Genetec Expels Hikvision

Author: John Honovich, Published on Nov 08, 2016

Genetec has removed support for Hikvision devices, deeming them 'untrustworthy', citing customer concerns about Chinese government ownership / control.

While manufacturers infrequently remove support for competitive reasons, doing it for cyber security is unprecedented in video surveillance.

We spoke with Genetec to understand their rationale and implementation. Inside, we review that, looking at the risks both to Hikvision and Genetec as well as the overall market impact.

Key Details

Genetec has removed support for Hikvision, Hikvision OEMs (e.g., UTC Interlogix) and Huawei, effective immediately. This includes both direct driver support and ONVIF. ONVIF connections for those products will be denied by Genetec's software.

Customers that want to use those devices will have to obtain a special license with an extra charge ($250 per device), and grant a waiver releasing Genetec of all liability in the event that the customer or third party organizations are hacked through the use of such devices, or if the Genetec software is caused to malfunction. Hikvision itself has a disclaimer rejecting responsibility if their devices are hacked.

Customers that already use these devices (which Genetec described as 'vanishingly small') will need that special license / waiver to continue to do so when they next upgrade but will not be charged.

UPDATE - Moved to New 'Restricted' Category

Hikvision and Huawei have been moved into a newly created 'restricted' category on Genetec's support list. The details remain the same, a waiver is need and a special license connection, but the devices now are labelled 'restricted':

******* *** ******* ******* *** ********* *******, ******* **** '*************', citing ******** ******** ************ ********** ********* / *******.

***** ************* ************ ****** ******* *** *********** *******, ***** ** for ***** ******** ** ************* ** ***** ************.

** ***** **** ******* ** ********** ***** ********* *** **************. Inside, ** ****** ****, ******* ** *** ***** **** ** Hikvision *** ******* ** **** ** *** ******* ****** ******.

Key *******

******* *** ******* ******* *** *********, ********* **** (*.*., *** Interlogix) *** ******, ********* ***********. **** ******** **** ****** ****** support *** *****. ***** *********** *** ***** ******** **** ** denied ** *******'* ********.

********* **** **** ** *** ***** ******* **** **** ** obtain * ******* ******* **** ** ***** ****** ($*** *** device), *** ***** * ****** ********* ******* ** *** ********* in *** ***** **** *** ******** ** ***** ***** ************* are ****** ******* *** *** ** **** *******, ** ** the ******* ******** ** ****** ** ***********.********* ****** *** * ********** ********* ************** ** ***** ******* are ******.

********* **** ******* *** ***** ******* (***** ******* ********* ** 'vanishingly *****') **** **** **** ******* ******* / ****** ** continue ** ** ** **** **** **** ******* *** **** not ** *******.

UPDATE - ***** ** *** '**********' ********

********* *** ****** **** **** ***** **** * ***** ******* 'restricted' ********** *******'* ******* ****. *** ******* ****** *** ****, * ****** ** **** and * ******* ******* **********, *** *** ******* *** *** labelled '**********':

[***************]

Vote - *** *****?

#1 - ********** / ********* ******** ******

******* **** **** ** ***** ********** *** ********* ********* ******* ********* ***** ***** ******** ***** ***, ** **********, *** role ** ******* ********** ***** ** ********** ******** **** ********* and ******. ******* **** ***** *********** *** ********** ***** **** expressed ******** **** *** **** ** **** ******* **** *** high *** **** ** * ****** ***** *** *** *** be **********.

#2 - ***** ** ******* ******** / ******* / *********

******* ********** *** ********** ** ******** **** *******'* ********, ********* and *********** ** ***** ********* ******** ******. **** ***** **** risk *********** ** **** ** ******/*** **************** ******** ************* ******* ********** **** *******. *** **** *** complexity ** ******** **** ******* ******** ** ************ ** ******** owned ** ********** ** *** ******* ********** *** ****** *** high.

#3 - ************* ***** / ***********

*******, ******* ******** ******* ** ********'* *********** *** ***** ******** *********** ********* ** starting ** ********* *** ******** ******** ********, ***** * ******* **** *** ******** *********, ***************** ***** ****** ** ******* ***** ****** *** ************* ***** **** ** ****** *** *****. **** ** * key ****** **** *** *** **** *** ********* * ******* license / ****** *** ***** *** ****** ** *** ***** devices ** ********* **** ****.

Milestone ********* ******* ********** ****

** ********, ********* **** **** **** ******** ** ******* *********, noting:

********* ** * **** ** *** **** ******** *********, **** are * ***** ******* ** ********* ******* *** ** ***** Partner ** *** ********* ****** ******* ******* (****). ** **** continue ********* *** ****** ** ********* *******, ********* *********, ** we ******* ************* ** ********* *** *** ******** ** ****** strong ********** *** ***** ******** *** *** *********.

*******'* *** *********, ******* "** ******* ** **** ************, *** not ** * **ï** ***."

Vote - ********* *************?

Hikvision ******

*********'* ******** ****** *** ************* ********* ** ******** ********** ********** *********, ***** *** **** ******** **** *** **** ****, ********* recent************* ****************. *******'* **** **** ********** ***** ******** *** ********* ********* of **. *** **** **** **** ******** **** *********'* ******* with *******'* ******* ******** ****, *** **** **** ***** **** integrators *** *** ***** ** ** **** **** ** ***** Hikvision. ********, **** ***** *** ********** *** ************ ** *********'* overseas ************ ** **** ** ********** *** **** ** *****.

Risk ** *******

** *** ***** ****, ******* **** **** ****. ********* ** the *****'* ******* ***** ************ ************, ******** ******* ** ****** Genetec's ********** ***** ******** ******** **** (************'* ******** ********** *************** ********** ********). ** ********* ********* ******, ********** ***** *****-*** ****** **** high ***** ** ***** *** ******* *****, **** ********** ********* may ****** ********* *** *************** ****** *******.

******* ******* ** *********'* *** '************' *** ********, *******-****, ***** ********* ***** ******* *** ********** ********** ********** *** to ******* **** *** ******** **** *******. ********* ***** ******* this ****, **** ** **** *** ****, ********** ** ******** where **** *** ***** ********** ** *******. *******, *** ****-****'* overall ******* **** ** *** ***** *******'* *** ********** *********.

*** ******* **** ********* *** ******* ** **** *******'* ******** model **** *** ****** ** *** *** *** ** *** market ***** ********* ** *********. *** ********* **** ******* ** buy $*** ********* ******* *** *** *** ***** *** *** least ****** ** *** *******.

Opportunity *** *********

********* ***** ********** ** ****, ***** ***** ******* *********** **** Genetec *** ********** ********. ********* ******** ** ********* *** **** option ***** ******** **** *********'* ******-*** *** ******** ***** ******* strong ************** *** **** ***** ******* **** ******* **** ****, Genetec's **** ****** *******.

** ******, ***** *** **** ******** **** **** ********* ********; One, ********* ** * ********* ******* ** ****, ** ***** win *** ********* ******* ** * **** *** **** *** the ******* ***** ***********; ******, ********* ***** ** ******** ********* around *******'* ******** ********* **** ********* *** ***** ***** *** being ************* ***** ********* ******* ** ********** ***********.

Industry ****** ***********

**** ****** ****, ********* *** ****** *** **** ************* ************ in *** ******, ******* ** **** *** ******* **** ****** and ******** ** ****** *** ******* *** **** ** *** bottom *** *** ********* ** *** ******* ********** **** *** industry.

***** *******'* ********** *** *** **** **** *** ****** ******* Hikvision, **** **** ********* *** ****** ****** *** ********. ********* has ************* ********* ******* ** ****** *** *********'* ************* ************ will ** ********** ** ********* *** ********** **********.

UPDATE: ********* ********

********* ***** ******* *** **** ** ***** ******* ******** **** the ********* ********:

** **** ***** **** ******* ** *** ********* * ******* license / ****** *** ********* ***** ********* *******. **** ** an *********** ******** *** ***********, ***-***** *** ******* ******. ******* has *** ******** *** ******** **** **** ******** ** ***** on ******* **********. ** ******* ** ** *********** ********* *** designed ** ********** ********* *********** ***** *********’* ******** ** *************. Hikvision, ** ******, ******* ********* ** ********* ***** ********** *** great ******* ** ***, *** ****** ********.

