Hikvision Makes Child Pornography Distribution Harder With Improvements To Hik-Connect App
IPVM recently exposed Child Pornography On Sale From Hacked Hivision Cameras Using Current Hik-Connect App. Now, Hikvison has released a new Hik-Connect app version that makes it harder to do so.
In this report, we examine what the changes are, how this makes it harder, what risks remain, and our recommendations for improvement.
Executive *******
*** ******* ********* ******* **** ** Hik-Connect **** *** **** ******** **** being ****** **** ************ ******, *** a ***** ****** ** ********* ***** will ***** *** *** ******* ************* recently ***********.
Summary ** *******
********* **** ******* ******* ** *** way **** ******* ***** ****** ***-*******. Restrictions **** ***** ** *** ****** of ****** **** *** ** ****** with, *** ******** ** *** *****, and **** ***** *************. *** *** changes *** ****** *****:
- ****** ******* *** ************* *** *** sent ** *** ***-******* ******* *****.
- ******* ****** ******** ** ** **** from *** ****.
- ******* ****** ********** ***** ** ** from **.
- ********** ******** ** ******** *** ****** Hik-Connect *******.
- ********** ********* *** *** ******** *** direct ****** *******.
Push ************* *****, ***** *** *** ** ****
********* *** ******* ******* ************* *** the ******* *****, ** ***** *****:
****** **** ************* *** * ***** improvement. *******, ** **** **** * limited ******. ***** *** ******* *********** and ******** **** *** ************* ** this. **** ****** ***** *** ** have ***-******* *****, ********* ******* ********** for *************, *** **** *** ****** off ***/**** *************.
****** *** ***** ***-******* **** *** receive ***** *************. ******* ******** ******* is **** ****** *** **** *** app ********* *** ********* ******* ************* but **** ****** ********** ** ******** alerts *** ******** *************.
********, ***-******* / ******** ****** **** not **** ** ** ******* ** the ****** *** ** ** ** viewed ****** *** ***-******* ***, ** devices *** ** ******** ***** *** their ** *********.
** * **** **** **** ***-******* setup *** ************* ********, **** **** not ******* **** *************, *** **** will *** ** **-*** ******* ************ if/when **** **** *** ***:
Reduced ***** **** ** ** ****
*** ******** ******* ******** *** *** days. ********* *** *** ******* **** to ** ****.
Reduced ****** ********** ***** ** **
*** ******* ****** ** ********** *** also **** ******* ** ** ***** per ** **** **** ** **********. This **** **** ******* ******** ******* of * ****** ** **** ********** for **** ** ***. *******, ***** is ***** ** ***** ** *** number ** ** ***** ******** **** a ****** ******.
Encryption ********
********* ** *** ****** **** ** add *** ******, ** ********** ******** may ** *** *** ** ******. The ********** ******** ** ******** *** shared ***-******* *******. *******, *** ********** passwords *** *** ******** *** ****** access ******* / ******* ***** *** IP *******.
**** *** ***-******* ***** ****** ** shared **** ***** *****, *** ********* is *** ******** ** **** *** video ********** ******** ****** **** *** see *** ***** ****.
*** ******** ** *** ** *** IP ****** **** *** ****** ** activated *** *** ***** ***-******* ***** connection *** *** ** ******* **** the ***-******* *** ** *** ******** encryption ******** ** *****.
*******, ****** ** ***** *** ****** connection ** *** ********* ** ****** using *** ***-******* *** ** *** require ********** ********* *** ***** *****.
*** ********** ******** **** ***** ***** with ***-******* *******. ******* ** *** need **** ** ** ******* ** be ***** ** ***-******* ** **** forwarding ** **********.
Hik-Connect ***** ** *** ********** ********
*********** *** ***-******* ***** ***** ** the **** **** ***, ********** ******** is **** ** *** ***-******* ******* any ************ ****** ******* ******** *******.
**** ****** ******* * ****** ******* firmware ********** ** ************ ******** ***** ******.
*** ****, ************'* ***-******* ***** ******** ** ********** Devices
IPVM *********** ******* ********* ****** *********
***** *** ******* ***** ** **** sharing **** ********* / *******, **** don't **** * ******** ******. ***** are ******* ******* **** ********* *** make **** ***** **** **** ****** in ********** ************ *******.
- ******* ****** ****** ***** ** ******:****** ** ** **** *** **** needs ** ********** ** **** *** device ***** ****** ** *** ** sharing ***** ******* ****** **** ******** the *** *** ********** ******* **** around *** ***** ** ** ******.
- *** (**************, *************, *** **********):****** ***** **** ******* ****** *** legitimate ****** ******, *** *** ******. Adding ** ***** ** ***** ****** to ***** ** *** ****** ***** help. ****** *** ***** **** ******* that. ******** **** ****** **** **** access ** **** **** ******. ******* the ****** ** ************* *** ********** users, ********** ***-******* ******* ******* *** IP ********* ** ***** ******** ******* via ***-*******.
- *************:******** **** ********** ****** ****** *** notified. **** *** ** **** *** OSD ** ***** *******. *** ******* push ************* **** *** ** ********* since ***-******* **** *** **** **** to ** ******* ** *** ****** for * *** ***** ** *** the ****** ** ***** ***. **** can ****** *** *** ** ** add.
No ******** **** *********
**** ******* *********'* ***** **** *** two ***** ********* *********, *** ********* did *** *******. ** ********* ********, we **** ****** *** ****** *** add * *******.
Software ******* ******
***-******* *******: *.*.*.********
***** ********* *********** ******* *** ************* based ** ******* ********** *** ****** manipulated *** ******, **** ** ** excellent ******* ** **** *** ****** decisions ** ********* **** ****** ******* and ******** ******** ** ** *********** by *********'* *****.