Cisco: Hikvision Hired Us

Author: John Honovich, Published on May 16, 2017

The day after Hikvision's backdoor was confirmed by the US Department of Homeland Security, Hikvision issued a press release about a 'cybersecurity collaboration' with Cisco inside China, with Hikvision USA touting that Hikvision was 'adding cybersecurity credentials.'

The release was atypical for Cisco, which normally includes their own contact person and quote. The Hikvision release had neither, just statements from Hikvision.

In this note, we share a statement from Cisco about Hikvision and examine the potential impact of this move.

*** *** **************'* ******** *** *********** *** ** ********** ** ******** ********, ********* ****** ****** ******* ***** * '************* *************'**** ***** ****** *****, **** ********* *** ******* **** ********* was '****** ************* ***********.'

*** ******* *** ******** *** *****, ***** ******** ******** ***** own ******* ****** *** *****. *** ********* ******* *** *******, just ********** **** *********.

** **** ****, ** ***** * ********* **** ***** ***** Hikvision *** ******* *** ********* ****** ** **** ****.

[***************]

Cisco *********

*****'* ******** ****** ********* **** ********* ** ****, ****** ***** that ********* *** * ******** ** ******:

*****’* ****** ******* ***********, ********* ********** *** ****** ***** ******** practices *** *** ********-******* ******** ** *** ********** ** ********. As ****, ***** ***** ***** **** **** ****** ********* ** help ****** *** ******** ************* ** ********* *** ******** ** their *** ********. *** *** ******** ** *** ************ *** support ** *** *********, *** ** *** ********** ********* ** provide *** ******* ***** ******** ********. **** ****, ** ** not ******** ******** ************ ******** ******* ***********, *** **** ** direct *** ** ********* *** ******* ***********.

*********

***** *****'* ******* ***** *** ****** ** *** ** *******'* largest ********** *********, ********* ****** ***** ** * ****** ****** relations **** *** ***** **** *****. ***** ***** *** **** unsuccessful ****** ***** ************, ***** ** ******* *** ** *** most ****-***** ********** ********* ********* ** *********** ********** **** ***** helps ** ******* *** ****** ** *********'* ********** **** *** backdoor.

Engineering *******

****** *** ****** ********* *******, ********* ** **** *********** ** help ***** ********, **** ***** ******* *********'* ******** *********** *******, assuming *** ******** *** ** *********** *****, ****** **** ************* placed. *******,*********'* ***** ********* ** ***** (*******, ******, *************, ***.) **** ** ********** to ****** *** **** **** *********** ************ *** ***** ****.

Second ******* / **** ******

**** ** *** *** ***** **** ********* *** ***** ******* help *** *************. ** ****, ************* **************** ********** ******** ***************** ********* ********. ********* *********'* ***** ***** ************* ****** ** 2015,********* ***** ******** "** ******* * *********** **** *** ************* ********** ** [their] ********."

******'* ******** ** ********* ******** *****. ** ******** ** *** being ****** ***** ******* ** *** ************* *******, ********* ****** did *** ******** *** ******** **** *** *** ***** *** more **** ** ****** ***** ********* **** ****** *** ********* their ******** (******* ****** ****** ** ** ********* ********** ***** efforts ** *******).

Hikvision / ***** ******

********* ****** ***** ** * ***** ****, ****** ******* ** as * '*************' ***/** ** *********** **** ***** ** *********, since ********* ***** *****. *** **** **** ******* **** ********* can **** *** ***** ***** ** * ********* ** ***** poor ************* ***** ****** *** *** ******* ** *** *********** side ** **** *********** ******** **** *****.

Comments (34)

********* ***** ******* * ***** **** ******, **** * ***** and ****** ***** ***** ** ** ** ****** ** *** be ******** ** **** ****** ** **** *** **** *** to ***** ****** ********** ** *******, *** ** ***** ***** be ********* ** ** ******** *******, ** ********.

