Hikvision CSO Denies Backdoor, Denies Government Control

By John Honovich, Published Oct 20, 2021, 07:58am EDT (Info+)

Hikvision's DPO/CSO Fred Streefland has fired back, issuing Hikvision's most blunt and public statement alleging that Hikvision's 2017 backdoor was not a backdoor and that Hikvision is not controlled by the PRC.

IPVM Image

Streefland also had words for an Axis Communications employee, telling the employee that Axis has more CVEs than Hikvision.

IPVM released a video covering Hikvision's most recent critical vulnerability and its history of issues, embedded below:

*********'*********** ****** * ******** ********** **** ***** ****** ** ********, copied ** **** *****:

IPVM Image

************, ********** ********* ** ** **** employee ** *** **** ******:

IPVM Image

Backdoor ** *********

********* *** ********** *******:

*** **** '********' *** * '*************' and *** * ******** (**********, **** doesn't ********** *** ********** ******* * backdoor *** * *************);

** ********, *** ********** **** ***** it******** ** *** * ********, ******:

* ******** **** ****** *************** ************* of *** ********** **** *******... *** vulnerability ** ******* ** *******

********* ******** * ***** ****** **** allowed ******* ****** ** *** ******, regardless ** **** *** ***** ******** was. *** **** ****** *** ********* this ****** ** ********* ****** ********:

?****=************

***** ******* ** *** ********* ****** themselves **** ****. ********* ******** **** magic ****** ** *** ****, ***** the ***** ***** ** *** *** it ******:

*** ********* ******** **** ***** ******, Hikvision *** ***** ******** *********. *** clear ************** ** *** **** ******** is ********* **** *** *** **** critical *************.*** **** ************* ***** ** ******* is *** ********* *** ** ********** here, *** **********.

*** *** ****,********* ******** ********:

**. ********* **** *** **** ********** backdoors ** *** ********

***** ***** ***, ** ***** *********, "Can ********* ****** **** ** *** "Hikvision **** *** **** *** ********* in *** ********"? **** ***, ********* would ** ** *** ****** ********* no ********* ** *** ****, *** simply ******* ** '**********' ****."

** ******** *** ******** *** ** changes ** **** *********** **** **** made.

* ********** ******* ********* **** "** not **** ********** *********" ** **** someone ******* *** * ***** *** assuring ***, "* *** *** ****** this **** *******."

Government ******* **** *********

********* *** ********** **** *******:

********* ** *** * '*** ******** & ********** *******'; **'* * ****** company **** **** **** **% ** the ***** ** ******;

** ********, *********'* *** ****** ********* report ***** ***** **** ************** ************* "******* *****-*****":

IPVM Image

*** *********'* **************** ********* ** ** * "*****-***** company"** **** **** ** ******* ******* Hikvision. ***** **** ***** *********'* ********* and ******* ****:

*********'********** ** ** ****** ******* ******* He********* ************** *** ** ******** **** Erik ********** *** ******* ** ****'* ******* for ********, ******* ***** ***** **** days ***** ** **********. ***********, ********* clearly ***** *** ***** *********** *********** is *** **** ** *** *** government.

** ********, ***********'* ****** *** **********, *********'* ********* ** *** **** that *** *** ********** ** ***** controlling ***********, **** ****** **** **** material *********** *** ***** **** **** is *** ******** ** *** ** day **********:

*** ******* *********** ** ***** *********** Technology ***** *********** (“****”), * ******* state-owned **********, **** ** *** ******** in *** ***-**-*** ********** ** *** company[.]

*******, ** *********'* *** ********* ******* show, *** *********** *********** ** ******, a ********** **** ******* ************ ** run *********. *** ******** ** ****** and ********* ** *** **** ***—**** ********.

*************, ** *** **** ******, ********* muses **** ** *** *** ******* influence **** ********* ** ***** *** matter ******* ** *** ******* *** firewalling:

******, **** ** *** ******* *****-***** enterprise *** ***** *********** ********* **** Hikvision, ***** ***** ** ** ****** to ******** ********** *** ********* **, again, *** ***** ** *** ****** States ****** *********’* ******* ** **** they *** ********** ** ********* ******** from ****************** ********, ** ** ** Internet-connected **********, *** ********* ***** ***** and *********.

** ******, ********* ***** **** ** a ******** ******** ** **** **** long ********** ********* *** ** ******* their ** ******* ** *** ******** (*.*., **** **** ********* ********).

*VE ********** ********* *** *********

********* *** ********** **** *******:

***** *** ********** ** ********* (****), ONLY ** *************** (****) **** **** detected ** *** ********* *******, ** if *** ******* **** ****** **** with ***** *******, **** *** **** admit **** ********* ***** ***** ******** very *********;

** ************ ********* ** **** ************** employee:

****** ******* *** ******* ** *************** (CVEs) ******* **** *** ********* *** you ***** **** ** ********* **********!

******* ******** ***** ** **** ** like ******* ************ ***** ** *** many ***** ****** ***** **** *** wrong. ** **** **** *** ****, Donald ***** ***** ** *** *****'* smartest ******.

***** **** ****** *********:

**.*** ******* *** *** * **** source ** **** ******** ** ***** "overall ********".

*** **** **** ****** *** *** system ** ** ****** ****** *********** for ******** ***************. **'* *** ******** to ** * ******** *** ******** database ** *** ***** *************** ** any *******. **** **, * ****** or ********** ***** ****** ****** ** not ******* * *** ****** *** a ***** ****. *******, ******* ********* combine ******* **** ***** * ****** ID ** ***'* ******** *** ***** impact, ****** * ****** "*** *****" a ****** *********** ******** *********. ****, for * ******* ***'* **** ** find ******** ******* ** ******* ********* severities. (*** **** *** **** ***** a ****** **** *********...?)

