Italian State News Investigates HikvisionBy Charles Rollet, Published May 17, 2021, 07:57am EDT (Info+)
Italian state news investigated Hikvision in a high-profile TV broadcast, saying it found Hikvision cameras "communicate with China" and singling out the company's Uyghur alarms and Chinese government control.
This represents the most scrutiny Hikvision has ever received in Italy, where Hikvision faces zero restrictions and is installed across sensitive government and infrastructure locations.
Hikvision Italy President Massimiliano Troilo defended Hikvision while Hikvision HQ has refused to comment.
While, to now, there have been no major calls to ban or restrict Hikvision in Italy, this recent scrutiny increases the possibility of such measures down the line. In this post, IPVM examines what Italian TV found and the potential impacts.
RAI (Radiotelevisione italiana) is Italy's main TV news source and is government-owned, analogous to the UK's BBC.
"Eyes of the Dragon"
Hikvision "Market Leader" In Italy With Sensitive Deployments
RAI reported that Hikvision is the "market leader" in Italy and has deployments across "strategic locations for national security", noting that China's Intelligence Law mandates Chinese entities "cooperate" with intelligence:
In Italy, Hikvision is the market leader. Over the years it has placed its own cameras even in strategic locations for national security. The palaces of political institutions, airports such as Malpensa [Milan] and Fiumicino [Rome], courts, law enforcement [...] But behind those 'eyes' are the security laws issued by Beijing in 2017. They require the disclosure of sensitive information if requested by the government. [emphasis added]
WIRED Italy reported last month that Italy's Justice Ministry had bought 1,100 Hikvision cameras and installed some of them in highly sensitive areas such as wiretapping centers.
Hikvision Italy even has a "Military and Government Unit" per the LinkedIn of its manager, Christian Finetto, IPVM found:
Hikvision Cameras "Communicate" With China
RAI brought cyber security expert Francesco Zorzi to "simulate a cyber attack" on its own "theoretically closed" Hikvision cameras, finding that once put online they "opened communication channels with addresses registered in China" (Alibaba servers in Hangzhou):
RAI: The discovery is disturbing. The system is theoretically closed, but if you open it on the internet, such as for maintenance, in a few minutes you see thousands of attempts to communicate with the RAI headquarters cameras. The sensitive data of the people who enter [the building] then are accessible from the outside and are sent right to China
FRANCESCO ZORZI - CYBERSECURITY EXPERT: We found that there were configurations to allow what is remote access. This remote access does not happen in a passive, but active way [...] they communicate with servers that we have detected being registered by Alibaba cloud computing in China [emphasis added]
Zorzi is a Technical Manager for Taiwanese VMS provider and Hikvision partner Synology, which IPVM tested here.
Hikvision Italy Says Due To Cloud Feature
Hikvision Italy released a technical response explaining its cameras "may or may not generate calls to the outside", blaming this on the cameras' "cloud" feature in another statement from its BU President Massimiliano Troilo:
I think that the "calls" you have encountered are attributable to the fact that the configuration has been left in the programming of the "cloud" type, which the device then continues to search by generating the "calls" encountered, compared to what should have been a programming for local use that does not include any "calls"
In contrast, during the program, Troilo said he "didn't know" why the calls were happening but said the problem could have been caused by "very old firmware".
Uyghur Alerts, Government Control Examined
Millions of cameras scattered throughout Xinjiang have artificial intelligence that analyzes images and determines if you are angry, dangerous, and what ethnicity you belong to [...] in China, in Xinjiang, Hikvision places cameras that are also capable of recognize the ethnicity of the people [emphasis added]
control of Hikvision is in the hands of the CETC, a Chinese state company that develops military software, defense infrastructures, electronic weapons. In conclusion, Hikvision is in the hands of a giant closely related to the Chinese army. The chairman is Chen Zongnian, a member of parliament from the Chinese Communist Party.
"I Don't Speak Chinese"
In response to being questions about Hikvision's government control, Troilo said "I don't speak Chinese":
Non lo so, anche perché queste aziende han tutti i siti completamente incinese, io non parlo il cinese, non leggo il cinese.
I don't know, also because these companies have all the sites completely in Chinese, I don't speak Chinese, I don't read Chinese
Troilo also denied knowing anything about Uyghur detection:
non ne ho contezza e sinceramente non ne hocontezza di questa cosa personalmente, non ne ho contezza…ecco
I am not aware of it and I honestly do not have any knowledge of this thing, personally, I have no knowledge
Hikvision Italy's statements did not address either issue, focusing on cybersecurity.
"Like Accusing An Arms Manufacturer Of Murder"
In response to Hikvision's Xinjiang activities, Troilo said this was akin to accusing a gun maker of murder:
Noi produciamo apparati. È come se si accusasse un produttore di armi di omicidio.
We manufacture apparatuses. It's like accusing an arms manufacturer of murder
Hikvision HQ Declines Comment
Hikvision HQ declined to comment to IPVM as well as has not commented publicly overall on RAI's investigation.
Threat To Hikvision's Europe Market Grows
Hikvision is facing significant challenges in Europe, especially after the EU Parliament decided to remove its cameras over human rights concerns.
On the positive side for Hikvision, IPVM could not find any Italian politicians calling for a Hikvision ban following RAI's investigation, and no European country has passed any sanctions or restrictions against Hikvision to date.
However, journalism like RAI's investigation makes this a growing risk for the company.
2 reports cite this report:
Back to Top