Hikvision Pledges 'Never' 'Backdoors'

By: John Honovich, Published on Jan 27, 2017

With criticisms rising, Hikvision has gone on the record publicly declaring [link no longer available]:

Hikvision never has, does or would intentionally contribute to the placement of “backdoors” in its products.

One indisputable point is that Hikvision is clearly feeling pain here to force such a public response.

Statement Analyzed

A key question is how the statement is structured.

**** ********** ******, ********* has **** ** *** record ******** ********* [**** no ****** *********]:

********* ***** ***, **** or ***** ************* ********** to *** ********* ** “backdoors” ** *** ********.

*** ************ ***** ** that ********* ** ******* feeling **** **** ** force **** * ****** response.

Statement ********

* *** ******** ** how *** ********* ** structured.

[***************]

********* ***** ***, **** or *****

***** '*****' ** * strong, *********** **** *** is * ******** *** communicating * ***** *******.

*************

*** **** '*************' ** redundant, ***** ********* ***, by ********** **** *************. However, **** ** ****** to ********* **** ****** can ***** **** ***** illicit ****** ** ********, even ** *** ********* did *** '******' ** provide **.

********** ** *** *********

*** '**********' ********* *** 'never' *********, ****** ********** and *********.

*******************

* *******, **** ********** statement ***** **:

[******** ****]********* ***** ***, **** or ***** *****************“*********” ** *** ********.

**** *******, **** ****** statement ***** ********* *** potential ******** ***** '**********'.

China ********** ******* ********

** **********, ***** ********* allow ***** ******* ********** superiors ** ***** * backdoor ** ***** ********? In **** ********, ********* itself ***** *** ** actively '************' ** *** placement, **** ***** **** allow **.

**** ** * ********* matter ** ******** ********** *** ** extensive ****** ** ***** attacks. *** ***** ******* ******* ********** ** the *********** *********** ** Hikvision*** **** ********* ** the ******* ************ ************ in *** *****, ********* a ******** **** ********* would ** ** ********** target.

****

*****

** *** **** ****, this ***** ********* ********* and ******** ***** ** an ******** *********. ** course, **********, *** **** to ****** ** *** trust *** **** ** the ***** *** ********** / ********* *****.

Comments (42)

We are going to build a firewall in Hikvision and make the chinese pay for it...  :D

The Communist government already built a firewall that their citizens pay for every day by not being able to browse freely on the internet or criticize their government online.

Sympathy for their people, curses upon their government.

We are going to build a firewall in Hikvision and make the customer pay for it... - Genetec

One interesting element is that Hikvision has published this but kept it out of their official PR process / emails / trade publications.

This statement was published dated January 5, 2017 on their HQ English site. However, it was inserted in a new section (Security Center / Cybersecurity), not in their general press release section nor existing security notices. When we viewed it, it only had 90 total views, even though ostensibly it had been published 3 weeks ago.

We have found no other instant of Hikvision promoting this. The only source mentioning it was an Australian website that cited the statement but did not link to it.

Best guess is that Hikvision has been using this tactically on a case by case basis to respond to specific concerns across the world but did not want to draw broader attention with their normal marketing campaign approach. Any other theories or input here?

Seems like a pretty strong statement. However, my concerns with hikvision have nothing to do with backdoors.

Army of botnets

Plenty of machines with default credentials

Other unscrupulous uses of a massive network of connected devices that I can't put into words right now due to lack of sleep.

I would add government subsidization contributing to unfair market competition to that list.

Related:  I can feel other country's pain pertaining to US subsidization of agriculture.  Unfair practices are unfair practices both here and abroad.

Isn't this true of many sites though and not just Hikvision?

As it currently stands, Hik now forces you to activate and change the default credentials on each device you commission.

Yes they do, that means nothing when it comes to alternate methods, which almost all machines have. I'm less comfortable with a government having control of those alternate methods as well directly or indirectly.

