Hikvision, HWG Deceive FCC About New Critical Vulnerability [Update: Hikvision Issues Correction]

By Charles Rollet, Published Sep 23, 2021, 09:53am EDT

Hikvision and its law firm, HWG, deceived the FCC in a lengthy submission filed on September 20th about Hikvision's critical new vulnerability impacting 100+ million devices.

IPVM Image

Despite days earlier admitting this critical vulnerability, Hikvision asserted to the FCC that "no vulnerability in Hikvision video surveillance equipment to date in 2021" by citing the Common Vulnerabilities List (CVE).

***********, ********* *** *** law **** ** ****** was **** ***** ** this *** ******** ************* even ******* ** ** a ******** ** *** filing.

**** ******** ********* *** key ****** ******:

IPVM Image

Hikvision ****** ** ***** **** ****

** ********* **, ****, DC *** ********** ********* & *******, ******* *** *********, sent* ****** ** *** FCC************** *** *** ***** *********/*****/******/******/*** **************.

*** ****** ******* *********** space ** *********'* ************* record, ******** **** ********* "reports ** *************** [...] to **** ** ****" in ****** ****, *** ******** ******** for ******** ***************:

IPVM Image

"Stellar" *************

*** '** ***' ***** bolstered *********'* ******** **** its ************* ** "*******" with "** ******** **********" that *** ********* "** more **********" **** ******:

IPVM Image

Hikvision ******** *** ** ****

*******, ****** **** **** **** a ********* ******** *** ******** ************* which ***** **** *********, as **** ********* ********* (***),******** *** ************* ** July **:

IPVM Image

*********, ****** ********, *** *************'* ****** said ********* ********* *********** the ************* ****** ****, on **** **.

***** *** ***** ***********, claiming '"** *************** ** Hikvision ***** ************ ********* to **** ** ****' is *****, ***** ********* had ******* ******** * CVE ***** *** **** about *** ************* ****** beforehand.

Buried ** *** ******

******, *** ******* **** about **** ************* ******* they ******** ** ** the *** ********** *** buried ** ** * footnote ** * ******** about *** **** ********:

*** *******, ** ***** 2017 * ******** ********** found *** ******** * vulnerability—six **** *****, ********* released * ******** *****, notified *** ******** ******* a ******* ********, *** notified *** ****** **** a ****** ** *** website.20

******** **, ** **** print:

IPVM Image

******* ****, *** *** Hikvision ****** ** ****, and ******* ******* *** FCC **** ** ******** no *************** ** **** in ****.

Updates *** ** ********* ****

*******, * **** ***** filing, **+ **** ***** creating *** ***, *** 3 ** * **** after ******** ********** *** vulnerability,********* ******* *** *** to ******** **** ** *** announcement.

No ******** *** *** ****

** ********* ********* ** well ** *** *** the **** ****** ** the ********* **********,**** ********, ****** ***** ** Staff ** *** ***, to ******* *** **** submitted *** ****** ** such *** ******* **** would ****** ** ******* the **********. ** ******** was ********.

Update: ********* ******** **********

*********'* ******* *** ******** a ********** ** *** FCC, *******:

*** ******** ******** ******* an ***** ***** *** the ****** ** * conforming ****** ***** ************* omitted. ********* ******* **** erratum ** ******* **** the ********** ********** *** attached ******** *** *** version ***** ** ********* 20.

**** ****** *** ***** September **, ****. ** 8:28 ** **** *******, IPVM ******* ********* *** HWG ***** **** *****:

IPVM Image

******** **** ******** ** response, *** ******* *** FCC *******. *******, *** new ********* ******** ********* language:

*** *** *********** **** several ** ***** ******* vulnerabilities ** ******** *** has *** *** ************* the **** ************* ** of *** **** ** this ******.

***** *** *** *** not *** *********** *** vulnerability, ********* ***, ****** it * **** **** score ** *.*, ***** is ********. **** ** material *********** **** **** have ******* **** *** submission. ** **** ******* out ** *** ** ask **** ***** **** and **** ****** ** they *******.

Update: '** ********' **** *********

***** ********* *** *** Hikvision ** *** ******** on ****. ** ** 12:16 ** **, **** received * ***** **** Hikvision ********* ** ** Global ************** **** *:** ** **:

IPVM Image

**** **** ****** **** any ***** **** ***.

Comments (14)

*******, **** *********!

********* ******* *** * trust ******* **** *** US ********** (** **** they ***** *** ** covered ** ******** **** lists **** *** ****).

** ********* ****** **** will ******* ***** **** the ** ********** ** pulling * ***** ***** like ****. ********, ****'* the **** **** **** approach? ** **** ***** the *** ** ******? Why *** ****** ***** what ** ********* **** and **** ***** **** by ********* *** *** law ****? ******'* ********* build **** ***** ** being *******?

*** ***** ** * lot ** ****** ***********'* **-**** ****** ** the ** ****** ** **** ******* with **** **** ******** one ****** **** **** week's ****.

Agree: 1
Disagree
Informative: 3
Unhelpful: 1
Funny

** **** ***** *** FCC ** ******?

****, **** *** * government ******...

Agree
Disagree
Informative
Unhelpful
Funny

**'* ****** ******* **** Hikvision ** ******* ***** here, *** ** **** a ****** ******* ************:

**** *************** *** *** SYSTEM, ******

The ****** ** **** **** That is not what the CVE system was designed to do. I'll quote ********'* ********* ******** ******** ***** ********:

*** **** **** ****** the********* ** ** ****** unique *********** *** ******** vulnerabilities. **'* *** ******** to ** * ******** and ******** ******** ** all ***** *************** ** any *******. **** **, a ****** ** ********** could ****** ****** ** not ******* * *** number *** * ***** flaw. *******, **************** ************** **** ***** * single ** *****'* *********** ***** ******, ****** a ****** "*** *****" a ****** *********** ******** criterion. ****, *** * ranking ***'* **** ** find ******** ******* ** compare ********* **********. (*** many *** **** ***** a ****** **** *********...?)

**** ****, **** ** surely **** *** ** idea ***** **** **** of *************** **** **** found ** * ******* and ****'** * **** starting ***** *** ********. But *** ****** ******** depends ** *** *** of *** ******** *** how **** ********* ** receives ******* ******** ********. You ***'* ****** ****** if * *** ** CVE *********** ***** **** the ******** ** ****** written ** ** ** actually ***** **** **'* particularly ****** ******* ********* a *** ** *************** are ******* *****. * personally **** ** **** it ********** ** ** older ******* *** * very ***** ****** ** patched *************** ******* ***************** ** ****'* **** audited **********.

**** ********* ***** * lack ** ****, **** are ************ * ****** method ** ******** ********. And *** ***** *** even **** ******* **** you *** *** **** it ** *** **** to **** *** ******.

*** ****** *** *** trying ** ******** ******, Arminius ******** ******* *** other *****:

  • *** ******** ** **** and ********* ********.
  • *** ****** ********** ****** to ****** *** *************** (and ***** **** ****** bounties).
  • *** ******** **** *** processed *** ******* *******.
Agree: 4
Disagree
Informative: 5
Unhelpful
Funny

**** *** ************ * flawed ******

****, ****** "************ ****** methods" *** ****** **** been *********'* **** ********. Deny ***************, ******* ****** about *** ******* *********, try ** **** ***** criticisms ** ****** ******, etc.

Agree: 5
Disagree: 1
Informative
Unhelpful
Funny: 1

****, ********* *** *** the **** **** *** doing ****.

Agree: 3
Disagree
Informative
Unhelpful
Funny

*****, **** ** ********** companies ***** **** ** hide ***************, ***** **** is *** ****** **** judge ********** **.

****, ****** ******'* ***** on **** *****: "* vendor ** ********** ***** simply ****** ** *** request * *** ****** for * ***** ****"

Agree: 1
Disagree
Informative
Unhelpful
Funny

* ********** **** ** find ** ********** ** an ***** ******* *** a **** ***** ****** of ******* *************** ******* that************* ** ****'* **** audited **********.

**, ***** *** ******* of ****** *** ****** at **** ****.

Agree
Disagree
Informative
Unhelpful
Funny

**** ********* ***** * lack ** ****, **** are ************ * ****** method ** ******** ********.

**********. *** *** ************ assumptions. ***** **** **** opinions

Agree
Disagree
Informative
Unhelpful
Funny

Update: ********* ******** **********

*********'* ******* *** ******** a ********** ** *** FCC, *******:

*** ******** ******** ******* an ***** ***** *** the ****** ** * conforming ****** ***** ************* omitted. ********* ******* **** erratum ** ******* **** the ********** ********** *** attached ******** *** *** version ***** ** ********* 20.

**** ****** *** ***** September **, ****. ** 8:28 ** **** *******, IPVM ******* ********* *** HWG ***** **** *****:

IPVM Image

******** **** ******** ** response, *** ******* *** FCC *******. *******, *** new ********* ******** ********* language:

*** *** *********** **** several ** ***** ******* vulnerabilities ** ******** *** has *** *** ************* the **** ************* ** of *** **** ** this ******.

***** *** *** *** not *** *********** *** vulnerability, ********* ***, ****** it * **** **** score ** *.*, ***** is ********. **** ** material *********** **** **** have ******* **** *** submission. ** **** ******* out ** *** ** ask **** ***** **** and **** ****** ** they *******.

Agree
Disagree
Informative
Unhelpful
Funny: 2

*** *** *********** **** several ** ***** ******* as ********.

”**** *******” ** **** “only ****” - *** is *** ******* *** the *** *****.

Agree
Disagree: 1
Informative
Unhelpful: 1
Funny: 1

”**** *******” ** **** “only ****” - *** is *** ******* *** the *** *****.

IPVM Image***·**·**

/ˈ***(ə)*ə*/**********, *********** **** *** *** not ****."*** ****** ** ******* books"********: ****, * ****** of, * ***, *** very ****, * ******* of, * ***** ***** of, *******, * ******* of, ********, ******, *******, divers

Agree
Disagree
Informative
Unhelpful
Funny

**** ******* ** ***** synonyms **** *****.

Agree
Disagree
Informative
Unhelpful
Funny: 1

**** ******* ** ***** synonyms **** *****.

**, ***'* ****; ** sources **** *** **** dictionary **** * **** so ** **** ** a ********* ********** *** synonyms

Agree
Disagree
Informative
Unhelpful
Funny

Update: '** ********' **** *********

***** ********* *** *** Hikvision ** *** ******** on ****. ** ** 12:16 ** **, **** received * ***** **** Hikvision ********* ** ** Global ************** **** *:** ** **:

IPVM Image

**** **** ****** **** any ***** **** ***.

Agree
Disagree
Informative
Unhelpful
Funny: 2
Read this IPVM report for free.

This article is part of IPVM's 7,264 reports and 968 tests and is only available to subscribers. To get a one-time preview of our work, enter your work email to access the full article.

Already a subscriber? Login here | Join now
Loading Related Reports