Comments (226)

will they remove Axis support too ? Axis cameras can be rooted/hacked also.

Axis cameras can be rooted/hacked also.

Yes, Axis had a critical security vulnerability this year. But no, Genetec is not removing support for Axis. As explained above, Genetec says the main concern is the Chinese government ownership / control.

John, when a system is vulnerable, and can be hacked with skills, is it important who owns the manufacturer? What if Axis is controlled by Illuminati (LOL)? Who knows?

Exactly - It is not the generic threat of hacking Genetec appears to be concerned about - it is more specifically the Chinese government using their captive company Hikvision as a door into networks , particularly US government networks, which are a large part of Genetec's customer base and Genetec unsurprisingly wants to protect themselves from being implicated into any potential Chinese state-sponsored penetration

...Genetec unsurprisingly wants to protect themselves from being implicated into any potential Chinese state-sponsored penetration.

Unless you pay them $250.

Possibly for the extra liability insurance and PR repair work in case something goes pretty bad.

You can't seriously be comparing a one off exploit that was easily blocked with security features to Hikvision numerous hacks? Not to mention Axis patched the vulnerability whereas Hikvision just said they're not responsible for hacks and good luck.

Axis has had many more exploits and flaws reported than any other manufacturer. This is somewhat due to them being the longest running IP camera manufacturer.

But they are not owned by the Chinese Government.

You can't seriously be comparing a one off exploit that was easily blocked with security features to Hikvision numerous hacks?

No you cannot seriously compare them.

Did you know that for 8 years virtually every Axis camera in the world contained a vulnerability which could have been exploited, as long as the camera was accessible either by LAN or WAN, to take complete control of the box?

  • 8 years
  • Nearly every Axis device on the internet
  • Full control

Hik had two vulnerabilities that I'm aware of. The first was a buffer overflow exploit in some NVR's open source RTSP code. It was patched long ago.

The second was when they released an ios app built with hacked tools. They pulled it as soon as it was discovered.

And don't forget that they where also hacked and used for Bitcoin mining (NVR's and DVR's)

And don't forget that they where also hacked and used for Bitcoin mining (NVR's and DVR's).

They weren't 'hacked'.

Integrators and end-users failed to change the default credentials.

Well we might have a slight difference of opinion here. How do you call it if someone who is not supposed to installs malicious software on to someone else's devices.

I still would call it a hack or at least a security breach. Neigtherway should be possible.

In 2014, I dare say that most network NVR/DVR and cameras were shipped with a default password.

So how is Hik more negligent than the others with the same practices at that time?

The difference is that Axis is not owned by a enemy!

Axis is not owned by a enemy!

China is a enemy of the United States, eh?

Like North Korea or Iran?

Why, because they're not a democracy?

I believe we shouldn't give one red cent (npi), to our true enemies.

Do you?

OK, then why in the movie "2012", all US politicians and rich guys stepped on the Noah's Arks built by China in order to be rescued?

You may argue it's fictional, but China is one of US's major partner, but not enemy. The real enemy to US is ISIS, North Korea, and crazy dictators that hold bombs.

China has huge trade with US, it is also the biggest customer of iPhone, Boeing airplanes, Smartphone processors, and also is the biggest American Treasury bond foreign holder, why it turns out to be enemy?

Perfect questions at the end. Us is depends on China very much. Much more than a n avarage patriot can expect. So if China will abn out US products, or simply not manufactures on as low cost as nowdays... US and the rest of the world will start crying. Crying a lot.

Well played Genetec!

Panasonic VI, Milestone, Exacq, Avigilon -- your turn.

My guess is that iVMS-5200 took a large project from them.

My guess is that iVMS-5200 took a large project from them.

I doubt it's that, even beyond Genetec's own statement. For example, Axis increasingly takes projects with Axis own VMS / NVRs and is still Genetec's top partner.

Btw, are you serious? Do you really think other companies should drop Hikvision? Just want to clarify - not sure if you are being sarcastic or not.

Yes, I am serious. This is all my opinion:

I dislike the damage being being done to the industry by subsidized product. I do not think any of the VMS will make the same move Genetec did. However I did call out in a recent thread that Hikvision is buying market share with cameras right now and issued the same challenge to VMS manufacturers before they fall in the government subsidized AND bundled crosshairs.

The lack of addressing Dahua is interesting. Maybe it's viewed as Dahua making a mistake, which IMO is the truth. The impact of Mirai certainly seems greater than a bunch of poor performing bitcoin miners and a quickly addressed hole in iOS apps. What does Hik do any worse than Dahua?

John, Axis?

Panasonic no?

It is a good marketing move for the Genetec but it is not bad for Hik. Who wins the most? - Dahua :)

Who wins the most? - Dahua Milestone

Doesn't Milestone Canon win when they sell Axis/Milestone projects?

Who wins the most? - Dahua Milestone

Do not think that it will move any serious amount of customers from Genetec to Milestone but it can push companies to think about Hik alternatives (i.e. Dahua) just in case it gets worse.

Do not think that it will move any serious amount of customers from Genetec to Milestone...

Why not? If you were deciding between the two, I think you would want to be able to use whatever cameras you want.

Today, Hik is out, and tommorow who knows?

Agree with UD6, and especially when you consider the market OUTSIDE the US. Much of the commentary here relates to how the USA views the Chinese Government threat and so how this might help Genetec positioning in the US - fair enough - but in much of the rest of the world there's a proliferation of Chinese products. Look at the Middle East where Chinese companies like Huawei actually 'own' much of the communications infrastructure and far more omnipresent than just video networks.

I would suggest this is a big risk for Genetec in some of those non-US markets.

Look at the Middle East where Chinese companies like Huawei actually 'own' much of the communications infrastructure and far more omnipresent than just video networks.

But does Genetec really have a shot if Huawei wins an end-to-end video surveillance deal? Is Huawei really going to sub / spec the VMS to Genetec?

Similarly, this move would hurt Genetec winning Chinese government contracts except that Genetec does not have any reasonable chance of winning them regardless. Yes/no?

Genetec currently have many of the Middle East airport video systems.

The big deals that Huawei do are more in the carrier hardware etc (a'la Cisco), I was using them as an example of how Chinese ownership is no barrier at all to doing business there in supplying sensitive electronic and IT systems - the video surveillance solutions still procured separately (and often with the building management and automation systems).

Agree with you John on the Chinese front and I'm sure that doesn't matter to them.

Perhaps more relevant are regions such as the fast growing African market, which is starting to procure big video systems and I suspect will buy cameras on price and almost certainly not care about ownership. Sure, the US will dwarf many of these, but its a mature market with lots of legacy systems (and a lot of deployed HIK cameras), whereas Middle East and Africa are emerging markets with lots of greenfield opportunity.

Every UAE, Qatar and Bahrain project we bid on explicitly forbid Chinese products. China and Israel-manufactured products are typically excluded from large projects over there.

Christian, that's very interesting.

Your posting made me think of an interesting fact that the International Traffic in Arms Regulations ("ITAR") restricts the export to certain countries of a number of items including information and software that are primarily commercial in nature but also have potential military applications. Specifically noted on the Commerce Control List under ITAR are computers. However, these items are allowed for import from ITAR prohibited countries.

The purpose of ITAR is to prevent items from being shipped to specific countries (including China) that may use such restricted items against the U.S. Given the threat of cyber warfare and terrorism, perhaps the U.S. should consider restricting the import of these same items from these same countries as they can also be used against the U.S. within our borders. While much has been said about the difference between China and North Korea, they are both ITAR prohibited countries. Further, we have verified evidence that China has a cyber warfare unit engaged in attacks on the U.S.

Now, I'm all for global trade but, the fact is China is, in effect at war with the U.S...perhaps much like the UAE would consider themselves at defacto war with Israel.

While my first concern is that the Chinese government's support of HikiVision is unfairly driving the market lower, let's not be so naïve as to think the Chinese do not want to harm the U.S.

If ITAR were to be applied to imports and exports, HikiVision (and many other countries) would not be allowed to ship computers and peripherals or any other items that could have military applications to the U.S. It is not a stretch to suggest that IP cameras would be included in this restriction.

The following are ITAR prohibited countries:

Afghanistan, Belarus, Central African Republic, Cuba, Cyprus, Eritrea, Fiji, Iran, Iraq, Cote d'Ivoire, Lebanon, Libya, North Korea, Syria, Vietnam, Myanmar, CHINA, Haiti, Liberia, Rwanda, Somalia, Sri Lanka, Republic of the Sudan (Northern Sudan), Yemen, Zimbabwe, Venezuela, Democratic Republic of the Congo.

Best,

David Coughlin

These are interesting ideas but I think they would be very hard to push through.

I'm obviously not an international trade expert but I would presume that it's much easier for a country to control its defense exports than preventing imports of security-related products - even when there is a credible threat to its IT infrastructure.

The reason ITAR is enforceable is that US-based military contractors depend largely from the DoD funding. ITAR-restricted products simply wouldn't exist without DoD grants and contracts. US military contractors would never risk being barred from future contracts. Other countries don't really mind if the US exporters export less - on the contrary, it provides a chance for non-US exporters to export more.

In contrast, if the US were to block imports of some products from China, they would face internal pressure from consumers as well as from WTO, etc.

It's one thing for China to face criticisms from Trump over twitter, and another entirely to let their exports be blocked. I bet there are lots of US-based organizations influenced by China's big money that would pull strings if Trump actually tries to implement some of his promised protectionist policies.

Good Marketing move???? With cameras most people are taking notice of or buying outright?? With products proven to offer one of the best if not best Price to Performance ratio in the industry? With the market leader??? Similar to not producing applications software for Windows OS because they are hack-able?

Similar to not producing applications software for Windows OS because they are hack-able?

Exactly. It looks like the Apple positioning - you can use Windows apps if you really want to but it will cost you extra efforts, be safe and stick with Apple products.

Hik has made a huge progress for a very short period of time and taking into account the resources they have it is obviously a serious threat for any other vendor. IMO, Genetec simply tries to secure their customer base by using this "unsafeownedbycommunists" wave. It is cheaper then compete on price and technology levels (I know I know, Genetec has an advanced product - but who said Hik will not match in next couple of years?).

I personally praise Genetec for taking this position. Supporting Hikvision is no different than supporting the Chinese Government espionage agencies efforts of spreading a blanket of spy tools around the world. Anyone, selling, or installing, Hikvision cameras in the western world are unwittingly agents of the Chinese Government spy agencies.

O.o you will trigger some serious chi-com camera shills here with that comment. but the real answer comes form a another comment I saw earlier

"good luck competing with Hikvison and their 6 Billion dollar war chest"

they could pay people $50 a camera to take them along with a copy of the communist manifesto and people would still use them I would think chi-com vision would start giving their VMS away free to existing Genetec customers along with free cameras to counter this as they have a printing press that can print unlimited money behind them.

That is everyone's choice to make, off course. If the safety and security or our country/client is not important, then look at it from the bottom line. I chose not to profit at the expense of my client's/country's personal/national security. The Chinese know quite well our weakest point, and that is greed.

Richard, I agree except for one thing.

Why do they need to charge?

Either just make them sign a wavier or take it out unconditionally.

The money taints it.

No one has given, IMHO, an actual reason for the charge.

Can anyone?

Even proponents of these cameras on this forum are quick to point out that they mitigate risk and isolate these devices on purpose built networks using “professional firewall technology”, or “jails for cameras”.

Not only is this approach antithetical to Genetec’s vision of security networks, but supporting these devices requires us to go through the same trouble in a dynamic, interconnected, and complex research and development environment with 550+ scientists and engineers. The requirement to handle these devices in a highly secure containment lab degrades the integrity of our processes and is an expensive distraction from the real job at hand.

Thus, for those customers who choose to make, or who have already made, unfortunate choices in terms of the devices they host on their networks, we will pass on the high cost of testing, integrating and supporting these devices, instead of absorbing it or spreading it over our entire customer base.

Andrew Elvish
Vice President, Marketing & Product Management
Genetec Inc.

Andy, I'm calling BS on your claim of "550+ scientists and engineers" as your website claims just over 600 total employees. Grandiose claims like this may lead others to question the veracity of Genetec's other claims.

Also, there are other reasons beyond security to isolate IP video traffic on its own network (physical or virtual). One is that it allows for network traffic to be contained so that it doesn't impact other network traffic.

Nevertheless, I do agree with your premise that there are additional costs for HikVision based upon their history, marketing methods, and company ownership.

On a side note, I'm not a fan of HikVision because I believe the overall marketing of their products cheapens our industry, and the company is able to do this due to government subsidies and a low paid workforce. Then again (and perhaps directly opposed to this bottom feeding mindset), I've also found Genetec to be overly arrogant...Case in point, you made me look up "antithetical."

Cheers,

David Coughlin

Director, Security Sales & Operations

ENE Systems

The extra charge for HikVision is likely to support administrative costs and to hedge against legal fees/exposure. Just because customers sign waivers doesn't preclude lawsuits from third parties...and even by the customers who signed the waivers.

Just because customers sign waivers doesn't preclude lawsuits from third parties...

Sure, but what would the lawsuit even allege?

"Genetec connected to a camera they told me not to buy. This camera later participated in a DDOS attack on a third party, that was unrelated to Genetec in any way."

"Still Genetec was negligent by connecting to this camera, which gave me the sense that it must be trustsorthy, and so over their objections, I purchased one, to my regret."

IMHO, they have more liability from someone slipping in the lobby.

Arrogant in my opinion. If Im a customer Im thinking like this "Im paying all this money for this software and you mean to tell me I have to pay more to use Hikvision cameras?"

Surveillance Nazi's

Sean,

In addition to the charge, you have to sign the special cyber security liability waiver, which many enterprises will be uncomfortable doing regardless of price, though ironically Hikvision also waives any liability for cyber security risks on their products.

Yeah I see your point on cyber security, but to dictate to a customer what cameras they have to use on (IMO) an already overpriced software is not right. They should remain in the software business, not the camera business.

Its like Microsoft making you sign a waiver and pay an extra fee anytime you have to install a program that "they dont trust" on a PC.

This hurts Genetec way more than Hikvision. This wont even put a blip on Hikvisions business.

Genetec isn't dictating what cameras to use- there are many other choices of cameras. They're just saying they won't support these.

And Microsoft may not charge extra for installing untrusted software, but you do have to click the disclaimer that pops up when you install a program "from an untrusted source".

Thats a heck of a lot better than saying, "you cant install these cameras on this software unless you pay an extra fee"

Why not just do the disclaimer instead?

Well done Genetec, I shall go into the other thread and change my answer to 'Yes' I would now take a job there.

For high-end projects where Genetec can be sold as a VMS solution I wouldn't quote Hikvision cameras anyway.

Und 1, I agree. I don't think you'd see too many Hikvision cameras on a Genetec install or too many people installing Hikvision also quoting Genetec. Business wise I don't think this hurts either one very much. The biggest challenge this will probably create is "takeovers" where the VMS is being upgraded to Genetec but Hikvision cameras are already installed.

however, we have one customer who had a Genetec system with Bosch cameras, and when they expanded the system with some new IP cameras, they decided to buy Hikvision cameras because of their low price. In this case we cannot upgrade the system without the extra license cost for Hikvision cameras. The customer will not like it.

If you don't mind me asking, who sold them the Hikvisions and how long ago was it? Do you know if it was a strictly internal decision or did another dealer sell them on it?

is there any actual factual basis for this move? Have they found out that Hikvision cameras are actually a threat by allowing any more risk than any other brand? Or is this just a political move to make their customers happy?

is there any actual factual basis for this move?

Genetec said there were specific facts / incidents observed but, due to security reasons, that they were not willing to share it publicly.

They may be overreacting (I can't tell because I don't know what they know) but I think they genuinely believe there is significant risk here.

Without the actual reasons, it just sounds like a political move. If they don't want to share it publicly they should be passing it off to some security group that will work with Hikvision to fix it or make it public. To keep it to themselves again makes it seem more political or selfish because if there really is a risk, then the whole industry should be made aware. That's pretty standard these days in device security.

Unless the security risk is actually affecting the Genetic product and it's security because of their own flaw found.

passing it off to some security group that will work with Hikvision to fix it

How can you 'fix' Hikvision being owned / controlled by the Chinese government? My understanding is that the point is not one specific technical vulnerability but the Chinese government ongoing cyber security program and the likelihood of China using Hikvision devices.