It is not a back door when the manufacturer leaves a "service Port" open for the manufacturer, I.E. the Chinese government 

"Intentionally" and "contribute" are interesting.  If they were to use a service or daemon that had a backdoor, but they didn't officially know about it.....

If this module were to be provided from another source, such as Big Brother, they can stick to their claim, all while someone still has these capabilities.

The bottom line is that if people don't trust a company, it doesn't matter what they say.  If they're really going be nefarious and put backdoors into their products, do you expect them to be honest about it?

If there is a backdoor, their US based tech support is certainly unaware of it.

Good for Hikvision to finally come out and address this concern. Would like to see ongoing activism by Hikvision to continue to strengthen the cyber security of their products and statements showing what they have done.

I think there may be a language gap between china and the rest of the world as to what a "backdoor" is.  In my own words, a backdoor is a method of access into a product that is not published by the manufacturer and not made known to the customer either through ignorance or maliciousness.

The perfect example of this is the telnet entry into devices that is causing so many problems recently.  I've spoke with manufacturers personally and asked why they would need this type of access to devices that are finished, production units and why would they use static credentials that grant root level access using the telnet protocol which was known to be insecure and obsolete over a decade ago.  The answer I received was that they used it for "service purposes".

I could understand using this access method in a controlled environment of a service center by authorized personnel, but deploying finished products into the wild with this access enabled is irresponsible and, in my opinion, borders on criminal.

The word 'intentionally' is redundant, since backdoors are, by definition done intentionally. However, this is useful to emphasize that errors can occur that allow illicit access to products, even if the developer did not 'intend' to provide it.

IMHO, you are over-analyzing the language here, as if Hik is really trying to leave themselves an out, in case they are discovered to have allowed the government to place a backdoor in their product.

But as I have said before, people don't leave 'outs' in a statement when the offense is worse than the lie.

For instance, a murderer doesn't worry about being prosecuted for perjury.

An adulterer may craft a clever statement though, e.g. Bill Clinton.

Point is that Hik isn't planning on using as a defense:  "We just said we wouldn't contribute tonot that wouldn't allow a backdoor"

Because no one would care at that point.

But as I have said before, people don't leave 'outs' in a statement when the offense is worse than the lie.

Because you said it before does not make it true.

My experience is that corporations tend to craft language in such a way that what is said is true even if the 'offense' occurs. We have an example just this week with Avigilon.

I do not know what is in Hikvision's mind. However, my experience is that when well-educated people choose more complex language (e.g., like this "contribute to the placement of 'backdoors" instead of 'have') that it is generally done to provide a loophole so that they are not technically lying.

Again, I do not know what is in Hikvision's mind here nor do you. Let's see what other future statement they make and if the language becomes any more precise / simple.

Any large company with a good legal team will say stuff like this. They will never have an absolute answer for anything. I think Hikvisions intentions were good as well as Avigilons, but to give an absolute answer to anything leaves them open to future issues should even the slightest bit of an incident should come up. 

should even the slightest bit of an incident should come up. 

Backdoors and direct end user sales are things that manufacturers inherently control, not 'incidents' that 'come up' randomly.

Because you said it before does not make it true.

It wasn't said as proof, only as reference, much like:

 

I do not know what is in Hikvision's mind...

Again, I do not know what is in Hikvision's mind here nor do you...

The Avigilon case actually supports what I am saying: Avigilon is being accused of selling direct sometimes, which if true would cause a good deal of fallout, no doubt.  

But they aren't being accused of a potentially criminally liable offense, i.e. privacy/espionage/cyberwarfare, so the 'hedge' would be little comfort.

Hikvision, equivocate much?  

Aside from "backdoors", Hakvision is a major contributor (OEM and direct) to the lowering of profits, quality and value in the American video security industry through unfair trade practices, deceptive marketing and abstention of value-based selling. They have tricked hundreds of American companies into thinking they are forced to sell on lowest price because its easier which ends up lowering the sales skills of these small businesses and they don't even realize it.   Volume goes up, profits go down, bottom line barely grows and meanwhile you have double the number of support calls and points of failure. Swimming in a red sea is a great way to drown. 