***** -

** *** ***** **** **** ** ***, ***, ** *** parties "*******" *** ******** ** ********* *******, **** **** ***** press ******** ***** ************ *** ***********. *********, *********** ********* *** finding ******** ** ********* ********/********/***** ************, ***** ** ***** ***** time ** **** *** ** ******* *********.

*** *** **** * ****** *** ** ****, ********, ** unobtanium, *** ** ** ** ******** ******-*********** ******* ***************, ****** are ***** ** ********** **** ** *** ** ***** * security ****.

** *** ***** **** **** ** ***, ***, ** *** parties "*******" *** ******** ** ********* *******

*'* **** ***** ** ******* ****** ***** *** ** ******* to **** * ***** *******.

********* ***** ******* * ***** **** ****** ...*** ** ***** still ** ********* ** ** ******** *******.

****'* *** ** ****** ** *** ***.

****, ***** **** *** ****** **** *** ****.

********* ** ** ******** *******

**** ** **** **** *** '*********'?

*****, **** ** '**********'. ***** *** * ******** ***** *****'* role ** *** ********* '*************'. ** ******** **** *****, ******** a ****** ***** ** *** ******, ****** ** ***, ** boot, **** **** ***** **** ******** ** ** ** *********.

* ********** **** ******* ******** ** **** ******** ** ********* is ** ******** *** ***'* *** ***** ***'* ** ****** saving **** ******** *** * **** ********* ******?

*****,

*'* *******, *** **** ***** *** ********* **** *** ****** to ** **** ** *** ********* ** ********* *** ******* you've **** ** ****** ******** *** *** *** ***** *** are ** ****** ********* ** *** *******? ** **** *** not **** **** ***?

**** ** ** ****** ******. ***** ******* *** ******** *******. Some *** *********, ***** ***** ****** ******, *** *** *********** have ** ****** ********. **'* **** ** *** ***.

***,

* ******'* ***** **** *** **** **** ********* ******** ** part ** *** ***. *** ********** ** *** ******* *** you **** ** ******* ********. ** *** **** ******** ** cases, ******** ******** ** ********* *** *** ******* ********, ****** or **** *********.

** **** ******** **** *** ******** ************ *'* ********* **, your ********* ********* ***** **** **** ******* ** ***** *****, voyeurism ***\** ********** ******* *** ******** *******. (**** *** ******** to ** *** **** **** ******* ** * **** **** a ********* ****** **** * **** **** ************* *** **** fired *** ********** *** ********* *** ********* **, *** ** get ****** ********, *** **** *********** **** ***** *******)

***** *** ********** ******* **** *** ********* ******** ** *** a ***** *** ** ******. * ***** "****** ******" ***** be ********** ** **** *******, *** ****.

* ***** ** **** ** ****** ******* ****** ** ******** these *****. ** *** **** * ********* ****** *******, ************ to ** **** *** ********, ***** ***** ** ***** ****'* as ********. * ***** ******* ** ******** *********** *****, *** it ***'* ** ****** ** ** **** **** ******* ** an ******** ****** *******.

************* **** ** ******* **** **********. **** ** **** ****** you ***'* **** **** ******* ******* ***'** ***** ** ***** safely.

**** *** ********* ** ***, *** ******** ******** *******, ** not ******, *** **********.

****** ***'** ********** *** ** **** ********* ** *** *** their *******.

*** ******* ** ** ******* ******* *** *** ** ** internet ********** *******. **** **** ******* ** *** *** ****** thru * ****** ***. *** **** ****** **** ** ****** face ** *** *** ******. *** ******* *** ************. *** Hikvision ******** *** ****** ****** *** *** ******. **** ** simple. **'* *****. **'* *********.

****** *** ******** ******* *******...

**** *** ******** *** ****** **** ***** ****. *** *** connected ** *** ******** ******* **** **** ********* ** ** accessible ******* ****. **** ** *** *** *** ****** *** and ******** *** ******** *** ******** ****** *** ****** *** cameras.

