knowledgeable about products than integrators. Most end users make major purchasing decisions on video surveillance every few years so they tend not to be as informed (of course, there are exceptions with big end users having dedicated teams but again, on average). As such, I don't think it would be as informative. Also, an IPVM end user survey would be unfavorable to Hikua as the type of end user who signs up for IPVM tends to be larger, where Hikua generally does poorly.

stand to gain from the looming Fall of the Hikuan Dynasty (2012-????).

Some certainly do but many integrators might lose significantly. Marty Calhoun may be the most known pro-Hikvision integrator commenting on IPVM over the past few years but there are many like him out there, e.g., Hikvision Dealer Losing "Hundreds Of Thousands" In Orders.

Avatar
Eyal Kattan
Mar 19, 2019

Smells like mcChartism from the 60's 😉

I loved those "security concerns" while many installers don't have a clue about networking and securing networks.

We continue to successfully work with Hikvision and provide our clients secured quality surveillance solutions at cost-effective pricing.

(5)
(2)
(1)
CC
Chris Chambers
Mar 22, 2019
In reply to Eyal Kattan

I'm curious to know if you, or other Hik installers, have ever done any monitoring tests to see if there is any "extraneous" communication activity.  Similar to this story on cell phones:

https://www.cbsnews.com/news/researchers-find-phones-secretly-sending-data-china/

(1)
U
Undisclosed #2
Mar 22, 2019
IPVMU Certified
In reply to Chris Chambers

I'm curious to know if you, or other Hik installers, have ever done any monitoring tests to see if there is any "extraneous" communication activity.

One thing that’s different between a cell phone and an IP camera/nvr is that the camera/nvr is typically located behind a firewall.  if the devices were attempting to make outgoing connections that were denied by the firewall, people would have noticed the rejections in the logs by now.

not everyone has their firewall/network setup correctly and fewer still even care to check the logs.  but some do, and there is a lot of Hik out there.

not to say that the outbound logs would catch everything, (perhaps the outbound DNS or NNTP could be hijacked), but it would detect your typical nefarious connection attempts.

DR
Dennis Ruban
Mar 22, 2019
In reply to Chris Chambers

I did, and that would be a red flag for me. It has never happened.

Although, there's always a chance, that's a new FW update will have a trojan code. So having IoT behind the firewall is a must.

Some people still use Kaspersky antivirus and they don't find it dangerous. It's even a bigger vulnerability 

UM
Undisclosed Manufacturer #3
Mar 19, 2019

With all the negative things about hik, how will it effect their oem partners like invid that sells the hik cameras much cheaper than hik does. Will the ban also include them ? 

JH
John Honovich
Mar 19, 2019
IPVM
In reply to Undisclosed Manufacturer #3

I thought Invid was primarily a TVT OEM. Maybe they OEM Hikvision as well but they certainly OEM TVT (e.g., TVT facial recognition shown here).

To your general question, I don't think the negative perception about Hikvision is a big of a concern for OEMs as the US government ban. The negative perception can be worked around because, by definition, these OEMs generally tend to hide their provider, marketing their own brand. The ban makes things more dangerous since if their dealers sell those products to the US government, they are breaking the law.

It is, for example, why Panasonic USA was so quick to dump Dahua post the ban passing.

UM
Undisclosed Manufacturer #3
Mar 19, 2019
In reply to John Honovich

Invid is TVT, HIK and Uniview. Just seems that all the oem customers sell the hik, dahua etc brands at much less and hurts their own business 

JH
John Honovich
Mar 19, 2019
IPVM
In reply to Undisclosed Manufacturer #3

 sells the hik cameras much cheaper than hik does.

My hypothesis is that this is a price segmentation strategy by Hikvision. That is, offer the same product but with different brands and price levels to capture people with different willingness to pay. HiLook and HiWatch (in Europe) are certainly examples of that.

U
Undisclosed #2
Mar 20, 2019
IPVMU Certified
In reply to John Honovich

The ban makes things more dangerous since if their dealers sell those products to the US government, they are breaking the law.

although I wouldn’t suggest hikua OEMs actually attempt sales to the US gov, I think it’s an overstatement to imply that if they did, that “they are breaking the law” and would therefore be in legal jeopardy.  laws may be broken but that doesn’t mean the OEMs would be necessarily lawbreakers.

the NDAA language places responsibility on the executive head for compliance:

(1)
JH
John Honovich
Mar 20, 2019
IPVM
In reply to Undisclosed #2

No, recall: Sell Dahua or Hikvision At All, Banned From Selling to US Federal Government, Says US HASC:

Claude Chafin, House Armed Services Committee Communications Director explained to IPVM that:

The prohibition is beyond selling to the government. If the “entity” sells Hikvision / Dahua cameras in any way to anyone, they are banned from doing business with the federal government

For sure, the government user has responsibility but it is risky, to say the least, for the seller.

 

(1)
UM
Undisclosed Manufacturer #7
Jul 08, 2020
In reply to John Honovich

So how does Honeywell sell both Dahua and Hikvision cameras and yet still have huge contracts with 100s of United States government sites?

JH
John Honovich
Jul 08, 2020
IPVM
In reply to Undisclosed Manufacturer #7

#7, that prohibition is scheduled to take effect next month on August 13, 2020. See: US DoD Declares "Can No Longer Do Business" With Contractors Using Dahua, Hikvision, Huawei. There is debate about whether or not it will be delayed.

Honeywell has already taken steps to move away from Hikua, e.g., Honeywell Speaks On NDAA Ban, New Non-Banned Cameras and Cybersecurity

UI
Undisclosed Integrator #4
Mar 20, 2019
In reply to Undisclosed Manufacturer #3

I have a theory on OEMing. Whilst I'm not convinced it's a significant money spinner for HIK, what it does do is to undermine the OEM brand and kills of their own R&D through being simply lazy and blinkered. 

Outsourcing is simply a cost saving measure that destroys your own capability to deliver - it also put Hikvision in a very strong commercial position to cut you off at the knees when it suits. I'd say it's a great strategy and simply underlines how western greed gets in the way of rationale. 

DR
Dennis Ruban
Mar 20, 2019

I don't understand the quality concerns. I have less than 1% fault rate for Hikvision.

(2)
(2)
UI
Undisclosed Integrator #6
Oct 04, 2019

All Products IP Based are vulnerable... See for yourself on the CVE Database CVE - Common Vulnerabilities and Exposures (CVE) . Hikvision closed the backdoor that coders implemented as a quick way for them to make fast changes to the camera(s) during the development phase, they made a mistake and let certain models into the US market without removing the backdoor by mistake and they corrected this mistake within 48hrs. The problem was that if you were not a Dealer you would have missed the notification from Hikvision to update the firmware immediately and close the exploit, leading to a lot of cameras purchased through amazon vulnerable. Whatever, it doesn't matter anymore because guys like JH are going to have a field day with this and not tell everyone the complete list of facts (sad). See other sources for a complete list of manufactures and their known vulnerabilities. NVD Database and CVEdetails.com ... Hikvision's HikSSL is Level 1 FIPS Certified. A certification given by the U.S. Government. Funny that the same Government decides to ban Hik from Government use. Security starts with IT Administrators and their ability to stay ahead of the threats, secure the network and it's peripheral components....

(1)
JH
John Honovich
Oct 04, 2019
IPVM
In reply to Undisclosed Integrator #6

Thanks for your feedback and first comment, related: Hikvision FIPS 140-2 Cybersecurity Certification Examined