"If you can't beat em, join em'" is a great way to poorly develop sales employees and set them up for failure in the future when you have to lay them off because of poor profits.

low profits are better than no profits because you didnt "join em"

To be honest, this argument sounds awfully similar to Uber vs Taxis.

Uber drivers don't have training, are unsafe blah blah.

But people largely ignored that and now Uber is permanently entrenched in society, along with half a dozen clones and none of those fears have panned out.

Same scenario for you guys.  You're the taxi cartel complaining about how Hik is unsafe, might have backdoors etc.  

+1

Arguments creates discussion

Discussion creates posts

Nothing else counts IMO

I wish we have "sticky" folder with name "bla bla BS Talk"

with all those types

Hardly the same. Uber disrupted a market with innovation and a different mouse trap. Hik is disrupting a market with the use of chinese government funds to destabilize it for (insert disputed purpose here). The security concerns are an entirely different concern and not the same argument at least in my opinion.  I don't see hikvisions disruptive innovation unless it is their pricing, which is no doubt possible because of the money source and to an extent currency games. That source just happens to bring up other concerns because the product in question is in the security space.

We remain a HIKVISION dealer, We will not change that position at any time in the near future. Pick it a part, word for word, completely out of context, blow it up bigger than Hillary's Email, beat the piss out of it, dont care. We have 1000'S of cameras and systems online and have never had one go rouge, south or anything else even close. And if We thought they would for one second We would replace every NVR at our expense.

When the clock struck 2000, nothing happened.

And another point, We have rarely if ever been a LOW bidder, we are normally higher than everyone. So that run to bottom with HIKVISION is someones imagination.

Marty, how do you think Trump will feel when he hears Chinese government surveillance cameras are deployed on US military bases?

Oh you're just stoking the fire now.

He will likely overreact, as usual. He will ban the word China from all federal government agencies. Then he will blame it all on the Clintons and the liberal media. 

He will ban the word China from all federal government agencies...

Now if Russia just made a decent camera, that might be different...

Read it and sent e-mail to Trump :)

the-russian-emigre-leading-the-fight-to-protect-america/

 If you have 1000's of cameras online, then that's tens of thousands of dollars of your company directly supporting a communist government and unfair business practices, not to mention enhanced cyber security risks (all proven, not a 2K conspiracy theory).  Hillary would be proud. I give you major props for your sales team's ability to both sell Hik AND be the highest bidder normally. That is impressive in the USA market. With that kind of skill, you could sell any brand that isn't guilty of the aforementioned. 

Which is it...?

a) supporting a communist gov by sending them profits

b) Hikvision products are subsidized by the Chinese gov

You cannot have both. Either they are making money, or they are not. Both statements cannot be true. 

Either the Chinese gov is profiting off of the sales of Hikvision products, or they are subsidizing the sales price, which is them losing money. 

I've never understood how people can claim both?

c) Supporting a communist government, not necessarily by profits, but by a longer term more nefarious plan of infiltrating the world with Chinese government controlled tech.

d) anti-competitive predatory pricing model to force competitors out of the market and bar new ones from entering, topping market share, and then incrementally raising prices\reduce manufacturing costs via increased economy of scale and therefore increasing profits and then passing to the government. 

Give me a break, your supporting the Chinese Government in one way or another on nearly a daily basis. You cant buy hardly anything in this country without it having some Chinese part in it. Even your overpriced cameras of whatever "non-chinese" brand you use are probably atleast 50% made in China.

Just because you buy a product that isnt subsidized by the government doesnt mean your not supporting their government. Anytime you buy a product that is made in a foreign country, you are essentially supporting that foreign country finanically. Why do you think China is such a wealthy country?

Im not saying we dont have unfair trade deals with China, but we are all guilty of doing business with China one way or another. 

Its not guilty to do business with China. I love most of my Chinese manufactured products (although most designed and QC'ed by other countries).

Its guilty, in my personal opinion, to do business with a Chinese government controlled and subsidized $6 Billion to perpetuate predatory pricing in the logical and physical security industry that has had several major security vulnerabilities (bit coin mining?? Chinese hacking of UK government Hik video systems??) in a security market that has infiltrated our government (court houses, US Embassies, military bases). 

Do you use candles or light bulbs? Guess where they are made. Get over it!

We need to get over the fact that  we are no longer a manufacturing  nation, the same way we got over it 140 years ago when we moved away from agriculture to something  better. I know giving up on this will suck for many Americans that  are 40+, that don't have a college degree and have worked all their life in a factory thinking  things are set. Similar to the Taxi driver that I met in NY 2 years ago that worked all his life to pay for his $1 M medallion thinking he set  to retire by leasing it and then witness a company  called  uber crash his retirement dream. It sucks but nothing  is guaranteed . 

Let the Chinese  be the laborers, while we focus our energy on innovation so we can build products  like the iPhone  that cost  $90 to make in China and the Chinese  are lining up to buy it for $800.

You don't need a back door if you are sending it out the front door.

Hikvision never has, does or would intentionally contribute to the placement of “backdoors” in its products.

What is interesting about this statement is that it allows for HV to allow the government to install backdoors in various parts of the product offerings.  In the networking components, the processors, the firmware - any number of things can be contributed that HV would not do on their own.

HV never has intentionally contribute(d) to the placement of "backdoors" says they did not do it for their own purposes, but may have to place other backdoors through other piece of code required by the Chinese government.

HV never does intentionally contribute to the placement of "backdoors" again says they did not do it for their own purposes, but may have to place other backdoors through other piece of code required by the Chinese government.

HV never would intentionally contribute to the placement of "backdoors" yet again says they did not do it for their own purposes, but may have to place other backdoors through other piece of code required by the Chinese government.

I love parsing political English.

Kind of like: "the largest audience ever to witness an inauguration, period, both in person and around the globe"

Sure - it was pretty well watched in person, on TV and over social media (which was not in full swing in 2008), so technically - he was likely correct.  But the addition of the "period" was certainly helped the other side.

What is interesting about this statement is that it allows for HV to allow the government to install backdoors in various parts of the product offerings.

Do you really think Hikvision crafted the language so that if caught they could say "we told the truth, we did not contribute. the government did it for their own purposes"?

If you don't think that, then why would they even bother being cagey?

The toughest security Sony has is that darned password on their Ipela datasheets. /facepalm.

Security is vast, especially phone home applications, static one time firmware flashing for system bios, meeting NIST, NERC and BestBuy Geek Squad requirements.

I can foresee Hikvision launching a GSA, buy America line. Why not? all they need is a brick and mortar residence to attenuate to the line of: Research & Development, Manufacturing/Production and Distribution.

Perhaps I may be wrong, but I do not see why it is not possible. One could fancy a PR move by supplying FREE (hikvision) dash cams to Uber drivers......catch my drift? Soon Hikvision is a household name not just a security device manufacturer.

Login to read this IPVM report.