*** ** *** ****** "******** ******" **** *******?

****'* *** **** * ****.

*** **** * **** *** ********** ******.

"Even ** *** *** *** ****** *** *** ******** *** ******** *** ******** ****** *** ****** *** *******."

**** ****** ******* **** *****

* ** *******

**** ***, "******* ****"

****://***.*********.***//**********/*****/**************************************.***

***

****, ** **** ****

*** **** ** *** ****** **** ********

*** **** ** *** ****** **** ********

***** ***** **** ** ****** **** ** *** ******** ** the ******** ****.

***** ** ******** ** ******* *** ***** **** ** ** deliberately *******. *** ******** ***** **** ** **** **** ** was ****** ******* *** *** ******, ***-******** ****** ***** ******** mapped ** * ********** ******. *** ****** *** ******** ** straws.

*** ** * ******** ** ******?

**** ** * ******* ********** ******* *** * ******** ** allow ****** ****** ** *** *******. ** *** ***** **'* a ******** **** **** ****'* ******* *** ****** **** *** click ** * *****?

**********, *** ***'* **** ****** ** *** ********* ********* ****** network ** ** ******. *** ******* **** ******** **** ******** NICs, * ********* ** *** **** ******** *** *** ********* which *** *** ********** *********.

*****, * ***** *** *** ********* ****** *** *******. *** "quality" ** ******** ******** ** **** *** "***********" *** ***** on **** ****. *** ******** ********** ** ********* ** **** as **** ** *** ***** ******* ********* *** **** **********. The ********* ** ********* ** **** **********. *** ********* ******** practices ** ******* ********* *** *** **** ** **** ******** are **** **********. **, ***** ***** *** **********. ****** *** entitled ** ***** "********."

**** ******* ** *** ******** **** ***** **** ***** ** to **** **** ******** *****.

**** ** ******* ** **** ** ***/***. ********, * *** headline.

********** **** *** **** ***** ***** ***** *********...

**** ****, **** ******'* ******** ** * *** **** *** Hikvision, ****** *** ***** *****'* ********* *** ****. ** **** definitely ***'* ** ***** ** ****, **** ****** ****.

** *** ** ********* ********* ** ***** ** * ******* is ***** *****. **** ***** **** ********* *** ********* ***** with ******** ********. *** **** **** **'* ****** **** **** they *** ****** *****'* ****** *** **** **** **** *** getting **** **** * ***** ****** ** ** ********.

** *** **** ** *** *** ***********, *** **** ***** you ******** **? ******* ** * "*******" **** *****, ******* they **** **** **** ****** *** ***** *********. ***** *** many "************" ****** *** ******** **** *** ********/***** ** *** side *** **** ** *** *****.

**** **** **** **** *** ******** ******** ************ **** * heard **** * ****** ******. ***********!

** *** **** ** *** *** ***********, *** **** ***** you ******** **?

******* ******** / ******.

*** ***** **** *****, *** *** ********* **** *** ***** clinic? **.

*** **** * ******* ********, *** *** ********* **** *** attorney? **.

*** ** ** *** ****** ** ****** * *****, *** you ******** **** *** ******? **.

********* ***** ****. **** ******* **** *** **** **** **** Rapid7, ******* **** ***** ************* ** ******** **** ******** ******* and **** ***** *** **** ********. ***, **** *** ******** to *** **** **** *****.

*****, **'* * **** ** ****. **'* *** * *********** and *****'* ***** ** ******** ** **** **** ** ** going ** **** * **********.

****, ************, **** ** ***** ******** *** *** ********. * expected ****.

** *** ** ******, ********* **** ****** *** ****. *** not ***** ** *** **** ** *** ** *** ****.

* ******* ***** ******* ************** ******, *** **** ********* **** *** ******? **.

** ******** ** ******, ** ** *** ***** **** ********* had ****** **. ***** ********* **** **** ** ** ********** assessments, ******* *** **** ******** *** ****** ****** **. ***** Hikvision **** *** **** ** *** *********** ****** *** ********. Rapid7 ** *** ******* ** ***. ********* ***** ***.

