Hikvision Pledges 'Never' 'Backdoors'

One interesting element is that Hikvision has published this but kept it out of their official PR process / emails / trade publications.

This statement was published dated January 5, 2017 on their HQ English site. However, it was inserted in a new section (Security Center / Cybersecurity), not in their general press release section nor existing security notices. When we viewed it, it only had 90 total views, even though ostensibly it had been published 3 weeks ago.

We have found no other instant of Hikvision promoting this. The only source mentioning it was an Australian website that cited the statement but did not link to it.

Best guess is that Hikvision has been using this tactically on a case by case basis to respond to specific concerns across the world but did not want to draw broader attention with their normal marketing campaign approach. Any other theories or input here?

"Intentionally" and "contribute" are interesting.  If they were to use a service or daemon that had a backdoor, but they didn't officially know about it.....

If this module were to be provided from another source, such as Big Brother, they can stick to their claim, all while someone still has these capabilities.

If there is a backdoor, their US based tech support is certainly unaware of it.

I think there may be a language gap between china and the rest of the world as to what a "backdoor" is.  In my own words, a backdoor is a method of access into a product that is not published by the manufacturer and not made known to the customer either through ignorance or maliciousness.

The perfect example of this is the telnet entry into devices that is causing so many problems recently.  I've spoke with manufacturers personally and asked why they would need this type of access to devices that are finished, production units and why would they use static credentials that grant root level access using the telnet protocol which was known to be insecure and obsolete over a decade ago.  The answer I received was that they used it for "service purposes".

I could understand using this access method in a controlled environment of a service center by authorized personnel, but deploying finished products into the wild with this access enabled is irresponsible and, in my opinion, borders on criminal.

Hikvision, equivocate much?  

We remain a HIKVISION dealer, We will not change that position at any time in the near future. Pick it a part, word for word, completely out of context, blow it up bigger than Hillary's Email, beat the piss out of it, dont care. We have 1000'S of cameras and systems online and have never had one go rouge, south or anything else even close. And if We thought they would for one second We would replace every NVR at our expense.

When the clock struck 2000, nothing happened.

And another point, We have rarely if ever been a LOW bidder, we are normally higher than everyone. So that run to bottom with HIKVISION is someones imagination.

We need to get over the fact that  we are no longer a manufacturing  nation, the same way we got over it 140 years ago when we moved away from agriculture to something  better. I know giving up on this will suck for many Americans that  are 40+, that don't have a college degree and have worked all their life in a factory thinking  things are set. Similar to the Taxi driver that I met in NY 2 years ago that worked all his life to pay for his $1 M medallion thinking he set  to retire by leasing it and then witness a company  called  uber crash his retirement dream. It sucks but nothing  is guaranteed . 

Let the Chinese  be the laborers, while we focus our energy on innovation so we can build products  like the iPhone  that cost  $90 to make in China and the Chinese  are lining up to buy it for $800.

Hikvision never has, does or would intentionally contribute to the placement of “backdoors” in its products.

What is interesting about this statement is that it allows for HV to allow the government to install backdoors in various parts of the product offerings.  In the networking components, the processors, the firmware - any number of things can be contributed that HV would not do on their own.

HV never has intentionally contribute(d) to the placement of "backdoors" says they did not do it for their own purposes, but may have to place other backdoors through other piece of code required by the Chinese government.

HV never does intentionally contribute to the placement of "backdoors" again says they did not do it for their own purposes, but may have to place other backdoors through other piece of code required by the Chinese government.

HV never would intentionally contribute to the placement of "backdoors" yet again says they did not do it for their own purposes, but may have to place other backdoors through other piece of code required by the Chinese government.

I love parsing political English.

Kind of like: "the largest audience ever to witness an inauguration, period, both in person and around the globe"

Sure - it was pretty well watched in person, on TV and over social media (which was not in full swing in 2008), so technically - he was likely correct.  But the addition of the "period" was certainly helped the other side.

The toughest security Sony has is that darned password on their Ipela datasheets. /facepalm.

Security is vast, especially phone home applications, static one time firmware flashing for system bios, meeting NIST, NERC and BestBuy Geek Squad requirements.

I can foresee Hikvision launching a GSA, buy America line. Why not? all they need is a brick and mortar residence to attenuate to the line of: Research & Development, Manufacturing/Production and Distribution.

Perhaps I may be wrong, but I do not see why it is not possible. One could fancy a PR move by supplying FREE (hikvision) dash cams to Uber drivers......catch my drift? Soon Hikvision is a household name not just a security device manufacturer.