Related Reports

Verkada: "IPVM Should Never Be Your Source of News" on Jul 02, 2020
Verkada was unhappy with IPVM's recent coverage declaring that reading IPVM...
Hikvision Salespeople: We Don't Need A Blackbody on May 13, 2020
Dahua jumped out on its cross-town rival selling fever cameras but Hikvision...
Hikvision USA Refuses [Now In], Dahua USA Drives Forward With "Coronavirus Cameras" on Apr 07, 2020
Both have been federally banned, both sanctioned for human rights abuses but...
Fever Cameras Are Medical Devices, Per The FDA, Dahua, Feevr, Hikvision, InVid Contrary Claims Are False on May 28, 2020
Fever cameras are medical devices, despite what euphemisms various sellers...
Dahua USA Admits Thermal Solutions "Qualify As Medical Devices" on Jul 02, 2020
Dahua USA has issued a press release admitting a controversial point in the...
Hikvision And Dahua Now Blocked From Conforming ONVIF Products on Apr 03, 2020
Dahua and Hikvision, sanctioned for human rights abuses, are now blocked from...
UK Stands Behind Hikvision But Controversy Continues on Feb 18, 2020
Hikvision is exhibiting at a UK government conference for law enforcement,...
UK ICO Approves Unconsented Facial Recognition At Security Conferences on Feb 05, 2020
The UK's data protection agency has declined IPVM's GDPR complaint against...
Hikvision AI Training In Xinjiang Paramilitary Base, Now Denies on Mar 10, 2020
Hikvision has been listing AI training in a Xinjiang paramilitary base that...
"He Is An Idiot!" Exclaims SIA Director John Mack on Mar 23, 2020
Here is another inside look into the "leaders" of the security industry. SIA...
China DVR/NVR Backdoor Discovered, Huawei Refutes on Feb 07, 2020
A backdoor was found in Chinese-produced DVRs and NVRs that secretly allowed...
Hikvision Hides Xinjiang R&D Activities on Apr 22, 2020
Hikvision has systematically deleted evidence showing their R&D base and...
Worst Camera Manufacturers 2020 on May 06, 2020
Which camera manufacturer have integrators had the worst experience with in...
UK Firm Markets False Fever Screening, Hikvision Disavows on Jun 30, 2020
A UK security firm falsely claimed its Hikvision-based thermal solution could...
White House Trade Advisor Calls Hikvision "Very Evil Company" on Jun 24, 2020
White House trade advisor Peter Navarro has called Hikvision a "very evil...

Recent Reports

Taiwan Lilin NDAA Compliant Cameras Tested on Aug 13, 2020
Taiwan-based manufacturer Lilin is taking direct aim at Dahua and Hikvision...
White House Expands Dahua Hikvision Blacklist To Federal Funding on Aug 13, 2020
The White House is expanding the NDAA to blacklist anyone who "uses" banned...
Actual Coronavirus Testing Options Examined on Aug 13, 2020
Fever cameras have emerged as an indirect and flawed way to test for...
Video Analytics Online Show September 2020 Opened - Axis, Avigilon, Bosch, BriefCam, Genetec, Milestone + 30 More on Aug 12, 2020
IPVM's sixth online show will feature 35+ Video Analytics companies...
The German Company Powering Many China Temperature Tablets (Heimann) on Aug 12, 2020
Many fever tablet suppliers market German-made Heimann thermal sensors while...
Salesforce Drops Dahua and Hikvision on Aug 12, 2020
Salesforce has dropped Dahua and Hikvision as customers, forcing the two mega...
Access Control Course Fall 2020 - Register Now on Aug 12, 2020
IPVM offers the most comprehensive access control course in the industry....
Genetec CEO Declares "We Don't Negotiate Payment With Patent Trolls" on Aug 11, 2020
Are patent trolls like terrorists? Genetec's CEO is coming out strongly...
Hanwha AI Analytics Camera Tested on Aug 11, 2020
Hanwha has released their Wisenet P AI camera, adding person and vehicle...
Alabama Schools Million Dollar Hikvision Fever Camera Deal on Aug 11, 2020
The Baldwin County, Alabama public schools purchased a $1 million, 144-camera...
Dahua Taunts Australian Government, Continues To Sell Illegal Fever Cameras on Aug 10, 2020
Dahua is effectively taunting the Australian government by continuing to sell...
HID Releases VertX Replacement Aero on Aug 10, 2020
HID is replacing two established and broadly supported types of access...
NDAA Compliant Video Surveillance Whitelist on Aug 10, 2020
This report aggregates video surveillance products that manufacturers have...
Telpo China Temperature Tablets Tested on Aug 10, 2020
The provider for overseas companies ranging from Canon Singapore to US'...
Dangerous Hikvision Fever Camera Showcased by Chilean City on Aug 07, 2020
Deploying a fever camera outdoors, in the rain, with no black body, is...