Hikvision Pledges 'Never' 'Backdoors'

By John Honovich, Published on Jan 27, 2017

With criticisms rising, Hikvision has gone on the record publicly declaring [link no longer available]:

Hikvision never has, does or would intentionally contribute to the placement of “backdoors” in its products.

One indisputable point is that Hikvision is clearly feeling pain here to force such a public response.

Statement Analyzed

A key question is how the statement is structured.

********* ***** ***, **** or *****

***** '*****' ** * strong, *********** **** *** is * ******** *** communicating * ***** *******.


*** **** '*************' ** redundant, ***** ********* ***, by ********** **** *************. However, **** ** ****** to ********* **** ****** can ***** **** ***** illicit ****** ** ********, even ** *** ********* did *** '******' ** provide **.

********** ** *** *********

*** '**********' ********* *** 'never' *********, ****** ********** and *********.


* *******, **** ********** statement ***** **:

[******** ****]********* ***** ***, **** or ***** *****************“*********” ** *** ********.

**** *******, **** ****** statement ***** ********* *** potential ******** ***** '**********'.

China ********** ******* ********

** **********, ***** ********* allow ***** ******* ********** superiors ** ***** * backdoor ** ***** ********? In **** ********, ********* itself ***** *** ** actively '************' ** *** placement, **** ***** **** allow **.

**** ** * ********* matter ** ******** ********** *** ** extensive ****** ** ***** attacks. *** ***** ******* ******* ********** ** the *********** *********** ** Hikvision*** **** ********* ** the ******* ************ ************ in *** *****, ********* a ******** **** ********* would ** ** ********** target.



** *** **** ****, this ***** ********* ********* and ******** ***** ** an ******** *********. ** course, **********, *** **** to ****** ** *** trust *** **** ** the ***** *** ********** / ********* *****.

Comments (42)

We are going to build a firewall in Hikvision and make the chinese pay for it...  :D

The Communist government already built a firewall that their citizens pay for every day by not being able to browse freely on the internet or criticize their government online.

Sympathy for their people, curses upon their government.

We are going to build a firewall in Hikvision and make the customer pay for it... - Genetec

One interesting element is that Hikvision has published this but kept it out of their official PR process / emails / trade publications.

This statement was published dated January 5, 2017 on their HQ English site. However, it was inserted in a new section (Security Center / Cybersecurity), not in their general press release section nor existing security notices. When we viewed it, it only had 90 total views, even though ostensibly it had been published 3 weeks ago.

We have found no other instant of Hikvision promoting this. The only source mentioning it was an Australian website that cited the statement but did not link to it.

Best guess is that Hikvision has been using this tactically on a case by case basis to respond to specific concerns across the world but did not want to draw broader attention with their normal marketing campaign approach. Any other theories or input here?

Seems like a pretty strong statement. However, my concerns with hikvision have nothing to do with backdoors.

Army of botnets

Plenty of machines with default credentials

Other unscrupulous uses of a massive network of connected devices that I can't put into words right now due to lack of sleep.

I would add government subsidization contributing to unfair market competition to that list.

Related:  I can feel other country's pain pertaining to US subsidization of agriculture.  Unfair practices are unfair practices both here and abroad.

Isn't this true of many sites though and not just Hikvision?

As it currently stands, Hik now forces you to activate and change the default credentials on each device you commission.

Yes they do, that means nothing when it comes to alternate methods, which almost all machines have. I'm less comfortable with a government having control of those alternate methods as well directly or indirectly.

It is not a back door when the manufacturer leaves a "service Port" open for the manufacturer, I.E. the Chinese government 

"Intentionally" and "contribute" are interesting.  If they were to use a service or daemon that had a backdoor, but they didn't officially know about it.....

If this module were to be provided from another source, such as Big Brother, they can stick to their claim, all while someone still has these capabilities.

The bottom line is that if people don't trust a company, it doesn't matter what they say.  If they're really going be nefarious and put backdoors into their products, do you expect them to be honest about it?

If there is a backdoor, their US based tech support is certainly unaware of it.

Good for Hikvision to finally come out and address this concern. Would like to see ongoing activism by Hikvision to continue to strengthen the cyber security of their products and statements showing what they have done.

I think there may be a language gap between china and the rest of the world as to what a "backdoor" is.  In my own words, a backdoor is a method of access into a product that is not published by the manufacturer and not made known to the customer either through ignorance or maliciousness.

The perfect example of this is the telnet entry into devices that is causing so many problems recently.  I've spoke with manufacturers personally and asked why they would need this type of access to devices that are finished, production units and why would they use static credentials that grant root level access using the telnet protocol which was known to be insecure and obsolete over a decade ago.  The answer I received was that they used it for "service purposes".