Do you really think they would be stupid enough to use an obvious brand ?

Surely, if that was their plan they would buy into an American brand and do it from a more trusted source ???

This all seems like paranoia to me.

Of course they will use their own brand - just as the nsa used american-manufactured routers to install back doors into.

Any product that involves cyber security that is owned or controlled by a foreign government entity must be assumed to be non-secure. Otherwise you are just kidding yourself.

China is a leading source of intellectual property theft and why would a security integrator want to introduce the potential of a corporate client being penetrated through integrator- supplied security gear. To save 50 bucks? Is it worth the risks posed?

Can't help but feel you're missing the point.

I wonder how, or if, Genetec will be able to keep up with various Hikvision OEM's. While I think it is unlikely a Genetec customer would be using some obscure Hikvision OEM product, it still makes fully enforcing this a bit of a mess.

Maybe they can detect these cameras through MAC address or ONVIF identification strings, but if Hikvision really is evil, couldn't they build products for an OEM that appeared as non-Hikvision products to be utilized with Genetec?

This may end up being more like plugging a hole in a sinking ship with a sponge. It will stop some of the problem, but will not be 100% effective if there is true intent to invade.

It will stop some of the problem, but will not be 100% effective if there is true intent to invade.

For enterprise accounts, it is going to be hard to 'sneak in' products. There is a lot of vetting done and it is not that hard to figure out who an OEM of a product is if one is so motivated (e.g., try to see if Hikvision SADP detects it). Plus, there's only so many 'manufacturers' with the sales organization / resources to go after these enterprise accounts.

I think we would agree, that with or without Genetec, Hikvision is going to continue selling millions of devices in the NA SMB.

Quick addendum from a Genetec employee.

"Bruno Dutey: Hello, how may I help you?

Robert Shih: Hello! I've heard that you have dropped support for Hikvision recently. Are you going to continue Dahua support?

Bruno Dutey: Thank you for contacting us. Hikvision has been removed from our pricelist due to security concerns. Cameras from that manufacturer are still available, however licensing will come at a higher cost and end users would need to sign a waiver. A press release with more details on this topic is set to be published soon.

In regards of Dahua

Everything is business as usual, we are not planning on removing any other manufacturer from our supported device list

Robert Shih: Will you also update to support Dahua's new h.265 products?

I am particularly inquiring about this model: http://www1.dahuasec…cts/ipc-pfw8601-a180-3341.htmlIPC-PFW8601-A180IPC-PFW8601-A180

Bruno Dutey: Usually new cameras are tested within 3 months of release and then published in our website. Unfortunately I don't any have access to the list of cameras that our engineers are working on

Robert Shih: What is the outlook though?

Bruno Dutey: Unfortunately there is not really an estimated guess that I could give you with the information I have. However if the camera uses the Onvif protocol you could most likely be able to get a basic videostream but any other functions might not work

Is there anything else I can help with?

Robert Shih: Mainly, I'm asking for a member of IPVM who was interested in a panoramic 180 degree multiimager camera

I wonder though, do multi-imager cameras count for a single license or multiple? Read

Bruno Dutey: It would depend on the exact model

Some of them need multiple licenses"

So basically, they are enforcing this right off the bat.

If Genetec customers are worried about HikVision cameras and the risk of being hacked, can they not simply avoid purchasing HikVision? It's not an STD, you can't "catch" HikVision simply because the software supports it...

The only reason I can fathom for this is that Genetec specifically is at legal risk if a customer is hacked as a result of using a HikVision camera. But again - would the risk not lie with HikVision? How would this be Genetec's fault? I'm not a lawyer and maybe the case can be made, but it seems awfully weak.

If the legal risk to Genetec is not real, then the only other explanation is that Genetec doesn't like/trust HikVision as a business partner and/or they want to be seen as being tough on China which is a popular position (for great reasons). They are capitalising on this trend while taking a miniscule risk since by their own admission, their HikVision customer base is "vanishingly small".

How would this be Genetec's fault?

I think the challenge would be in proving that a hack or exploit was traced back to the Hikvision cameras. If Genetec's theory is true, then you are talking about the Chinese government trying to infiltrate critical sites through camera hardware. This would not be some ham-handed Mirai botnet, it would be more like a Stuxnet attack - stealthy, slow, deliberate.

Assuming that the overlap of Genetec and Hikvision's customers is in fact small, this move could be logical for Genetec. Lock out Hikvision cameras at risk of maybe a few sales, but also reduce risk that their product is tied to a larger incident that would have more bad P.R. and much larger losses.

While you can't catch Hik, there is an inherent risk.

What about the US embassy that specified Hik cameras? They say that they are for a closed system. Now imagine down the road they want to connect the cameras to their core CCTV system, or outgrow whatever VMS they are currently using. All of a sudden, the "stand alone" non-threatening CCTV system in a US embassy is connected to the secure network.

Of a technician who inadvertantly connects to the network or for ease of access?

Or for the tin foil hat wearers, what if a Hik API command was a sleeper to trigger something to happen??

Way to go Genetec!!! I applaud them for making a strong statement.

Excellent News, Now lets hope that HIKVISION, the #1 supplier of Video cameras and recorders world-wide, puts forth great effort to launch the iVMS-5200 platform in North America and bring us all of the access control, intercom and security offerings already available in Europe and elsewhere and 'help' Genetec with their market share, world-wide.

See told ya this shillery was coming

Excellent News

Marty, you are awesome! :)

I think what would be excellent news (for Hikvision) is for everyone to forget about the Hikvision / Chinese government connection.

This news here - I do not think it is good for your business. It means Genetec sales people are likely to fight harder in deals against Hikvision, bringing up the cyber security risks and Chinese government control. Even if you can overcome them, these are not the type of concerns you want competitors bringing up. Worse, if Genetec starts putting end user prospects in touch with other end users who are willing to validate those concerns (and Genetec has a who's who of government and corporate clients), this could create a lot of problems for competitors using Hikvision. I haven't talked to anyone in Genetec about how they would use this in the sales process, but it strikes me as sales 101 to do this.

John- I see where you are coming from and it seems everyone agrees that the only cameras HIKVISION sells are $ 100 value line, that is not the case. It certainly is not mine anyway. I never said Genetec was a bad product I'm sure its a fine product but Genetec did not get HIKVISION where they are today. HIKVISION will withstand, and I do hope they take some of the warchest and open up iVMS-5200 to the masses. So there is a brew-ha-ha, big deal it will not affect my sales one bit,.The ownership of the company has not every affected my business, but the quality of the product and support I receive really has helped my business. Many, meaning more than 5 or 10 of our US government customers directly know they are buying HIKVISION products, have commented to me about the negative press, have read articles regarding the ownership and the company, have forwarded me articles they have seen and the contracts keep coming. I have never been asked to change, swap, not use or otherwise by anyone so until that day comes I remain a dealer and will support a product line that has supported me.

BTW I still think it is good news...

it seems everyone agrees that the only cameras HIKVISION sells are $ 100 value line, that is not the case.

I agree, that's why I cited the enterprise product expansion in the original post. And it is a risk for Genetec as Hikvision continues to move up market with their cameras.

Many, meaning more than 5 or 10 of our US government customers directly know they are buying HIKVISION products, have commented to me about the negative press, have read articles regarding the ownership and the company, have forwarded me articles they have seen and the contracts keep coming.

More power to you but I can't fathom why you think it is good news for more and more entities to criticize Hikvision's Chinese government ownership. You really don't think it increases the risk that the negative pushback will get high enough that it could force your US government customers to reverse course?

they dont have a "warchest" they have a printing press its a entirely different thing.

I wouldn't see this as news that is altogether hurtful towards HIKVision, at least initially, but it does signal a growing sentiment that HIKVision is bad for the industry/is a security risk for users. If it stops with just Genetec ending support, I think the overall impact won't be too significant (especially if China keeps writing blank check loans to subsidize HIKVision); but if this becomes something that starts to catch on with other VMS providers and/or causes some larger end users to take a second look at the cybersecurity and ownership concerns of HIKVision then it could pose a significant risk to them (especially since they have staked several billion on the NA market that could go for naught of enterprise and government clients begin dropping them from being an approved product).

It won't be an initial huge concern for them, but it is definitely far from what could be called good or even neutral news for them as they seek to expand their footprint in the West.

Not without some serious work.

5200 is a giant mess. It's clunky and not user friendly. In it's current state I would NEVER recommend 5200 anywhere. I'd give it a solid 3/10 as a VMS.

I was one of the first sites to use this in my country. I'm still having dramas with it 12 months later.

Related: iVMS-5200 trial download is here. We have been doing some testing on it recently, not ready to release results but so far we have not found it to be that sophisticated (i.e., relative to a Genetec Security Center, Milestone XProtect Corporate, etc.)

Is it much of a step up from 4200?

the key comment which I totally agree with is...

The biggest risk mitigator for Genetec is that Genetec's business model does not depend on the low end of the market where Hikvision is strongest. The customers most excited to buy $100 Hikvision cameras off the ADI shelf are the least likely to buy Genetec.

Agreed, in 2016 this is true.

It is an interesting move for many reasons, and I expect other camera manufacturers are happy that Genetec is making this move.

Genetec is undermining Hikvision's low-cost subsidies by essentially charging more to license their cameras. From a price point of view, other camera manufacturers will no longer have such a steep price difference to bridge.

Advidia is supported though?

Who said the move was really about security? Genetec predicts gutting of low and mid level players so they take the Avigilon approach and stop support for low end players in an attempt to stay upstream.

Advidia is supported

Advidia, according to Panasonic / VI, the owners of Advidia, is a mixture of ACTi, Dahua and Hikvision cameras. Reference: Panasonic Embraces Advidia OEMing of ACTi, Dahua and Hikvision

I am not sure which models are OEMed from which company but from Genetec's descriptions, those from Hikvision are going to be dropped.

Yes, but how do you tell an ONVIF compliant Advidia Hik from an ONVIF compliant Advidia Dahua?

The Advidia HIK would presumably use HIK RTSP strings. Or send a HIK API command and look for a response. vs. receiving a Dahua RTSP or API command.

Another way to identify the OEM is MAC addressing. If I remember correctly, each manufacturer gets assigned the first half of a MAC address as being unique to that manufacturer, kind of like how ISPs are given a range of Public IP addresses to vend as they please. The second half of the MAC address is unique to each device.

Of course this can become obscured when OEMing parts. That's why sometimes when you use an IP scanner it returns another manufacture name for a device than what it is labelled.

It also doesn't mean MAC addresses can't, or aren't misused, counterfeited or implemented badly in manufacturing. I remember in my computer guy days I had a couple instances of computers on a network continually having IP address conflicts because they were pulling the same IP from a DHCP server. When I looked at it closer, I found out the cheap, no-name brand network cards on the computers had the same MAC addresses on them, causing the DHCP server (which automatically assign IP addresses based on MAC address) to vend the same IP address to both computers.

they are made by Hik so they will have Hik mac addresses even if Advidia rebrands them. in fact most of the firmware is the same.

I havent had wireshark running while i do a search for cameras on VI maybe the next server I load up I will do this and see.

If I am to take a stab in the Dark, Panasonic is giving the free license on cameras based on the serial numbers on the cameras so they could use SNMP to pull the model and serial number for reference.

but I am still busy on my Firmware project Right now I am comparing the Chinese firmware vs the NTSC version on Hikvison.

they will have Hik mac addresses even if Advidia rebrands them...

Not if you don't want them to:

you are going to have to work a lot harder than that with most cameras some of the firmware has protections against that.

but it works cute in a VM though (p.s. the all mostly look for eth0)

mostly look for eth0

Well its a wireless camera, what can I say?

Most cameras have protection against that...

Sure your Panasonic, but not most cheap cameras, IMHO.

actually as I go though firmwares for the most popular cameras

AXIS, Sony, Panasonic, Hanwha/samsung, and Hikvison

they all have similar measures in place to protect against that kinda stuff

Bargain bin ones that operate on 5year old software and 5+ year old hardware, yeah they arent not hitting on much of anything, but as much as I dont like Hikvison I would still sue the most current up to date model and software as that is what should be accountable based on legal measures and their support recommendations of using the latest firmware.

Bargain bin ones that operate on 5year old software and 5+ year old hardware, yeah they arent not hitting on much of anything...

Ironically then Genetec would be protected against only the most "up-to-date" and secure Hik firmwares...

If you have the right CGI command, you can change the MAC address, even of a Panasonic. You can even change the serial number to allow VI a free license.

Most manufacturers have factory/repair CGI commands to alter these settings.

You can't change the MAC address. Also, newer Panasonic cameras don't allow CGI commands to be executed without the CGI being authenticated.

no cant cant change the MAC with CGI commands. you get the MAC info though if its authenticated.

Except that nothing stops other manufacturers from using such strings. Many have copied Axis RTSP strings for instance.

If nothing else, Hik could easily add a "ONVIF only" mode.

Obviously, Hikvision has been around for awhile before the news of the Chinese government ownership surfaced. What would have happened if this was known first? Do you think Hikvision would be so popular? If the US Government would manufacture $25 IP cameras would people buy them?

It wouldn't really matter.

(Typed from a Lenovo laptop)

Would you buy CCTV products owned by the US government?

Lenovo laptops are one of the biggest reasons that Panasonic Toughbooks have become the ubiquitous choice for rugged and semi-rugged devices. A billion dollar business in the US alone would beg to differ with your view....

If it was subsidized by the US government I would not buy them. Subsidization is not good for the industry in general. If I was a corn grower in Mexico and cheap US subsidized corn was flowing my way I would be just as upset.

The customers most excited to buy $100 Hikvision cameras off the ADI shelf are the least likely to buy Genetec.

Perhaps, but IMHO, far more Genetec customers are likely to want to use some Hik cameras, than Hik customers are wishing to use Genetec.

Disagree. We know eveyone wants to pay Hik prices, but when educated on Hik cameras, I doubt they want them in most cases. There are other low cost alternatives to Hik.

...but when educated on Hik cameras...

Educated by whom?

You or Marty Calhoun?

"Educated by whom?

You or Marty Calhoun?"

I'll just say educated versus indoctrinated, and leave the decision up to you. :)

Like I said, guess who is laughing all the way to the bank....

Oh, I don't doubt that. Some famous people have made money selling on those principles., and not all of them got arrested. :)

No offense, but you act like you are making billions off these cameras.

Everyone on this site knows the cost differences involved no need to discuss that, its the net margin at the end of the deal that counts, and margins come from having a professional team behind you installing products that are reliable, as well as experience designing and executing a sale.

Billions no, you?

No, definitely not billions. I don't boast about laughing all the way to the bank.

...you act like you are making billions...

Seriously, if he were making billions, do you think he'd really be 'laughing all the way to the bank?'.

He'd have direct deposit :)

That's a lot of rolls of change in profit to deposit.

This all day. For $20 more, I can get a Hanwha/Samsung.

Let's call this what this is. Another step away from open, in an effort to box out competition from the larger end to end competitors whom threaten Genetec's VMS business by even getting a seat at the table with their cameras. Charging higher licensing costs for a specific company's cameras? Just pull support for them completely and claim that their ONVIF profile is no good. You've done it before.

All of these people celebrating this move by Genetec feels like a Brexit moment. Sounds great now until that customer with 200 Hikvision cameras wants to look at other VMS's and you get to tell them that Genetec thinks their cameras are crap and wants to charge a higher price to license them.

Always interesting to read about what is deemed as acceptable for being selectively open in this market.

Sounds great now until that customer with 200 Hikvision cameras wants to look at other VMS's and you get to tell them that Genetec thinks their cameras are crap and wants to charge a higher price to license them.

I don't agree as Hikvision cameras are not crap. It's the Government ownership is the problem.

Sell as many systems as you can without licensing?

Hikvision makes some killer mid-upper range cameras that I really like. As an end user, I would be furious to have my selected VMS make this decision for me. Maybe this is the republican in me.

Remember - they are not saying 'No'.

They are taking steps so that somewhere in the process an end-user has to be advised of the extra steps needed to get Hikvision working on a Genetec system and advised of the risks as Genetec see's it.

They lay it out and let the end-user decide, they are not closing it off completely. They are allowing it to be used but under certain conditions.

If Genetec was really just trying to advise users of these risky cameras, why not a pop-up screen warning when adding a Hikvision device?

How exactly does paying Genetec additional money to add a Hikvision device reduce the risk?

How exactly does paying Genetec additional money to add a Hikvision device reduce the risk?

It doesn't - but will act as a deterrent (along with the need for the signed waiver) and it makes it very clear their thoughts on the Hik product.

Why doesn't Genetec pop up a warning to the end users that their cameras are insecure? Seems a bit late at that point.

What makes Genetec DESERVE more of our money? Or any other VMS solution?They already are overcharging everyone for license fees when it is the "OLD HAT" way of doing business. Install systems without fees and pocket the difference because we are doing the work, selling, installing and backing all that up, I prefer keeping as much of my companies sales dollars as possible.

$15,000 $ 25,000 even $ 1,000 to license what? My cameras, damn. They have already paid for the R&D costs 10 times over. The industry needs a shakedown and Integrator s need to speak up and either make these blood suckers stop charging astronomical fees for licensing.

Does anyone agree with me?

I will gladly use my companies sales dollars to go towards licensing. Of course everyone always wants their products to be cheaper, but without that cost how do those companies pay for R&D? While I definitely wouldn't mind marketing budgets being a little lower for those big companies, you end up paying more for licensing in order to get higher level features. Companies like Axis, Samsung, and Bosch makes great cameras, but if you always went the cheap route and used camera companion or any variant of the free software then you're leaving a lot on the table feature wise.

Admittedly this probably has a lot to do with what market a company goes after. If it's SMB then higher level features and integration probably aren't that important, so going towards an NVR no license kind of set up may work; but in the higher level arena's there just aren't any comparable feature sets between using free software and a true VMS with all the possible integrations.

of course because when you have a magic printing press that prints all the money you need to pay for things like R&D, testing equipment, training, and marketing.

subsidize the losses, reap the profits right?

I mean god forbid anyone take a risk and and have it come though and make money on it, unless it is you right? its not like they take the extra money and reinvest it back into the company to make more money or anything.

But you wouldnt know anything about that because the majority of equipment you buy and resell doesnt have to play by the rules like everyone else "has to".

Then you get all butthurt when someone says I refuse to do business with someone who does not play by the same rules as everyone else and put a tariff on them for trying undercut all the competition who has playing same rules .

you have no right to complain about people who still have ethics when you sir have none.

Marty I think you're missing the economies of scale, and the relative comparison of the to the rest of the technology world. Have you looked at the base+client licensing fees for things like Microsoft SQL Server, Microsoft Exchange, Quickbooks, SAP, Oracle or any other client-server based software solutions? It's not really much different. Per seat versus per user licensing, per CPU core, license renewal and ongoing.

And they have exceptionally higher volume of sales versus the pitiful few million the security world does, their R&D dollars go a lot farther. When I used to work in IT for a newspaper, initially it amazed me the amount of money we had to pay for software that seemed to do simpler tasks than mainstream software, and clunky at that. But then I thought about it, this was specialized software only a small market client would need, so the development dollars had to be recompensed over a much smaller sales volume.

I don't think VMS companies have it very easy. At least no where near as lucrative and being C-Level at Microsoft or Oracle.

It could actually open the way for competitors such as Dahua (a privately owned Chinese company) and Uniview (an American-owned Chinese company).

There are two major implications about hikvision a State owned company

1) Economical: What we know is that hikvision is making dump on price thanks to money granted by Chinese governmenet. This is quite unfair and illegal in western countries but nobody was doing nothing.

2) Security: We are installing on strategical infrastructures of western countries a lot of intelligent devices that could be controlled by a chinese dicatatorship. Also in this case nobody was doing nothing.

Thanks to Genetec, homeland savior.

So Genetec cannot claim to be ONVIF compliant, in its base product, if they intentionally break integration with 10% of all ONVIF devices in existence, right?

They are still ONVIF conformant, they are just reading the manufacturer field and allowing/disallowing the connection then based on the license.

Surely that can't be allowed.

Say I release a supposedly ONVIF comformant NVR that checks to make sure its a Dahua camera, and boots everything else.

Can I really use the ONVIF logo?

It all has to do with licensing.... All major VMS require a license. You can do a search and find ONVIF cameras, but can't add them and record until you load licenses.

Now, you can search for ONVIF cameras, but if they are HIK or their OEMs, it checks your license, and then uses the ONVIF protocol to communicate the video stream, etc.

Just like with Panasonic and VI. They give you a free license if they detect a Panasonic camera, and make you pay for other brands. I believe the license was free only for cameras manufactured after a certain point, so they are delving down in to the serial number field as well. (Of course they can/could/should be using the PS-API vs. ONVIF, but you never know....)

they are compliant with ONVIF the issue here are programs that may or may not be in the Non ONVIF compliant parts and programs of the cameras which like it or not. are what Genetec are taking issue with.

GMO - Genetecally Modified ONVIF

(Disclaimer: I am VP Engineering for IPConfigure).

IPConfigure supports and will continue to support Hikvision cameras in our Orchid VMS.

Our recommended configuration is to place all cameras on a private, camera-only network with no route to the Internet. Only the VMS server itself should be able to access the Internet.

Orchid supports an architecture in which clients never need direct access to cameras and cameras never need direct or indirect access to public networks; all video and event data is proxied through the VMS. In this way, a properly designed system need not (and indeed should not) ever allow cameras direct or indirect access to the Internet.

On servers for which this isn't feasible (due to having only a single network interface, for example), routers can be configured to block all Internet traffic to and from cameras by MAC address. I run Orchid on a Raspberry Pi -- which only has a single network interface -- at my home, and this is how I have my network configured.

While I believe that there is risk in deploying Hikvision cameras on publicly accessible networks, Genetec's position seems like an overreaction. So long as the software architecture allows it, a clearly defined set of recommended best practices as described above should be sufficient.

Thank you Mr Thompkins

* Dr. Tompkins

So is Avigilon still unsupported by Genetec at any price?

I don't understand "a privately owned Chinese company"... ? Please, I am not being sarcastic (this isn't Facebook - hah!). China is a communist country, aren't all businesses - entities of the government? Perhaps I don't know what Communism is or perhaps China is not a Communist state...

My understanding is China has a facade of excepting or incorporating capitalism into they way they operate but this is more of a way to fuel foreign acceptance and money (my opinion).

So this begs the question, is Genetec doing this because of issues with China or with issues specific to Hikvision? I might have issues with doing business with a government owned manufacturer but I believe Genetec is doing this for marketing reasons. Look, we are talking about it, and 2nd - will not hurt their business at all.

China's government is a single party dictatorship. As far as economically, China hasn't been Socialist/Communist in a long time now. In fact, there's less regulation in its capitalism there than in the USA.

HOWEVER, there is the caveat that the government can have enterprises of their own. Thus the businesses there are largely privately owned, but A) the government can make investments and B) the government owned businesses that do run amok, do so with an unfair advantage.

Oh Genetec, I hope you can defend yourself. Hikvision and Genetec are both excellent products and now the expectations for cyber security will be raised. All is fair in love and war, again Genetec I surely hope you can eat what is on your plate. Some of our curious nature becomes madness, don't poke the bear they said. This scratches at the cage in my brain that wonders just how secure genetec is as a whole. One would think that it may be not be too Longse before we see the cracked version of The Security Center (pun intended). Genetec should look deep into their employee database, just like the risk of malicious code possibly hidden or dormant within security devices so can many malicious engineers be hidden or dormant within your R&D cubicles right now. You have to fight cyber security on all fronts, it a global epidemic, how does one attack from all sides a spherical object?

One positive output of these accusations(until fully disclosed) is that at least they are being thought of, acted upon and ratified into a companies philosophy to eliminate risk. Some will follow and some will not. Perhaps this will spawn more cyber hardening codes and ethics for the security industry(yay?).

Intellectuals solve problems, Geniuses prevent them. Hackers do both.

Oh Hikvision, I hope you can defend yourself.....

Aren't we all forgetting something here?

Mainly, where the heck is Jon Dillabaugh?

...outside Genetec HQ with an angry worded placard and a clenched fist

Trying to save sales....

Working in the field, installing Hikvision cameras. Lol

Working in the field, installing Hikvision cameras.

Good for you.

What's the reaction from the man-on-the-street about this move?

Seems like shooting yourself in the foot to me, but you already know my stance on Hik.

