Italian State News Investigates Hikvision

By Charles Rollet, Published May 17, 2021, 07:57am EDT (Info+)

Italian state news investigated Hikvision in a high-profile TV broadcast, saying it found Hikvision cameras "communicate with China" and singling out the company's Uyghur alarms and Chinese government control.

IPVM Image

This represents the most scrutiny Hikvision has ever received in Italy, where Hikvision faces zero restrictions and is installed across sensitive government and infrastructure locations.

Hikvision Italy President Massimiliano Troilo defended Hikvision while Hikvision HQ has refused to comment.

While, to now, there have been no major calls to ban or restrict Hikvision in Italy, this recent scrutiny increases the possibility of such measures down the line. In this post, IPVM examines what Italian TV found and the potential impacts.

IPVM Image

RAI (Radiotelevisione italiana) is Italy's main TV news source and is government-owned, analogous to the UK's BBC.

"Eyes of the Dragon"

On May 10, RAI News' Report program aired an in-depth investigation focusing on Hikvision titled "Eyes of the Dragon":

Hikvision "Market Leader" In Italy With Sensitive Deployments

RAI reported that Hikvision is the "market leader" in Italy and has deployments across "strategic locations for national security", noting that China's Intelligence Law mandates Chinese entities "cooperate" with intelligence:

In Italy, Hikvision is the market leader. Over the years it has placed its own cameras even in strategic locations for national security. The palaces of political institutions, airports such as Malpensa [Milan] and Fiumicino [Rome], courts, law enforcement [...] But behind those 'eyes' are the security laws issued by Beijing in 2017. They require the disclosure of sensitive information if requested by the government. [emphasis added]

WIRED Italy reported last month that Italy's Justice Ministry had bought 1,100 Hikvision cameras and installed some of them in highly sensitive areas such as wiretapping centers.

Hikvision Italy even has a "Military and Government Unit" per the LinkedIn of its manager, Christian Finetto, IPVM found:

IPVM Image

Hikvision Cameras "Communicate" With China

RAI brought cyber security expert Francesco Zorzi to "simulate a cyber attack" on its own "theoretically closed" Hikvision cameras, finding that once put online they "opened communication channels with addresses registered in China" (Alibaba servers in Hangzhou):

IPVM Image

RAI: The discovery is disturbing. The system is theoretically closed, but if you open it on the internet, such as for maintenance, in a few minutes you see thousands of attempts to communicate with the RAI headquarters cameras. The sensitive data of the people who enter [the building] then are accessible from the outside and are sent right to China

FRANCESCO ZORZI - CYBERSECURITY EXPERT: We found that there were configurations to allow what is remote access. This remote access does not happen in a passive, but active way [...] they communicate with servers that we have detected being registered by Alibaba cloud computing in China [emphasis added]

Zorzi is a Technical Manager for Taiwanese VMS provider and Hikvision partner Synology, which IPVM tested here.

Hikvision Italy Says Due To Cloud Feature

Hikvision Italy released a technical response explaining its cameras "may or may not generate calls to the outside", blaming this on the cameras' "cloud" feature in another statement from its BU President Massimiliano Troilo:

IPVM Image

I think that the "calls" you have encountered are attributable to the fact that the configuration has been left in the programming of the "cloud" type, which the device then continues to search by generating the "calls" encountered, compared to what should have been a programming for local use that does not include any "calls"

In contrast, during the program, Troilo said he "didn't know" why the calls were happening but said the problem could have been caused by "very old firmware".

Uyghur Alerts, Government Control Examined

RAI brought up Hikvision's Uyghur-detecting cameras and also discussed Hikvision's China government control:

Millions of cameras scattered throughout Xinjiang have artificial intelligence that analyzes images and determines if you are angry, dangerous, and what ethnicity you belong to [...] in China, in Xinjiang, Hikvision places cameras that are also capable of recognize the ethnicity of the people [emphasis added]

control of Hikvision is in the hands of the CETC, a Chinese state company that develops military software, defense infrastructures, electronic weapons. In conclusion, Hikvision is in the hands of a giant closely related to the Chinese army. The chairman is Chen Zongnian, a member of parliament from the Chinese Communist Party.

"I Don't Speak Chinese"

In response to being questions about Hikvision's government control, Troilo said "I don't speak Chinese":

IPVM Image

Non lo so, anche perché queste aziende han tutti i siti completamente incinese, io non parlo il cinese, non leggo il cinese.

I don't know, also because these companies have all the sites completely in Chinese, I don't speak Chinese, I don't read Chinese

Troilo also denied knowing anything about Uyghur detection:

non ne ho contezza e sinceramente non ne hocontezza di questa cosa personalmente, non ne ho contezza…ecco

I am not aware of it and I honestly do not have any knowledge of this thing, personally, I have no knowledge

Hikvision Italy's statements did not address either issue, focusing on cybersecurity.

"Like Accusing An Arms Manufacturer Of Murder"

In response to Hikvision's Xinjiang activities, Troilo said this was akin to accusing a gun maker of murder:

Noi produciamo apparati. È come se si accusasse un produttore di armi di omicidio.

We manufacture apparatuses. It's like accusing an arms manufacturer of murder

However, as IPVM has documented and the Norwegian government confirmed, Hikvision is directly building and operating Xinjiang police projects themselves, going far beyond a third-party provider role.

Hikvision HQ Declines Comment

Hikvision HQ declined to comment to IPVM as well as has not commented publicly overall on RAI's investigation.

Threat To Hikvision's Europe Market Grows

Hikvision is facing significant challenges in Europe, especially after the EU Parliament decided to remove its cameras over human rights concerns.

On the positive side for Hikvision, IPVM could not find any Italian politicians calling for a Hikvision ban following RAI's investigation, and no European country has passed any sanctions or restrictions against Hikvision to date.

However, journalism like RAI's investigation makes this a growing risk for the company.

2 reports cite this report:

Big Brother Watch Calls For UK Ban of Dahua and Hikvision on Feb 08, 2022
Privacy group Big Brother Watch is calling for Hikvision and Dahua to be...
Hikvision Lost $73 Million Italian Government Deal Over ONVIF Conformance Ban on Dec 23, 2021
Hikvision recently lost a $73 million USD (€65 million EUR) Italian...

Comments (14)

Only IPVM Subscribers may comment. Login or Join.

Great report, Charles.

Poor interview for Hikvision's Massimiliano Troilo, who, according to the transcript, frequently answered the reporter's questions with "non lo so," Italian for "I don't know."

Particularly alarming was Troilo's response when queried on Hikvision cameras at the Italian public broadcaster phoning home. Troilo questions if "il prodotto è particolarmente vecchio" or "the product is particularly old" and then stands down when asked if old Hikvision cameras send data to China, saying simply "I don't know."

Agree: 1
Disagree
Informative: 4
Unhelpful: 1
Funny

IPVM Image

Agree: 8
Disagree
Informative
Unhelpful
Funny: 9

"Poor interview for Hikvision's Massimiliano Troilo, who, according to the transcript, frequently answered the reporter's questions with "non lo so," Italian for "I don't know."

Particularly alarming was Troilo's response when queried on Hikvision cameras at the Italian public broadcaster phoning home. Troilo questions if "il prodotto è particolarmente vecchio" or "the product is particularly old" and then stands down when asked if old Hikvision cameras send data to China, saying simply "I don't know.""

How should he respond if he really doesn't know? If you're thinking it, then go ahead and say it instead of implying it...he knows... We already know what he said; no need to parrot it..wait, did I just parrot you?...man...This isn't alarming; what may be alarming is the fact that choices to use these devices, known to report home, by so called professionals or people charged with high level security are being made. That's alarming.

Agree: 1
Disagree
Informative
Unhelpful
Funny

The sooner this gear, along with dahscum is banned worldwide, the better

Agree: 2
Disagree: 1
Informative
Unhelpful: 3
Funny

"The sooner this gear, along with dahscum is banned worldwide, the better"

There is no need to ban it. Make a decision not to use it. It's that simple. If we banned everything that some feel is bad, there would be nothing left. Just make a choice to not use what you think is bad. Others may not. Those still using them may have a number of reasons for doing so. Some may include corruption, ignorance, complacency, need, convenience, cost, feature sets (the ethnicity, emotional state and cell phone use analytics are of particular interest to some).

Agree
Disagree
Informative
Unhelpful
Funny

I have made the decision to not support it, either hakvision or dahscum. Unfortunately there are a lot of greedy / lazy people who still do, to the detriment of all

Agree: 1
Disagree
Informative
Unhelpful
Funny

This "investigation" done by Italian RAI is disappointing, to say the least.

RAI brought cyber security expert Francesco Zorzi to "simulate a cyber attack" on its own "theoretically closed" Hikvision cameras

The "cyber attack" was actually a Wireshark capture, calling it an attack is ridiculous. The capture showed some packets to/from outside servers, but the cybersecurity expert didn't go in depth. First mandatory thing would be checking the camera configuration, which he didn't. The technical response by Hikvision linked by IPVM (which is also published on the RAI program webpage) makes perfect sense: most probably is the system integrator (or the technician who did the configuration) to blame. Why the camera configuration was not shown during the investigation? Why the interviewer asked no questions to the system integrator?

During the same "investigation" another issue (which the IPVM report doesn't mention) is reported: the cybersecurity expert said that "an additional memory was found in some cameras, performing video recording. This is not consistent with a centralized recording system [which is implemented in RAI facilities] so we should understand the reason for such design". The interviewer (who has no knowledge of IT and videosurveillance) then adds "some cameras have additional memory that recorded a lot of data and metadata" doing basically "a sort of parallel recording which has nothing to do with RAI recording system". Besides, "these cameras are capable of sending these data to Hikvision HQ". No detail was given on this apparently critical issue, and I found nothing online about this mysterious memory doing parallel recording. Anyone here knows about it? Given the accuracy of the "investigation", I think this is also a fake issue.

I think Hikvision does represent a concern, both for ethical and technical reasons. But I also think "investigations" like this are actually counterproductive because they don't treat the subject with the detail it deserves. Instead they just add noise to an already noisy topic.

Agree: 1
Disagree
Informative: 2
Unhelpful
Funny

Interesting feedback, thanks for your comment! I've already reached out to the cybersecurity expert RAI brought on who did this 'attack'. So far he hasn't responded but if he does, I'll ask him about the issues you brought up.

Agree
Disagree
Informative
Unhelpful
Funny

Thanks. Please let us know if he replies. I tried searching for him but haven't found.

Agree: 1
Disagree
Informative: 1
Unhelpful
Funny

RAI saw your comment and emailed me this statement:

we want to clarify – as it is clearly said also in the piece we aired – that we obviously checked the issue with the system integrator (Dab sistemi integrati) who assured us that they had “blinded” any outwards connection by default. They are no small player, by the way.

Agree
Disagree
Informative: 1
Unhelpful
Funny

Thank you for your reply.

who assured us that they had “blinded” any outwards connection by default

what does this mean in detail? They could have showed if the camera configuration was consistent with the technical response release by Hikvision (also linked in this report). If the test showed outwards connection even when cameras are configured like Hikvision response mentioned, THIS would be a real issue, and would deserve formally contradicting Hikvision response. But this didn't happen, so Hik response is so far the most plausible and authoritative: outwards connection are due to (mis)configurations.

Agree
Disagree
Informative: 1
Unhelpful
Funny

Thanks for the reply - I'm still in contact with RAI's cybersecurity expert Francesco Zorzi and if I get to interview him I'll ask him about this directly.

Agree
Disagree
Informative
Unhelpful
Funny

I think that most of people are concentrating on saying that cameras are hackerable. But this is not the real issue, and this could be apply to any electronic device of any manufacturer. The real issue is that camera could be used by the manufacturer as a distibuted CPU to do something (botnet for example, DDos) or to acquire big data from everywhere in the world (temepratures, faces, anything else)

Agree
Disagree
Informative
Unhelpful
Funny

Update: WIRED Italy has published an article about 112 Hikvision bullet and dome cameras being installed at the Ministry of Culture HQ in Rome (the cameras cost ~$36,600 out of a total ~$318,000 contract.) The deal dated from 2018 but was only recently approved this February. WIRED Italy mentioned Hikvision's Xinjiang involvement along with the NDAA ban and the UK Foreign Affairs Committee's proposed ban:

Hikvision has long been at the center of international scrutiny, both for reasons of national security, and because of the provision of technology for the surveillance of the Uighurs , a Muslim minority living in the inner Chinese province of Xinjiang and against which Beijing has long since launched a campaign of repression.

The United States have banned Hikvision by federal procurement in 2018 (and then in 2019 and 2020), while in the UK is at the center of a dispute in parliament. Also in Italy some parties, League in the lead, are pushing to encourage the use of European technologies or technologies from NATO countries, with the aim of making safety certification and prevention of tampering with espionage purposes simpler .

Agree
Disagree
Informative: 1
Unhelpful
Funny
Loading Related Reports