China Surveillance Vulnerabilities Being Used To Attack China, Says China

By: Charles Rollet, Published on Apr 07, 2020

While China video surveillance vulnerabilities have been much debated in the West in the past few years, China is now saying those vulnerabilities are being used to attack China.

This news comes from the PRC's main cyber threat monitoring body, which stated a recent hacking campaign's use of longstanding vulnerabilities is "sounding the alarm" on PRC IoT security, illustrating the risk associated with devices from that country.

In this post, we examine this news, including:

  • Attack Background
  • CNCERT Gives Update on Hacking Methods, Impact
  • China Manufacturers Especially Vulnerable
  • Cybersecurity Expert PenTestPartners Feedback: DVR Vulnerability from 2016
  • CNCERT: Hack "Sounded The Alarm" on China IoT Security
  • CNCERT Recommends Manufacturers, Users Beef Up Security
  • Prior Warning: PRC IoT Devices May Be "More Susceptible"

***** ***** ***** ************ vulnerabilities **** **** **** debated ** *** **** in *** **** *** years, ***** ** *** saying ***** *************** *** being **** ** ****** China.

**** **** ***** **** the ***'* **** ***** threat ********** ****, ***** stated * ****** ******* campaign's *** ** ************ vulnerabilities ** "******** *** alarm" ** *** *** security, ************ *** **** associated **** ******* **** that *******.

** **** ****, ** examine **** ****, *********:

  • ****** **********
  • ****** ***** ****** ** Hacking *******, ******
  • ***** ************* ********** **********
  • ************* *****************************: *** ************* **** 2016
  • ******: **** "******* *** Alarm" ** ***** *** Security
  • ****** ********** *************, ***** Beef ** ********
  • ***** *******: *** *** Devices *** ** "**** Susceptible"

[***************]

Attack **********

** ***-********,**** ************ '*********'-********** ***-***** ********* were ********* ***** ***** surveillance ********* ** **** of * ***********-********* ******* campaign ******* *** *** government ******#********:

*** ******** *** ** discernible ****** ** ********** PRC ************* **** *********, Dahua, ** ******* (***** the ********* ******* ** have ***** **** ********* USA's *******, **** *** never ********* *** ********* denied ** *********). *** one ****************** *** ************ **********, which ********* * ******** update.

CNCERT ***** ****** ** ******* *******, ******

*** ***'* ***** ***** threat *******,******,****** ** ****** ** March ******* *** ******* ** this ******* ********, ********** that ******* **** ***** main *******:

*** ****** *********** ********* from *** ******** [*******] shows **** **** ***** attack ******** ****** **** three ***** ** ***************: remote ******* ********* ***************, malicious **** ************, *** login ****** ***************.

China ************* ********** **********

***** ***** ** *************** have **** *********** ****** for ***** *** ************* ranging **** ***** ******* manufacturers ** ******* **** known ********* - *** our********* ** ***** ************ Cybersecurity *************** *** ********.

****** **** ****** *** hackers **** "********* ****" that *** ******** ** "different ******** ** *** Mirai ******". *** **** Mirai **** ****** *** driven ** ********** ******* from ***** *** ***** surveillance ***-*******************.

Hack ****** ******* *********

****** ****** *.** ******* attacks **** ******** ** 450,000 ** *********, ***** 10,157 ***** ****** ******** were ******** ** ****. CNCERT *** *** ****** specific ********* ******** ** the ******** ****** ** the *******. *** **** of *** ** ********* affected **** ******* ** China's ******* *********, ***** most ***** ************ ************* takes *****.

Expert ********: *** ************* **** ****

****** *******, *** ******** ********** for***************, ******** *** ****** report *** **** **** these **** *** *************** which *************** "********* ** a ****** ** **** back ** ****" ** his **** **** "****** **** *******":

******* **** *** ****** of ********** **** *** grown *****:

***** **** *** ** these ******* ****, *** there *** *** **** 100k. **** ** *** newer **** ** **** bought **** **** ***** fixed, *** **** ***'*.