I don't really service the Genetec level clients, so it really doesn't affect me directly.

Where this might benefit me is if Hik decides to deploy 5200 (or its successor) soon. A little birdie told me to expect something at ISC next year.

Probably the Blazer servers which are 5200 servers anyways or the Blazer Express which is 5200 in a standard 1RU form factor which comes complete with POS and ANPR

Whose Genetec's biggest competitor in 5 years?

Hikvision.

Customers that already use these devices (which Genetec described as 'vanishingly small')

'Vanishingly small' implies that its not only small but getting smaller all the time. Yet Hik, by all accounts, has been getting cheaper and producing cameras of increasing quality and features.

Its hard to believe there were more Hiks 2 years ago on Genetec than today.

What's to keep the Chinese government from installing these "cyber security risks", into the billions of products that we buy every year being manufactured in China. Apparently I'm "vanishingly small" as I use Security Center and am in the process of installing 80+ HIKVISION Smart Pro Series Value Plus Series dome cameras and the best overall 1080 PTZ that I've seen on the market (which costs less than $500). I'm not familiar with HIKVISION's $100 cameras but I can tell you from experience that their higher end cameras stack up against anything on the market. It's was earlier mentioned that you could buy a Samsung for $20 more...what a joke...

Needless to say I'm not amused by Genetec's complete stupidity and will be contacting HIKVISION and Milestone to take my 300+ (by the way 100% closed) camera system elsewhere. This paranoia needs to be stopped.

Amen! I totally agree.

$100 Hikvision cams are great in small rooms like MDF's, supply closets, etc.

Poll: If you switch VMS systems to keep Hikvision cameras, would it be because...

1. ...you don't think Hikvision cameras are from a communist government engaging in predatory pricing?

2. ...you don't believe Hikvision cameras have security concerns?

3. ... you don't want your bosses finding out what you got them into?

4. ...you don't want your bosses to find out about all the free diners and boat trips you got from Marty & Jon? [Satire meant for humor]

5. ...it's just best not to let these thoughts intrude on your safe space?

At least Hikvision isn't supplying us with explosive smart phones and washing machines. Those machines are rising up.

6. ...you don't want chinatec showing your customer quotes from your local competition and that chinatec can ensure a lower price if you go with chinatec's recommendation based on chinatec's metrics in that region.

7. ...you don't want to partner with canadavision and collaborate on cyber security awareness and increase security as a whole.

8. ...to the moon Alice!

Lets push to get iVMS-5200 fully developed and SLAM all of them with the best cameras and a first class VMS all from HIKVISION then we will not need any of them....

Big difference between LARGEST camera provider and BEST camera provider

Even bigger difference between License and NO license

Can't wait to hear how you are going to secure IVMS-5200 when customer wants remote access.

I have no worries, it seems rational that 4200 engineers may have that ability covered.

I have no worries, it seems rational that 4200 engineers may have that ability covered.

Marty, point of fact, Hikvision claims 7,000+ now:

By the end of 2015, Hikvision had an R&D team of 7,181 engineers

That said, sheer engineer count is not a particularly strong metric when it comes to software development performance.

Are you implying that you know the task assigned to each of the (7,181) engineers on staff?

Are you implying that you know the task assigned to each of the (7,181) engineers on staff?

Marty, for your sake, I sure hope Hikvision dedicates a legion of engineers to improve the 5200. From your comments here, you are vastly underestimating the complexity and sophistication of Genetec Security Center, Milestone Corporate, etc.

But remember, even if they do, building VMS software from scratch is very hard and time consuming to do and cannot be solved by simply throwing a team of engineers at it.

Important to take into account that Hik have already big experience in software development. In China market they are kind of Avigilon, providing complete systems for any projects. They don't want to cooperate with open platform software in China, because they believe that their software is the best. They understand that hardware is commodity and to differentiate themselves in future they need strong software (and this is a threat for Genetec). But truth is that they still need to work hard to make their software acceptable outside China. Very interesting to see IPVM's report about current state of Hik's software.

"They don't want to cooperate with open platform software in China, because they believe that their software is the best. "

Well every VMS maker thinks (or says) they are the best. But how much competition do they really have? Seriously, how does the VMS choice landscape look in China- meaning how many big names can one say they have, domestic and foreign?

(-Signed......... hold on, have to find my driver's license......;)

Where is the source of this news?

Where is the source of this news?

By source, do you mean a press release or official announcement? There is none, to my knowledge.

Genetec announced it at their own event last week, non-Genetec people told us, we reached out to Genetec, got comment and did the post.

Sounds more vetted than a Rolling Stone article.

Hikvision should buy Genetec.

Hikvision should buy Genetec.

Lol, that would give new meaning to the term 'hostile takeover'.

There was an ongoing rumor in years past that Hikvision tried to buy both Genetec and Milestone. I am pretty sure at least one of the two is true.

To the broader point, I would not be surprised if Hikvision made a major international acquisition, though I would be stunned if it was Genetec...

It does seem like a natural fit. Easy way to silence a critic and buy your way into enterprise accounts. From what I am reading of Genetec I am surprised they are not more prominent in my region. As it is, I did not even know they existed outside of Target stores.

Are Genetec customers in China (surely at least one exists) allowed to use Hikvision cameras without restriction?

What about other parts of Asia?

It would be interesting to get a Genetec answer to this question.

This is a global decision, and will be applied consistently throughout all of our regions.

Andrew Elvish
Vice President, Marketing & Product Management
Genetec Inc.

Thanks Andrew!

A couple of follow-up questions:

Can you give us a ballpark estimate of how much the Hik license exemption will cost per camera?

Will this decision be reviewed periodically?

Do you see this type of licensing possibly being extended to other manufacturers in the near future?

NO...NO...NO... Genetec don't want'trust Hikvision... OH go on then as long as you pay more and then sign waiver...It will never be a Genetec problem then.....

Certainly a very interesting time to be in this industry…

I’ve commented before on previous posts and I’m more certain now than ever after US elections.

It seems there is a global discontent against companies and deep ties with government. Specially china, because of its ever growing and deep roots inside all of its companies.

This is just one more chapter of the already cyberwar we are currently on and is being fought in the shadows.

I am patiently waiting for hikvision to flip the switch and go all evil

(jk)

I may have missed it as I did a quick review of this article and comments - but is there a link to Genetec's actual announcement or is it listed within the article?

but is there a link to Genetec's actual announcement or is it listed within the article?

There is no Genetec press release. It was announced at one of their private events last week and then non-Genetec people shared it with us.

If you are looking for something official, beyond the fact that we spoke with Genetec, Hikvision is removed from Genetec's supported device list now.

[IPVM NOTE: This is a letter from Hikvision shared by a member who received it]

We have heard that Genetec is now requiring a special license / waiver for customers using Hikvision devices. This is an unfortunate decision for integrators, end-users and Genetec itself. Genetec has not produced any evidence that this decision is based on product technology. We believe it is politically motivated and designed to negatively influence perceptions about Hikvision’s approach to cybersecurity. Hikvision, as always, remains committed to providing great technology and great service to you, our valued partners.

Hikvision is proud to be a China-headquartered company that serves partners in the global market, and we’re proud of our outstanding team here in the United States and Canada.

As a global, publically traded company with a diverse set of private and public owners, we operate in the fiduciary interest of our shareholders and abide by the laws in the countries and regions where we do business.

Cybersecurity is a major concern for all physical security manufacturers. At Hikvision, ensuring the highest possible levels of cybersecurity is a top priority and we are proud of our industry-leading cybersecurity practices, which include:

  • A special task force at Hikvision headquarters, the Network and Information Security Lab sets Hikvision’s security standards, performing security evaluations and testing, and responding to security issues.
  • The Hikvision Security Response Center (HSRC) to receive, dispose and report any and all security-related vulnerabilities with a professional security emergency response mechanism.
  • Hikvision received its ISO/IEC 27001 certification last year.
  • Hikvision partners with several renowned security data and analytics companies such as Rapid7 to perform ongoing penetration tests and vulnerability assessments of our products.
  • We continue to take steps to improve our products, including having them tested by leading third-party cybersecurity firms to minimize any potential security risks.

Here is a link to our Hikvision Security Center, which has a number of resources. http://www.hikvision.com/us/about_10636.html.