* ***'* ***** ***** *** *********** ** ********** * ***********. While *** ********* ********** ** *********** ***** ******** ** ******* here, *********** ******* * **** ** ****** ***** ****** * simple *********** **** ******** ******** ***.

********* ****** ** **** ************* ** ********** ******** **** *****, thanks ** *****'* *****. ***** *** (******) ******* ** **** by **** *********** ***** ******** ** *********. ** ****, ** HikVision **** *** *********** ************* ******* ** *** ********* ** the ****** ***** ***** *** ******** ***** ********, ** ***** be ********** * ******* ** *****.

**** ***** ****, * ***'* *** *** **** "*******" ** this **** ** *********'* **** ** ******** *******. ***** *'* not ******* **** ******, *** *** * *** ** *** term "*************".

***·***·*·**·****
*əˌ***əˈ*ā**(ə)*/
****
****:*************; ****** ****:**************
  1. *.
    *** ****** ** ******* **** ******* ** ******* ** ****** something.

*** ****** ** **** ************* **** ********* ** *** ********** of **** ****** ********. *** ********** ** ************* *** ** stretched ** *** ****, *** **'* ***** ********* ***** *** "Cisco *** * *** **** ********** **** ********, ** ** hired **** ** **** ** **** *** ******** **** ******".

*** ** **** *****'* ****** *** **** **** ** ** a **** ******** **** ** *********, *** ********* ** *** depth ** *** *************, ***** ** ** *********** ** ******* up ***** ******** *** ***** **** **** **** *** ****-*****-********* stigma.

** *** ***** *** "*** ******" ******* ** ***** ** partner **** ******* "*** ******" ******* ** * ************, **** you ******* ** *** **** ** ************* ** *** ********** works.

**** ******* **** ***** *****, ****** **** **** *** ** a *******. * *** **** *********, *** **** ****** ** a "*******" **** **** ******. *** *** **** ***** ***.

** *** ****, * ***** **** ***. **** ** * great **** *** ********* *** ****** ******** ** **** ***** lead ****** *** ******* **********.

* **** **** ** **** ****'** ****** ** *** **** lettuce ** * **** ******** ** **** *** **** ** health ****.

*** ** *** ****** ****? ;-)

* **** **** ***** **** ****** ** ********.

** ******* ****'* ***** **** *** ***********, *'* ******** *********** for *** **** ***** ****** **** **** *****, **** ******* to ** *********** ******. *** “***********” ******* *** **** **** mocks *** **** ** *** **** ***********, ************ *** *** users ****'** ********* ** - **'* *********.

****** **** ******** **** ********** ********** ** *******, ******* ****** and ******** ******* ******/*******, **** ** ***** **** ***** ***** energy?

** **** ** **** ******* ****, **'* * ****** ******* in **** *******. **** ***'* ********* *****, **** ***'* ******* the ********* *** **'* ******* **** ******.

******, ***** *** ******* ********* ******* *'* ********* ****'** ****** the **** **** *****. ** *** ****** ** **** ***** day *** **'* ** ************* ****** ** *****.

***********. ** *** *** ** *** *** (**** ****** **) the ********* ***** ************ *** * **** ********* / ********* marketing **** **** **** ******* & ***** ** **** ******** repercussion. *** **** ******* ******** ***** ** ****** ******* ******** flaw ***** *** * **** ** *** ***** **********. (***** then *****.)

**** **** *********....****'* ****?

***, ** ***'* *&* **** ** ** ****** ** **** advertise, *** ** **** **** ***** *****? ** ****, **** have ********* ** ** **** ***** "*********** *****"

********* *********** *** ******* ** **********.

**** ** ********** *** ***** ***** *****'* ******** ** **** in *****.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Dahua Trying, Struggling To Respond To Hacking Attacks on Oct 04, 2017
Now, 2 weeks since large-scale hacking attacks commenced against Dahua vulnerable devices, we analyze Dahua's response. On the positive side,...
Hikvision USA Misleads Dealers On Backdoor on Oct 03, 2017
Hikvision USA emailed their dealers overnight with their 5th cyber security 'special bulletin' of the year. Misleading Unfortunately, they...
FLIR Thermal Camera Multiple Vulnerabilities, Patch Released on Oct 03, 2017
Multiple cyber security vulnerabilities exist in FLIR thermal cameras, which have not been fixed, despite being reported months ago. In this note,...
Hackers Globally Attacking Dahua Recorders on Sep 25, 2017
Dahua recorders are being hacked and vandalized around the world, as confirmed by dozens of reports to IPVM since the attacks surged 5 days...
Avigilon Touting 'Made In America' on Sep 18, 2017
Canadian manufacturer Avigilon, who completed a US manufacturing facility in 2015, is now running a marketing campaign touting 'Made In America',...
September IP Networking Course on Sep 14, 2017
LAST Chance - Registration is ending. Register now. This is the only networking course designed specifically for video surveillance professionals...
Dahua USA President Out, South American President Takes Over on Sep 11, 2017
Dahua's South American President has taken over Dahua North America as well. This is Dahua's third North American head in 2017. Will this one...
Hikvision Backdoor Exploit on Sep 03, 2017
Full disclosure to the Hikvision backdoor has been released, allowing easy exploit of vulnerable Hikvision IP cameras. As the researcher, Monte...
Fortune 500 Company Bars Dahua and Hikvision on Aug 30, 2017
A Fortune 500 company has barred Dahua and Hikvision cameras from a large RFP due to cyber security concerns, IPVM has confirmed with the...
Security Press Wrong About New NY State Video Law on Aug 29, 2017
SecurityInfoWatch wrongly declared: N.Y. governor signs bill outlawing video surveillance of neighbors SDM wrongly affirmed: It is now illegal to...

Most Recent Industry Reports

Cisco Falling - Favorite Network Switches 2017 on Oct 20, 2017
1 major manufacturer fell and 1 outsider manufacturer gained as integrator favorites for network switches from more than 140 votes / explanations...
Uniview Recorder Backdoor Examined on Oct 20, 2017
A Chinese research group has identified a vulnerability in Uniview recorders that allows backdoor access in a method similar to the Dahua...
Hikvision Access Control Tested on Oct 19, 2017
Hikvision aggressive pricing and marketing combined with generally reliable hardware and free software has made them a major player in video...
Verkada, Silicon Valley VSaaS Startup, Targets Enterprise on Oct 19, 2017
Verkada says they are building an enterprise-class VSaaS offering, calling it "The new platform for video security". This is a departure from the...
Exacq Unbreaks Avigilon Integration on Oct 18, 2017
For nearly 4 years, Exacq had broken and effectively blocked use with Avigilon cameras, as IPVM reported in January 2014. Now, Exacq has...
Search More Important Than Live Monitoring - Statistics on Oct 18, 2017
Search is overall more important than live monitoring to integrators, according to new IPVM statistics.  The key themes found in integrator...
Axis 'Sold Out' P3707-PVE Multi-Imager Tested on Oct 18, 2017
Axis faced significant product shortages over the summer. Perhaps the most notorious and significantly sold out model was the Axis P3707-PE 8MP...
Dahua Removes Auto Rebooting on Oct 17, 2017
For years, Dahua has automatically programmed its IP cameras to reboot weekly, a highly atypical and questionable practice. Following IPVM...
Deep Learning Tutorial For Video Surveillance on Oct 17, 2017
Deep learning is a growing buzzword within physical security and video surveillance. But what is 'deep learning'? In this tutorial, we explain...
Multipoint Lock Access Control Tutorial on Oct 17, 2017
Doors are notoriously weak at stopping entry, and money can be misspent on wrong locks that leave doors quite vulnerable. While closed and locked...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact