Hikvision Corrects False Cybersecurity Announcement

By: IPVM Team, Published on Jun 18, 2018

Hikvision has corrected a false cybersecurity announcement that claimed a British government-sponsored program endorsed the cybersecurity of Hikvision's products.

Below, highlighted, are the specific false assertions:

Hikvision Corrects

After IPVM raised concerns to Hikvision corporate, Hikvision acknowledged this, adding the following correction:

Correction

An earlier version of the press release suggested that the Cyber Essentials Plus status relates to products and has caused some confusion. To clarify, Hikvision has been awarded ‘Cyber Essentials Plus’ accreditation, which directly relates to the security and robustness of our own infrastructure within the UK operation. It was never our intention to mislead the reader with inference that the accreditation related in any way to our products. We sincerely apologise for the unclear statement about the award.

Cyber Essentials Plus Explained

Cyber Essentials is a UK sponsored government program that aims to help organizations protect against cyber attacks. The requirements of the program list the scope of this certification as IT infrastructure, not products manufactured:

Assessment and certification can cover the whole of the Applicant's IT infrastructure, or a sub-set. Either way, the boundary of the scope must be clearly defined in terms of the business unit managing it, the network boundary and physical location. [emphasis added]

Hikvision received the Cyber Essentials 'Plus' certification, which consists of an auditor doing a vulnerability assessment of their UK office. The certification costs 1,999 GBP (~$2,655 USD).

History of Misrepresenting Cybersecurity

Hikvision has repeatedly misrepresented the cybersecurity of their products, starting with claiming their backdoor was simply a 'privilege escalation vulnerability', misleading their dealers on the backdoor, hiring Cisco and issuing a press release with them the day after the backdoor was confirmed, announcing a 'dedicated' cybersecurity 'hotline' that has since been demoted to generic technical support, opening a 'source code transparency center' that is neither particularly open nor transparent, and now deceptively turning an IT infrastructure certification into a false endorsement of their products.

No Excuse

Hikvision has no excuse here. Hikvision took the certification so they clearly know it is not about a company's products yet Hikvision's announcement over and over again emphasized products. It is either a question or competence or ethics.

Commend The Correction

That noted, we certainly commend Hikvision and, in particular, their new Global PR lead, Karl Erik Traberg, for quickly and responsibly issuing a correction. It is a small step in the greater scheme of things but indisputably positive that Hikvision is willing to acknowledge mistakes and focus on improvement rather than disparaging critics.

Poll / Vote

5 reports cite this report:

2019 Video Surveillance Cameras State of the Market on Jan 07, 2019
Each year, IPVM summarizes the main advances and changes for video surveillance cameras, based on our industry-leading testing and...
"At Hikvision, We Build Trust" on Jan 03, 2019
Hikvision has joined a growing number of video surveillance manufacturers marketing their trustworthiness. In a recent trade magazine full page ad...
Genetec UL Cybersecurity Certificate (2900-2-3) Examined on Dec 19, 2018
Proving a company is cybersecure has become a major concern for security companies. But how trustworthy are these certificates? Earlier in 2018, a...
2018 Mid-Year Surveillance Industry Guide on Jun 28, 2018
2018 has been an explosive year for the video surveillance industry, with the industry becoming a global political issue, with the expansion of...
Hikvision Covers Up Racial Profiling And AI Error on Jun 25, 2018
Faced with global scrutiny, led by the US government-funded Voice of America (VOA), Hikvision has covered up evidence showing their racial...
Comments (21) : Members only. Login. or Join.

Related Reports

PRC Warns Against China Video Surveillance Hacks, Hikvision Targeted on Feb 14, 2020
Hackers are targeting China video surveillance manufacturers and systems, according to the PRC's main cyber threat monitoring body. The hackers...
ONVIF [Un]Trashed Statement, Confirms Dahua and Hikvision Still Suspended on Jan 15, 2020
ONVIF has 'trashed' the suspension statement for Dahua, Hikvision, Huawei, etc. but confirms to IPVM that those companies are all still...
Stop Blaming Your Employee, Wyze on Dec 30, 2019
Wyze management is at fault for its massive data leak, not its 'employee', as it has centered the blame on. While blaming an employee is clever...
Wyze Massive Data Leak on Dec 26, 2019
Wyze has exposed millions of user's data, as reported by Twelve Security, and confirmed by IPVM, who has spoken with Twelve Security and reviewed...
US Issues Criminal Charges Against Aventura For Fraudulently Selling Hikvision And Other China Products on Nov 07, 2019
The US government has made an unprecedented move on the video surveillance supply chain, charging a US company, Aventura for "having conspired with...
ONVIF Suspends Dahua and Hikvision on Oct 09, 2019
Dahua and Hikvision have been 'suspended', and effectively expelled, from ONVIF, immediately following US sanctions being placed on the 2 mega...
US Army Base To Buy Banned Honeywell Surveillance on Sep 17, 2019
The U.S. Army's Fort Gordon, home to their Cyber Center of Excellence, has issued a solicitation to purchase Honeywell products that are US...
Uniview OEM Directory on Sep 11, 2019
This directory lists 20+ companies that OEM products from Uniview, with a graphic and links to company websites below. It does not cover all...
3 Weeks Later, Honeywell Still Cannot Say Whether They Are Vulnerable To Dahua Wiretapping [Now Admits] on Aug 27, 2019
The Dahua wiretapping vulnerability and Dahua's decision to delay disclosing it until IPVM inquired underscored problems with cybersecurity and...
Axis Suffers Outage, Provides Postmortem on Aug 15, 2019
This week, Axis suffered an outage impacting their website and cloud services. Inside this note, we examined what happened, what was impacted...

Most Recent Industry Reports

Embedded Logix Thermal Temperature Detection System Examined on Apr 08, 2020
Embedded Logix has been producing thermal temperature measurement systems for industry and fire detection for over 10 years. Now, they are entering...
Micron 1 TB SD Cards Aim To Eliminate NVRs on Apr 08, 2020
Micron has boldly proclaimed their latest 1TB microSD "eliminates the need for network video recorders", targeting the growing market of...
US DoD Declares "Can No Longer Do Business" With Contractors Using Dahua, Hikvision, Huawei on Apr 08, 2020
The US Department of Defense has confirmed to IPVM that they fully support and intend to proceed with the NDAA 'blacklist clause' covering Dahua,...
IPVM's 12th Anniversary - Thank You! on Apr 07, 2020
IPVM is proud to celebrate it's 12 anniversary expanding our commitment to providing the industry independent and objective information on video...
Mobotix Thermal Body Temperature Detection Examined on Apr 07, 2020
Mobotix has jumped into the Coronavirus temperature detection market, but how do they compare to thermal incumbents like FLIR or ICI who have been...
Verkada Coronavirus Response: Free Temp Systems For Government and Health Care on Apr 07, 2020
Verkada has built a reputation on giving away things for free - free Yeti Tumblers, free trial cameras and now free temporary systems for...
Hikvision USA Refuses, Dahua USA Drives Forward With "Coronavirus Cameras" on Apr 07, 2020
Both have been federally banned, both sanctioned for human rights abuses but only one - Dahua - is taking aim at the booming "coronavirus cameras"...
China Surveillance Vulnerabilities Being Used To Attack China, Says China on Apr 07, 2020
While China video surveillance vulnerabilities have been much debated in the West in the past few years, China is now saying those vulnerabilities...
USA ICI Elevated Skin Temperature Detectors Examined on Apr 06, 2020
Infrared Cameras, Inc. (ICI) is aiming to help slow the spread of COVID-19 with "pinpoint accurate skin temperature measurement" using their...
Trade Groups Request NDAA Blacklist Delay Citing Coronavirus on Apr 06, 2020
Two trade groups representing government contractors have asked Congress to delay implementation of the NDAA's 'blacklist' clause from this August...