I could understand using this access method in a controlled environment of a service center by authorized personnel, but deploying finished products into the wild with this access enabled is irresponsible and, in my opinion, borders on criminal.

The word 'intentionally' is redundant, since backdoors are, by definition done intentionally. However, this is useful to emphasize that errors can occur that allow illicit access to products, even if the developer did not 'intend' to provide it.

IMHO, you are over-analyzing the language here, as if Hik is really trying to leave themselves an out, in case they are discovered to have allowed the government to place a backdoor in their product.

But as I have said before, people don't leave 'outs' in a statement when the offense is worse than the lie.

For instance, a murderer doesn't worry about being prosecuted for perjury.

An adulterer may craft a clever statement though, e.g. Bill Clinton.

Point is that Hik isn't planning on using as a defense:  "We just said we wouldn't contribute tonot that wouldn't allow a backdoor"

Because no one would care at that point.

But as I have said before, people don't leave 'outs' in a statement when the offense is worse than the lie.

Because you said it before does not make it true.

My experience is that corporations tend to craft language in such a way that what is said is true even if the 'offense' occurs. We have an example just this week with Avigilon.

I do not know what is in Hikvision's mind. However, my experience is that when well-educated people choose more complex language (e.g., like this "contribute to the placement of 'backdoors" instead of 'have') that it is generally done to provide a loophole so that they are not technically lying.

Again, I do not know what is in Hikvision's mind here nor do you. Let's see what other future statement they make and if the language becomes any more precise / simple.

Any large company with a good legal team will say stuff like this. They will never have an absolute answer for anything. I think Hikvisions intentions were good as well as Avigilons, but to give an absolute answer to anything leaves them open to future issues should even the slightest bit of an incident should come up. 

should even the slightest bit of an incident should come up. 

Backdoors and direct end user sales are things that manufacturers inherently control, not 'incidents' that 'come up' randomly.

Because you said it before does not make it true.

It wasn't said as proof, only as reference, much like:


I do not know what is in Hikvision's mind...

Again, I do not know what is in Hikvision's mind here nor do you...

The Avigilon case actually supports what I am saying: Avigilon is being accused of selling direct sometimes, which if true would cause a good deal of fallout, no doubt.  

But they aren't being accused of a potentially criminally liable offense, i.e. privacy/espionage/cyberwarfare, so the 'hedge' would be little comfort.

Hikvision, equivocate much?  

Aside from "backdoors", Hakvision is a major contributor (OEM and direct) to the lowering of profits, quality and value in the American video security industry through unfair trade practices, deceptive marketing and abstention of value-based selling. They have tricked hundreds of American companies into thinking they are forced to sell on lowest price because its easier which ends up lowering the sales skills of these small businesses and they don't even realize it.   Volume goes up, profits go down, bottom line barely grows and meanwhile you have double the number of support calls and points of failure. Swimming in a red sea is a great way to drown. 

"If you can't beat em, join em'" is a great way to poorly develop sales employees and set them up for failure in the future when you have to lay them off because of poor profits.

low profits are better than no profits because you didnt "join em"

To be honest, this argument sounds awfully similar to Uber vs Taxis.

Uber drivers don't have training, are unsafe blah blah.

But people largely ignored that and now Uber is permanently entrenched in society, along with half a dozen clones and none of those fears have panned out.

Same scenario for you guys.  You're the taxi cartel complaining about how Hik is unsafe, might have backdoors etc.  


Arguments creates discussion

Discussion creates posts

Nothing else counts IMO

I wish we have "sticky" folder with name "bla bla BS Talk"

with all those types

Hardly the same. Uber disrupted a market with innovation and a different mouse trap. Hik is disrupting a market with the use of chinese government funds to destabilize it for (insert disputed purpose here). The security concerns are an entirely different concern and not the same argument at least in my opinion.  I don't see hikvisions disruptive innovation unless it is their pricing, which is no doubt possible because of the money source and to an extent currency games. That source just happens to bring up other concerns because the product in question is in the security space.

We remain a HIKVISION dealer, We will not change that position at any time in the near future. Pick it a part, word for word, completely out of context, blow it up bigger than Hillary's Email, beat the piss out of it, dont care. We have 1000'S of cameras and systems online and have never had one go rouge, south or anything else even close. And if We thought they would for one second We would replace every NVR at our expense.

When the clock struck 2000, nothing happened.

And another point, We have rarely if ever been a LOW bidder, we are normally higher than everyone. So that run to bottom with HIKVISION is someones imagination.

Marty, how do you think Trump will feel when he hears Chinese government surveillance cameras are deployed on US military bases?

Oh you're just stoking the fire now.

He will likely overreact, as usual. He will ban the word China from all federal government agencies. Then he will blame it all on the Clintons and the liberal media. 

He will ban the word China from all federal government agencies...