********** ***** **** **** ** *** track *** **** *************** "**** **** detected", ** ****** *** **** **** been ******** ********. ********* ***** **** argument ************ **** ** **** *** vulnerabilities, * ********** ******* ***** **** Hikvision **********, **** **********, ****** **** acknowledge ***** ********* ** *** *******'* own *******.

Comments (11)

** **** *** **** ******** *** actually * "*************", **** * ***** of **** ******* ****** **** ********* trying ** ******** ********* ** *** a ************* ****.

*** ***** ****** *** ******* ********** coding. ** ****'* *** ****** ** a ***, * ****** **** ***, etc. ** *** **** *** ***** explicitly ** ******* *****-***** ******** ******* requiring ***** ***********.

**, ********* ** ********* ** ************ putting *************** **** ***** ********, *** at *** **** **** ****** ** say **** **** ***** ******** *********?

Agree: 20
Disagree: 3
Informative: 1
Unhelpful: 1
Funny: 2

**** **** *****, *'* **** ** hear *** *** ***'* ****** ** the ***** ******.

Agree: 1
Disagree
Informative
Unhelpful: 1
Funny: 2

*** ********** ** **** ** ******. It's *** ***** ** ** ** when *** ********. *** ********** ** in *** *** ******** ** ******* out. **** ** *** ***** ***** and ** *** ***** ******* **** truths **** **** ******* ******* **** proactively ************. *** ********** **** ***** the ************* **** ** *** ** simple ** ******* **** ** ******'* fathom **** **** ********* ******* **. Fred ****** ** ******* ** ******* and ***** ** ****** ***'* ****. Also, ***** *** *********** ***** ****** a **** ************ **** *** ***. This **** ******* *** ********* ****'* cred.

Agree: 4
Disagree
Informative: 1
Unhelpful: 1
Funny

****** ****** ** ****** *** *** years *** ****** *** ****** ******** at *** "****", ****** ****** *** company ***** **** **** *** ** their **** *** *** ** *******, they ***** *** ** ***** ****** of ******* **** ** *****.

*** ********** ** *** **** *** engineers *** **** ********* ******** *** as **** ** ******* ** * playground ** ****** ** * ***** in ********** ******.

*** * *** ********* ***** *** same ***** **** **** **** *** years *** ** ** ******* ** politics *****, ****, ****, ****.... *** if *** *** ******, **** *** truth, ***** *****, *** ** ***** to ***** ** ** ***.

Agree: 2
Disagree
Informative: 2
Unhelpful
Funny: 1

*'* *** ********* *** ** ***, but *** *********/**********/*****-******** ** *** *******(*) should **** ** *********** *** ******** the ** ****** ******* **** ****/******** rules/etc.

**** **********/***-**** ***** ***** ****** **** how ** **** ***** ** * router *** ***** *** ** * proper *** **** ***** ****** ** view *** *******/***.

"** ** *** **** ** *** a *** *** **** **** * want ** **** ** *** *******, can't ** **** **** ******* *** use *****/**** ** *** ** ********* can ****** **** *** ******* **** anywhere?"

**** **** ***** ****, ***** ******/******** are ******** **** *** **** ******, but ****'* ******* ***** ** *******, there *** ****/**** *****, ** ****.

Agree: 3
Disagree
Informative
Unhelpful
Funny

?****=************

$ **** -** '************' | ****** -d

*****:**

Agree: 2
Disagree
Informative: 5
Unhelpful
Funny

**, ****'* *******. * ****'* ******* that. *********** ****** ** **** ************** **** (******** *****):

*** ****** ******** ******* ****** *** the ******** ** * ********* ***** "auth" ** *** ***** ****** ***if **** ********* ******** * ******-******* "********:********" ******, the HikCGI API call assumes the idntity of the specified user. The ******** ** *******.

********* *** ********* ******** **** **** a ********* ******* ***** "*****", ***** can ** ****** ************.

** ***********, ************ ** ************* *** *** ***. *** *** also *** ** **** ************ (*****:***), for *******. *** ** ** ******:****://*****************.******.***/*****-****/********?****=************

Agree: 3
Disagree
Informative: 1
Unhelpful
Funny

*** ****, **** * ***** ********.................

*** **** *** *** *** **** for *** ******** ******** ** **** article?

* **** **** ** **** *** much ** ***** ** *** *** an *********.

Agree: 2
Disagree
Informative
Unhelpful
Funny: 2

…** **** ******* ******* *** * drink *** ******** ***, "* *** not ****** **** **** *******."

******** ********* :)

Agree: 1
Disagree
Informative: 1
Unhelpful
Funny: 1

***** **** *** *** ********** ** threatening ****'* **** ****.

Agree
Disagree
Informative
Unhelpful
Funny: 1

*********'* *** *** *********** ** **'* ********* ******:

** **** *********, ********* *** ***** temporarily ** ******** ** ************* ** support ***********, *******, ** *********** ********* *** ***** ********* *** *** removed ** ********.

***** ** **** *** ********** ******* this ***********'* **** ********, **** ** *** ******* ** have **** *** ********* ******** ******* how *** ******* ******** *** *****.

** **** **** ** ** *** "misuses ** ********* **********" ******* *** users *** ***********:

*** ***-***** *** *** ***** ******* are *********** *** *** ****/***** ******* they ********...

** **** ******* **** ********* ***’* be **** ** *** ** *********, individuals, ** *******. *** ******** ******** built **** *******, ********, *** **** centres, ******** **** ***-***** ****-********** ****************, make ********* *** ***** ******* ** backdoors **********.

** **** ** / **** ********* puts ********* ** ***** ********, ** is *** ***** ** *****.

Agree
Disagree
Informative
Unhelpful
Funny: 4
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports