China Surveillance Vulnerabilities Being Used To Attack China, Says China

By Charles Rollet, Published on Apr 07, 2020

While China video surveillance vulnerabilities have been much debated in the West in the past few years, China is now saying those vulnerabilities are being used to attack China.

This news comes from the PRC's main cyber threat monitoring body, which stated a recent hacking campaign's use of longstanding vulnerabilities is "sounding the alarm" on PRC IoT security, illustrating the risk associated with devices from that country.

In this post, we examine this news, including:

  • Attack Background
  • CNCERT Gives Update on Hacking Methods, Impact
  • China Manufacturers Especially Vulnerable
  • Cybersecurity Expert PenTestPartners Feedback: DVR Vulnerability from 2016
  • CNCERT: Hack "Sounded The Alarm" on China IoT Security
  • CNCERT Recommends Manufacturers, Users Beef Up Security
  • Prior Warning: PRC IoT Devices May Be "More Susceptible"

Attack **********

** ***-********,**** ************ '*********'-********** ***-***** ********* were ********* ***** ***** surveillance ********* ** **** of * ***********-********* ******* campaign ******* *** *** government ******#********:

*** ******** *** ** discernible ****** ** ********** PRC ************* **** *********, Dahua, ** ******* (***** the ********* ******* ** have ***** **** ********* USA's *******, **** *** never ********* *** ********* denied ** *********). *** one ****************** *** ************ **********, which ********* * ******** update.

CNCERT ***** ****** ** ******* *******, ******

*** ***'* ***** ***** threat *******,******,****** ** ****** ** March ******* *** ******* ** this ******* ********, ********** that ******* **** ***** main *******:

*** ****** *********** ********* from *** ******** [*******] shows **** **** ***** attack ******** ****** **** three ***** ** ***************: remote ******* ********* ***************, malicious **** ************, *** login ****** ***************.

China ************* ********** **********

***** ***** ** *************** have **** *********** ****** for ***** *** ************* ranging **** ***** ******* manufacturers ** ******* **** known ********* - *** our********* ** ***** ************ Cybersecurity *************** *** ********.

****** **** ****** *** hackers **** "********* ****" that *** ******** ** "different ******** ** *** Mirai ******". *** **** Mirai **** ****** *** driven ** ********** ******* from ***** *** ***** surveillance ***-*******************.

Hack ****** ******* *********

****** ****** *.** ******* attacks **** ******** ** 450,000 ** *********, ***** 10,157 ***** ****** ******** were ******** ** ****. CNCERT *** *** ****** specific ********* ******** ** the ******** ****** ** the *******. *** **** of *** ** ********* affected **** ******* ** China's ******* *********, ***** most ***** ************ ************* takes *****.

Expert ********: *** ************* **** ****

****** *******, *** ******** ********** for***************, ******** *** ****** report *** **** **** these **** *** *************** which *************** "********* ** a ****** ** **** back ** ****" ** his **** **** "****** **** *******":

******* **** *** ****** of ********** **** *** grown *****:

***** **** *** ** these ******* ****, *** there *** *** **** 100k. **** ** *** newer **** ** **** bought **** **** ***** fixed, *** **** ***'*.

*** ******* ***** **** the ****** ****** "***'* hugely **********" ***** **'* obvious ***** ******* ***** get ******:

*** ****** ***'* ***** a ***** **-**** *** exposed ** *** ******** like **** ******. **'* too **** * **** - ****'** **** ***** as ******** **** *** time *****.

**** ******* **** **** technical ******** - *******, it ** ******* **** such *** *************** *** still ***** ********* *** still ******* *****, *** China's *** *********.

CNCERT: **** "******* *** *****" ** ***** *** ********, ***** *******

***** ****** ****** *** intensity ** *** ***** were "*** ****", ** also **** *** ******** "sounded *** *****" ***** how ********** *****'* *** network ******** *** [******** added]:

*** ********* **this ****** ** ******** ************* ** *** ****. However, this attack shows that the IoT device has become an important target for hackers, and it sounded *** ***** *** *** ******* ******** of the IoT device.

****** ***** ****** *** hacks *** *******:

**** *** ***** ******* effect ** **** ****** event, ****** *** **** domestic ******** ********* ****** vulnerabilities *** ****** ***** warnings, *** ** ** the **** ** ***********,some *************** **** *** **** ******** *** *** ***** ** ******** *********.

CNCERT ********** *************, ***** **** ** ********

****** **** ***** *************** for ***** ***** ************ manufacturers *** ***** ** beef ** ******** [******** added]:

*. *** ****** ************* shouldstrengthen *** ******* ******** ********** ** *** *******, plan ****** ******** ************ ** ******* during the development process, and embed network security protection mechanisms;

*. *** ******users ****** ******* ******** checks on multiple levels of hardware, firmware, software, applications, and network protocols before the device goes online; after the device accesses the Internet, it should be protected by technical means such as firewalls, and at the same time strengthen the Monitoring and auditing of network access behavior of connected devices.

*. *** *******Internet ** ****** ********* ************* **** ******* ******** ************ *** *** **** *******. Internet of Things users *** ********* ** ******* **********, and security awareness needs to be improved.

Prior *******: *** *** ******* *** ** "**** ***********" ** *******

* **** **** ******** *****'* *** ****** prepared *** ***** ***** ******** ******** Review **************** **** "******** ********" in *** ************* **** as "*** ******** ** entry" *** "******* ********** standards" ***** **** "*******-************ IoT ******* *** ******** targets *** ************ ******", adding:

******* *** ******* *** at ***** ** *********** to ************ ****** ** those **** ***** *********,and *** ** **** ** **** *********** [emphasis added]

**********

** *** *********** *** ***-***** *******, IPVM ***** **** *** PRC **********'* ***** ****** abuses **** ** * prime ****** *** ***********-********* hacking *********.

*** ** ***** ** China's **** ***** ********** body, ******* *********** ***** is ************ *************** ******** such ********* *** ** the ***** ** ******* security *** ***** ***** surveillance ********.

Comments (4)

***** **** ****** **** using ******* ************ ***. Think **'* **** ********* here *** ***** **** that **'* *** **** to *****.

* ***** **** ** fantastic *** *** **** help ** *** **** run.

*** **** ** *** all ***** **** ************ product ** **** **** such *******.

******** **** **** ** roost. ** ****** ** how **** ** ** to **** ****** *** of ***** * ******** product **** ******** *****.

Read this IPVM report for free.

This article is part of IPVM's 6,604 reports, 890 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

China General Chamber of Commerce Calls Out US Politics on Sep 24, 2020
While US-China relations are at an all-time low, optimism about relations...
Axis Exports To China Police Criticized By Amnesty International on Sep 21, 2020
Axis Communications and other EU surveillance providers are under fire from...
China's SMIC Hit By US Trade Restrictions, Impact On Video Surveillance on Oct 13, 2020
US trade restrictions have hit Semiconductor Manufacturing International...
Sunell is The First China Manufacturer to Market NDAA Compliance on Jul 30, 2020
Most China manufacturers are going to be impacted by the NDAA 'Blacklist...
Beware Rigged China Fever Cameras on Sep 08, 2020
Many China fever camera manufacturers have rigged algorithms dynamically...
Honeywell Warns of Huawei, Advocates Futureproofing on Aug 31, 2020
For years, Honeywell has profited from OEMing Dahua and using Huawei...
Ambarella Speaks On Huawei, Shortages, And China on Sep 09, 2020
The Huawei Hisilicon shortage is impacting the global market, with major chip...
Temperature Screening Is Ineffective, Says US, UK, Canada, Israel, And Ireland Health Leaders on Aug 25, 2020
Health leaders around the world are increasingly speaking out about the...
Huawei HiSilicon Shortage Impacts Surveillance Manufacturers on Aug 14, 2020
Huawei acknowledged problems and challenges for its HiSilicon chip business,...
False: Verkada: "If You Want To Remote View Your Cameras You Need To Punch Holes In Your Firewall" on Jul 31, 2020
Verkada falsely declared to “3,000+ customers”, “300 school districts”, and...
Six Flags' FDA Violating Outdoor Dahua Fever Cameras on Oct 26, 2020
As Six Flags scrambled to reopen parks amid plummeting revenues caused by the...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Faulty Hikvision Cali Colombia Fever Camera Implementation on Jul 20, 2020
The mayor of one of Colombia's largest cities has promoted a faulty Hikvision...
Worst Manufacturer Technical Support 2020 on Oct 15, 2020
4 manufacturers stood out as providing the worst technical support to ~200...
Biggest Problems Selling Access Control 2020 on Oct 29, 2020
Access control can cause integrators big headaches. What practical issues do...

Recent Reports

Motorola Solutions Total Revenue Down, Video Revenue Up on Oct 30, 2020
Motorola Solutions' total revenue is down, but video (both fixed and...
Recruiters Show 2020 On-Demand Recordings on Oct 30, 2020
Recordings from the 12 recruiter presentations are now available...
Consultants Show 2020 On-Demand Recording on Oct 29, 2020
Recordings from the consultant show are available on-demand at the end of...
Hikvision AcuSense G2 Camera Test on Oct 29, 2020
Hikvision has released their next generation of AcuSense analytic cameras...
Biggest Problems Selling Access Control 2020 on Oct 29, 2020
Access control can cause integrators big headaches. What practical issues do...
Taiwan Geovision AI Analytics and NDAA Examined on Oct 29, 2020
Taiwan manufacturer Geovision's revenue has been falling for years. However,...
Bedside Cough and Sneeze Detector (Sound Intelligence and CLB) on Oct 28, 2020
Coronavirus has increased interest in detecting symptoms such as fever and...
Fever Tablet Thermal Sensors Examined (Melexis) on Oct 28, 2020
Fever tablet suppliers heavily rely on the accuracy and specs of...
Verkada Fires 3 on Oct 28, 2020
Verkada has fired three employees over an incident where female colleagues...
Eagle Eye Networks Raises $40 Million on Oct 27, 2020
Eagle Eye has raised $40 million aiming to "reinvent video...
Hikvision Q3 2020 Global Revenue Rises, US Revenue Falls on Oct 27, 2020
While Hikvision's global revenue rises driven by domestic recovery, its US...
VICE Investigates Verkada's Harassing "RawVerkadawgz" on Oct 26, 2020
This month, IPVM investigated Verkada's sexism, discrimination, and cultural...
Six Flags' FDA Violating Outdoor Dahua Fever Cameras on Oct 26, 2020
As Six Flags scrambled to reopen parks amid plummeting revenues caused by the...
ISC Brasil Digital Experience 2020 Report on Oct 23, 2020
ISC Brasil 2020 rebranded itself to ISC Digital Experience and, like its...
Top Video Surveillance Service Call Problems 2020 on Oct 23, 2020
3 primary and 4 secondary issues stood out as causing the most problems when...