Now if Russia just made a decent camera, that might be different...

Read it and sent e-mail to Trump :)


 If you have 1000's of cameras online, then that's tens of thousands of dollars of your company directly supporting a communist government and unfair business practices, not to mention enhanced cyber security risks (all proven, not a 2K conspiracy theory).  Hillary would be proud. I give you major props for your sales team's ability to both sell Hik AND be the highest bidder normally. That is impressive in the USA market. With that kind of skill, you could sell any brand that isn't guilty of the aforementioned. 

Which is it...?

a) supporting a communist gov by sending them profits

b) Hikvision products are subsidized by the Chinese gov

You cannot have both. Either they are making money, or they are not. Both statements cannot be true. 

Either the Chinese gov is profiting off of the sales of Hikvision products, or they are subsidizing the sales price, which is them losing money. 

I've never understood how people can claim both?

c) Supporting a communist government, not necessarily by profits, but by a longer term more nefarious plan of infiltrating the world with Chinese government controlled tech.

d) anti-competitive predatory pricing model to force competitors out of the market and bar new ones from entering, topping market share, and then incrementally raising prices\reduce manufacturing costs via increased economy of scale and therefore increasing profits and then passing to the government. 

Give me a break, your supporting the Chinese Government in one way or another on nearly a daily basis. You cant buy hardly anything in this country without it having some Chinese part in it. Even your overpriced cameras of whatever "non-chinese" brand you use are probably atleast 50% made in China.

Just because you buy a product that isnt subsidized by the government doesnt mean your not supporting their government. Anytime you buy a product that is made in a foreign country, you are essentially supporting that foreign country finanically. Why do you think China is such a wealthy country?

Im not saying we dont have unfair trade deals with China, but we are all guilty of doing business with China one way or another. 

Its not guilty to do business with China. I love most of my Chinese manufactured products (although most designed and QC'ed by other countries).

Its guilty, in my personal opinion, to do business with a Chinese government controlled and subsidized $6 Billion to perpetuate predatory pricing in the logical and physical security industry that has had several major security vulnerabilities (bit coin mining?? Chinese hacking of UK government Hik video systems??) in a security market that has infiltrated our government (court houses, US Embassies, military bases). 

Do you use candles or light bulbs? Guess where they are made. Get over it!

We need to get over the fact that  we are no longer a manufacturing  nation, the same way we got over it 140 years ago when we moved away from agriculture to something  better. I know giving up on this will suck for many Americans that  are 40+, that don't have a college degree and have worked all their life in a factory thinking  things are set. Similar to the Taxi driver that I met in NY 2 years ago that worked all his life to pay for his $1 M medallion thinking he set  to retire by leasing it and then witness a company  called  uber crash his retirement dream. It sucks but nothing  is guaranteed . 

Let the Chinese  be the laborers, while we focus our energy on innovation so we can build products  like the iPhone  that cost  $90 to make in China and the Chinese  are lining up to buy it for $800.

You don't need a back door if you are sending it out the front door.

Hikvision never has, does or would intentionally contribute to the placement of “backdoors” in its products.

What is interesting about this statement is that it allows for HV to allow the government to install backdoors in various parts of the product offerings.  In the networking components, the processors, the firmware - any number of things can be contributed that HV would not do on their own.

HV never has intentionally contribute(d) to the placement of "backdoors" says they did not do it for their own purposes, but may have to place other backdoors through other piece of code required by the Chinese government.

HV never does intentionally contribute to the placement of "backdoors" again says they did not do it for their own purposes, but may have to place other backdoors through other piece of code required by the Chinese government.

HV never would intentionally contribute to the placement of "backdoors" yet again says they did not do it for their own purposes, but may have to place other backdoors through other piece of code required by the Chinese government.

I love parsing political English.

Kind of like: "the largest audience ever to witness an inauguration, period, both in person and around the globe"

Sure - it was pretty well watched in person, on TV and over social media (which was not in full swing in 2008), so technically - he was likely correct.  But the addition of the "period" was certainly helped the other side.

What is interesting about this statement is that it allows for HV to allow the government to install backdoors in various parts of the product offerings.

Do you really think Hikvision crafted the language so that if caught they could say "we told the truth, we did not contribute. the government did it for their own purposes"?

If you don't think that, then why would they even bother being cagey?

The toughest security Sony has is that darned password on their Ipela datasheets. /facepalm.

Security is vast, especially phone home applications, static one time firmware flashing for system bios, meeting NIST, NERC and BestBuy Geek Squad requirements.

I can foresee Hikvision launching a GSA, buy America line. Why not? all they need is a brick and mortar residence to attenuate to the line of: Research & Development, Manufacturing/Production and Distribution.