*** ******* ***** **** the ****** ****** "***'* hugely **********" ***** **'* obvious ***** ******* ***** get ******:

*** ****** ***'* ***** a ***** **-**** *** exposed ** *** ******** like **** ******. **'* too **** * **** - ****'** **** ***** as ******** **** *** time *****.

**** ******* **** **** technical ******** - *******, it ** ******* **** such *** *************** *** still ***** ********* *** still ******* *****, *** China's *** *********.

CNCERT: **** "******* *** *****" ** ***** *** ********, ***** *******

***** ****** ****** *** intensity ** *** ***** were "*** ****", ** also **** *** ******** "sounded *** *****" ***** how ********** *****'* *** network ******** *** [******** added]:

*** ********* **this ****** ** ******** ************* ** *** ****. However, this attack shows that the IoT device has become an important target for hackers, and it sounded *** ***** *** *** ******* ******** of the IoT device.

****** ***** ****** *** hacks *** *******:

**** *** ***** ******* effect ** **** ****** event, ****** *** **** domestic ******** ********* ****** vulnerabilities *** ****** ***** warnings, *** ** ** the **** ** ***********,some *************** **** *** **** ******** *** *** ***** ** ******** *********.

CNCERT ********** *************, ***** **** ** ********

****** **** ***** *************** for ***** ***** ************ manufacturers *** ***** ** beef ** ******** [******** added]:

*. *** ****** ************* shouldstrengthen *** ******* ******** ********** ** *** *******, plan ****** ******** ************ ** ******* during the development process, and embed network security protection mechanisms;

*. *** ******users ****** ******* ******** checks on multiple levels of hardware, firmware, software, applications, and network protocols before the device goes online; after the device accesses the Internet, it should be protected by technical means such as firewalls, and at the same time strengthen the Monitoring and auditing of network access behavior of connected devices.

*. *** *******Internet ** ****** ********* ************* **** ******* ******** ************ *** *** **** *******. Internet of Things users *** ********* ** ******* **********, and security awareness needs to be improved.

Prior *******: *** *** ******* *** ** "**** ***********" ** *******

* **** **** ******** *****'* *** ****** prepared *** ***** ***** ******** ******** Review **************** **** "******** ********" in *** ************* **** as "*** ******** ** entry" *** "******* ********** standards" ***** **** "*******-************ IoT ******* *** ******** targets *** ************ ******", adding:

******* *** ******* *** at ***** ** *********** to ************ ****** ** those **** ***** *********,and *** ** **** ** **** *********** [emphasis added]

**********

** *** *********** *** ***-***** *******, IPVM ***** **** *** PRC **********'* ***** ****** abuses **** ** * prime ****** *** ***********-********* hacking *********.

*** ** ***** ** China's **** ***** ********** body, ******* *********** ***** is ************ *************** ******** such ********* *** ** the ***** ** ******* security *** ***** ***** surveillance ********.

Comments (4)

***** **** ****** **** using ******* ************ ***. Think **'* **** ********* here *** ***** **** that **'* *** **** to *****.

* ***** **** ** fantastic *** *** **** help ** *** **** run.

*** **** ** *** all ***** **** ************ product ** **** **** such *******.

******** **** **** ** roost. ** ****** ** how **** ** ** to **** ****** *** of ***** * ******** product **** ******** *****.

Login to read this IPVM report.

Related Reports

PRC Warns Against China Video Surveillance Hacks, Hikvision Targeted on Feb 14, 2020
Hackers are targeting China video surveillance manufacturers and systems,...
Coronavirus Impacting Hikvision and China Manufacturers on Feb 03, 2020
The coronavirus epidemic spreading through China has started to impact video...
Hikvision Put on US DoD "Communist Chinese Military Companies" List, Faces Risk of Presidential Sanctions on Jun 26, 2020
The US DoD has put Hikvision on a list of "Communist Chinese Military...
BICSI For IP Video Surveillance Guide on Feb 11, 2020
Spend enough time around networks and eventually someone will mention BICSI,...
Vulnerability Directory For Access Credentials on Feb 20, 2020
Knowing which access credentials are insecure can be difficult to see,...
China DVR/NVR Backdoor Discovered, Huawei Refutes on Feb 07, 2020
A backdoor was found in Chinese-produced DVRs and NVRs that secretly allowed...
US Passes Uyghur Human Rights Law Condemning Mass Surveillance on Jun 18, 2020
The US government has passed the Uyghur Human Rights Policy Act of 2020,...
SenseB4 Presents Cloud Network Device Monitoring on Jun 09, 2020
SenseB4 presented its cybersecurity and network health monitoring products at...
Netposa Stock Surges 46% After US Human Rights Abuse Sanctions on May 27, 2020
Last Friday, the US government announced it would sanction PRC video...
Dahua Critical Cloud Vulnerabilities on May 12, 2020
Dahua has acknowledged a series of cloud vulnerabilities that researcher...
Faked Coronavirus Fever Detection, Athena Used Hikvision; Responds - Selling NDAA Compliant Cameras, Pledging 50% Of Profits to Victims on Mar 24, 2020
US company, Athena Security, faked its coronavirus fever detection marketing,...
Hikvision Fever Screening Thermal Solutions Examined on Apr 13, 2020
Hikvision is marketing "safer, faster, smarter" with their Fever Screening...
Cisco Video Surveillance Is Dead, Long Live Cisco Meraki Video Surveillance on Feb 11, 2020
A dozen years ago much of the industry thought that Cisco was destined to...
Clinton Electronics Presents Axis Camera Equipped Public View Monitor on Apr 22, 2020
Clinton Electronics presented their Axis camera-equipped corridor mode M10PA...
Uniview Deep Learning Camera Tested on Jul 14, 2020
Uniview's intrusion analytics have performed poorly in our shootouts. Now,...

Recent Reports

Indian Government Restricts PRC Manufacturers From Public Projects on Aug 04, 2020
In a move that mirrors the U.S. government’s ban on Dahua and Hikvision...
Directory of 199 "Fever" Camera Suppliers on Aug 04, 2020
This directory provides a list of "Fever" scanning thermal camera providers...
Face Masks Increase Face Recognition Errors Says NIST on Aug 04, 2020
COVID-19 has led to widespread facemask use, which as IPVM testing has shown...
Dahua Loses Australian Medical Device Approval on Aug 04, 2020
Dahua has cancelled its medical device registration after "discussions" with...
Google Invests in ADT, ADT Stock Soars on Aug 03, 2020
Google has announced a $450 million investment in the Florida-based security...
US Startup Fever Inspect Examined on Aug 03, 2020
Undoubtedly late to fever cameras, this US company, Fever Inspect, led by a...
Motorola Solutions Acquires Pelco on Aug 03, 2020
Motorola Solutions has acquired Pelco, pledging to bring blue back and make...
False: Verkada: "If You Want To Remote View Your Cameras You Need To Punch Holes In Your Firewall" on Jul 31, 2020
Verkada falsely declared to “3,000+ customers”, “300 school districts”, and...
US GSA Explains NDAA 889 Part B Blacklisting on Jul 31, 2020
With the 'Blacklist Clause' going into effect August 13 that bans the US...
Access Control Online Show July 2020 - On-Demand Recording of 45+ Manufacturers Presentations on Jul 30, 2020
The show featured 48 Access Control presentations, all now recorded and...
Face Detection Shootout - Dahua, Hanwha, Hikvision, Uniview, Vivotek on Jul 30, 2020
Face detection analytics are available from a number of manufactures...
Sunell is The First China Manufacturer to Market NDAA Compliance on Jul 30, 2020
Most China manufacturers are going to be impacted by the NDAA 'Blacklist...
Ink Labs Relabels China YCX Fever Camera And Steals Dahua's Marketing on Jul 30, 2020
A US company marketed a 'thermal temperature scanner' as its own, selling...
Genetec and Dahua-Backed Intelbras Split Examined on Jul 29, 2020
China is the cause of the breakup between Canada's and Brazil's largest video...
This YouTuber is Now Selling ThermoHealth Temperature Screening on Jul 29, 2020
An enterprising 20-year old is mass marketing medical devices on Facebook and...