Hikvision manufactures innovative products and is committed to bringing outstanding value to our partners. We do not engage in aggressive competitive practice and respect all of our competitors in the video surveillance industry.

At Hikvision, we believe that we’re all striving to provide products that safeguard people, property and assets and combat terrorism and illegal activity. We also believe that the best innovation emerges from the competition among, and the contributions of, many different video surveillance companies.

If you have any questions about Hikvision’s cybersecurity practices and the resources we have available to our partners and the security industry in general, please contact us so we can arrange a time to talk.


Sincerely,

Hikvision USA Inc.
Hikvision Canada Inc.

Look chi-com citizen# 12765839293002 some issues with your propaganda:

1) Genetec is owning this with the say so of a vice president so it comes from a board level decision, like it or not they have thought this though.

2) what you have said is misleading at best:

Hikvision is proud to be a China-headquartered company that serves partners in the global market, and we’re proud of our outstanding team here in the United States and Canada.

As a global, publically traded company with a diverse set of private and public owners, we operate in the fiduciary interest of our shareholders and abide by the laws in the countries and regions where we do business.

Hikvision is a "State owned" enterprise period, and that means

http://www.nytimes.com/2016/10/14/world/asia/china-soe-state-owned-enterprises.html?_r=0

But this week, China’s top leader made clear to the chiefs of the country’s biggest companies that there is only one boss who matters. In an unusual meeting that ended on Tuesday, President Xi Jinping announced that the Chinese Communist Party had the ultimate say over state companies.

That is the number one issue that everyone has here is that the Chinese government is calling the shots and subsidizing 50-95% of what ever they manufacture. how many holes in the security is low on the totem pole compared to the equipment being used as a chinese government tool.

3) if the chinese government wasn't subsidizing each camera and recording device Hikvision wouldn't be on the radar or even mentioned here on the posts so dont give me the "we are innovative and all about being competitive" far from it. but hey for some reason the US has now elected someone who wants to use tariffs and ban lists for products like these. hope he doesnt or it will be back to the ghost cities for demo and renovation work..

Please stop no one here buys chinese propaganda its sad, You are already using Hikvision as weapon to destroy the camera market, now we are worried about what you have sold being used against us a second time

Here in the UK a lot of integrator's are getting anonymous letters about Hikvision being owned by the Chinese Government.

#26, thanks.

When you say 'anonymous letter', is this a physical, post mail letter? And who is the post you screencapped from? Is that of Facebook?

John, this was a LinkedIn post from a CCTV installation company located in UK. I removed the name just for privacy reasons.

Yes when I say letter I mean a physical letter in the post, I have also heard the same from other companies involved in the install of CCTV in UK.

While I am not a fan of the Chinese records on Human Rights (euphemism), I cannot help but detect more than tinge of Xenophobia. State ownership of companies with commercial interest is more prevalent throughout the World than many in the US think. And that does not make them automatically unethical or not worthy of our businesses. The same feeling/mentality was a play in the late 80's when Japanese were buying American real estate and company. I can vividly remember the ire that was raised when a Japanese company purchased the Chrysler Building, a NYC landmark.. Only now it is the Chinese and they're the leaders in manufacturing.

The move is odd. Hikvision is big enough and Genetech small enough for the consequences to be paid by Genetech and not the other way around. I see the other VMS companies making a play at and with this.

The irony may well be lost on the people at Genetech , while typing their resolution on a Chinese-made keyboard, viewing it through Chinese-made monitors, processed through Chinese-made computers and later discussing it on the internet through Chinese-made home routers or on their Chinese-made but American-branded smartphones and all this going through Chinese-made core routers....

"I cannot help but detect more than tinge of Xenophobia"

Absolutely agree with you Frantz. The, how shall we say, earnestness of some posters commentary I think goes a bit beyond what would normally be expected for a topic as such. It's a bit hard to tell given the demographic of this site, but I'm curious if the rest of the world market cares as much as the Nth American market.

The irony may well be lost on the people at Genetech

I don't think there is any irony in this decision. It's a political move under a thinly veiled premise of security.

It is possible it is a political move. However, Hikvision has setup plenty of reasonable doubt: two prominent hacks, government ownership, government directors, and clear government subsidization. That is what makes this no more than a suspicion that it is a political move. Even if it were a political move, is the Chinese government subsidization of electronics manufacturers with the goal to expand their product overseas not the same?

The move is odd. Hikvision is big enough and Genetech small enough for the consequences to be paid by Genetech and not the other way around.

Frantz, good feedback.

On the one hand, I certainly agree about size, Hikvision is ~$4 billion company, 20x+ Genetec, which is in the $150 - 200 million range.

But to determine the impact, you need to factor in where in the market each company is.

  • 75% of Hikvision's revenue is from inside of China. This move would kill Genetec in China, except for the fact that Genetec already has no chance for China city / government projects (and that's not due to Genetec's inferior product quality but how China does business)
  • In North America and EMEA, where Genetec does most of its business, most of Genetec's revenue comes from large end users while most of Hikvision's revenue is coming from smaller ones.
  • Where I agree that there is risk is Hikvision's move into the enterprise. If Hikvision can be successful there, than Genetec will pay a heavy price. But winning the enterprise, in the West, is much harder / different than what Hikvision has done to date.

From Genetec's perspective, as such, the move is not as 'odd'.

State ownership of companies with commercial interest is more prevalent throughout the World than many in the US think. And that does not make them automatically unethical or not worthy of our businesses.

I don't think most critics feel that state ownership is 'automatically unethical' but it does create risks, especially when that state is your country's (meaning the US here) adversary in cyber attack (i.e. China). Likewise, it is totally understandable why China would want to have its own products inside its own critical infrastructure given the US's aggressive cyber program.

I don't think that there are political reasons...only if Genetec's owner want to become Canadian president :)

And, of course, not technical, because Hik is not worse than any other in this regard.

It is definitely marketing/sales reasons. Genetec is still commercial company and operate to get more market share and profit.

I assume one main reason: Genetec's SIs are mostly selling higher brand's cameras and suffer from Hik cameras sales. They sell Genetec, but big money comes from cameras. Hik's margin is very low in compare with higher brands, so they want to compensate this lost from software license price.

Simple!

But this is very big strategical mistake.

Huge cameras projects are not high price brand's projects anymore. Huge cameras projects become possible because of low price of cameras, so Genetec is going to loose them.

Interesting to see when they step back and return Hik in list. I predict very soon :)

NOTICE: This comment has been moved to its own discussion: Definitely Marketing/Sales Reasons For Genetec To Expel Hikvision

There are plenty of other non government owned camera options to choose from.

With a Price to performance ratio as good as Hikvision? Please let us know which one are those?

Its about time one of the big manufacturers stepped up and did what in its simplest form is the right thing. Now that Trump is President maybe he will completely shut down the importing of Hikvision products into the U.S. That would be a very astute decision. In my opinion Genetec just earned a lot of street credit by making this decision. Hey Genetec....HIGH FIVE!

I am using Hikvision PTZ cameras which by no means are cheap or low end. I have tested many PTZ cameras and this one had best masking features by far. 3 years solid performance and now Genetec tells me (not directly as I asked the question and was ignored) that I have to replace good cameras or pay premium for the software that is already overpriced. I have noticed strange performance issues after last couple of updates of Genetec software. Cameras digitized, unable to set maximum resolution on cameras that were working fine with older version.So I guess something was in the works already for a while. Time to look for a truly open source VMS.I think this is a good opportunity for VMS companies to pick up some business.

Are there any features that Genetec software provides that are so unique/hard to find elsewhere that could keep you locked into them?

If not then it's worth a look elsewhere.

Hi

  • Not so simple when you have to re-trained your techs and get them to be fluent in the new VMS.
  • Not evident who's going to beat the cost of the conversion to the new licenses. You can't just dump the old licenses and have them replaced by the new VMS.
  • Training the customers to perform their usual task through a new GUI, far from evident and potentially costly sometimes the customer will oppose the move.

3 out of many other reasons that would make it difficult to jump to another VMS.

I think Genetech is painting itself in a corner. That kind of political (?) statement may not play too well in this increasingly interdependent world. That is what I alluded to when I posted about the irony of using Chinese made wares to take a position against a Chinese company. They (Gen) better not use an Apple phone or even a Cisco phone in their HQ or make sure the routers and Ethernet switches they use