Perhaps I may be wrong, but I do not see why it is not possible. One could fancy a PR move by supplying FREE (hikvision) dash cams to Uber drivers......catch my drift? Soon Hikvision is a household name not just a security device manufacturer.

Read this IPVM report for free.

This article is part of IPVM's 6,587 reports, 888 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Verkada: "IPVM Should Never Be Your Source of News" on Jul 02, 2020
Verkada was unhappy with IPVM's recent coverage declaring that reading IPVM...
Hikvision Alleges Forehead Only Fever Screening is Smart; It's Actually Dangerous on Oct 09, 2020
Forehead only fever screening violates global standards and increases error...
Hikvision Salespeople: We Don't Need A Blackbody on May 13, 2020
Dahua jumped out on its cross-town rival selling fever cameras but Hikvision...
Fever Cameras Are Medical Devices, Per The FDA, Dahua, Feevr, Hikvision, InVid Contrary Claims Are False on May 28, 2020
Fever cameras are medical devices, despite what euphemisms various sellers...
Dahua USA Admits Thermal Solutions "Qualify As Medical Devices" on Jul 02, 2020
Dahua USA has issued a press release admitting a controversial point in the...
UK Firm Markets False Fever Screening, Hikvision Disavows on Jun 30, 2020
A UK security firm falsely claimed its Hikvision-based thermal solution could...
Hikvision Illicitly Uses Back To The Future In Marketing on Jul 03, 2020
NBCUniversal told IPVM that Hikvision UK's ongoing coronavirus marketing...
School District Admits Not Following FDA Guidelines With 144, No Blackbody, Hikvision Fever Cameras on Aug 21, 2020
The Baldwin County School District has admitted it is not following FDA...
White House Trade Advisor Calls Hikvision "Very Evil Company" on Jun 24, 2020
White House trade advisor Peter Navarro has called Hikvision a "very evil...
Dangerous Hikvision Fever Camera Showcased by Chilean City on Aug 07, 2020
Deploying a fever camera outdoors, in the rain, with no black body, is...
Temperature Screening From The Protection Bureau and ZKTeco Violate IEC Standards and FDA Correct Operation on Jun 22, 2020
ZKTeco and integrator The Protection Bureau are marketing an installation...
Industry Study: 83% of US Temperature Screening Sellers Falsely Say Not Medical Devices on Jun 29, 2020
83% of US companies selling temperature screening devices, aka 'fever'...
Forced Door Alarms For Access Control Tutorial on Aug 17, 2020
One of the most important access control alarms is also often ignored....
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Hikvision USA Refuses [Now In], Dahua USA Drives Forward With "Coronavirus Cameras" on Apr 07, 2020
Both have been federally banned, both sanctioned for human rights abuses but...

Recent Reports

Deceptive Meridian Temperature Tablets Endanger Public Safety on Oct 21, 2020
IPVM's testing of and investigation into Meridian Kiosk's temperature...
Honeywell 30 Series and Vivotek NVR Test on Oct 21, 2020
The NDAA ban has driven many users to look for low-cost NVRs not made by...
Ubiquiti Access Control Tested on Oct 21, 2020
Ubiquiti has become one of the most widely used wireless and switch providers...
Mexico Video Surveillance Market Overview 2020 on Oct 20, 2020
Despite being neighbors, there are key differences between the U.S. and...
Dahua Revenue Grows But Profits Down, Cause Unclear on Oct 20, 2020
While Dahua's overall revenue was up more than 12% in Q3 2020, a significant...
Illegal Hikvision Fever Screening Touted In Australia, Government Investigating, Temperature References Deleted on Oct 20, 2020
The Australian government told IPVM that they are investigating a Hikvision...
Panasonic Presents i-PRO Cameras and Video Analytics on Oct 19, 2020
Panasonic i-PRO presented its X-Series cameras and AI video analytics at the...
Augmented Reality (AR) Cameras From Hikvision and Dahua Examined on Oct 19, 2020
Hikvision, Dahua, and other China companies are marketing augmented reality...
18 TB Video Surveillance Drives (WD and Seagate) on Oct 19, 2020
Both Seagate and Western Digital recently announced 18TB hard drives...
Watrix Gait Recognition Profile on Oct 16, 2020
Watrix is the world's only gait recognition surveillance provider IPVM has...
Intel Presents Edge-to-Cloud Ecosystem for Video Analytics on Oct 16, 2020
Intel presented its processors and software toolkit for computer vision at...
Best Manufacturer Technical Support 2020 on Oct 16, 2020
5 manufacturers stood out as providing the best technical support to ~200...
Microsoft Azure Presents Live Video Analytics on Oct 15, 2020
Microsoft Azure presented its Live Video Analytics offering at the September...
Worst Manufacturer Technical Support 2020 on Oct 15, 2020
4 manufacturers stood out as providing the worst technical support to ~200...