Suffering Criticism, Hikvision Keeps Insecure Online Service Up [Now Down]

Author: John Honovich, Published on Jan 03, 2017

Hikvision suffered severe criticisms for its abrupt plan to discontinue its Hikvision Online service, with 3 core functions to be removed on Dec 30th.

However, all of those functionalities continue to run in 2017, including the security vulnerabilities, and Hikvision has no explanation of what will happen next.

Update January 5th, Hik-online.com is now shut down. The site is up and one can login but when doing so, it just displays the discontinuation notice with no other options - e.g., no ability to manage devices or check status. In addition, new devices cannot be added, despite the notice saying that this could be done through February 16th.

********* ******** ****** ********** *** ********* **** ** ************** ********* ****** *******, **** * **** ********* ** ** removed ** *** ****.

*******, *** ** ***** *************** ******** ** *** ** ****, including *** ******** ***************, *** ********* *** ** *********** ** what **** ****** ****.

****** ******* ***, ***-******.*** ** *** **** ****. *** **** is ** *** *** *** ***** *** **** ***** **, it **** ******** *** *************** ****** **** ** ***** ******* - *.*., ** ******* ** ****** ******* ** ***** ******. In ********, *** ******* ****** ** *****,******* *** ****** ****** **** **** ***** ** **** ******* ******** 16th.

[***************]

Dec **** ***

*** **** *** ******** ** ** *** *** *** *** user ************, *** ****** ****** *** ********** ************. **** ** the *********** **** ********* *****:

*** ******* *** **** ********* ***:

******, **** ** ***** ******* ******** ** ** *********, ** is, ** *********'* *****.

******* *****

*** *** ************ ********* ** **** *** **** ****** **, device ****** *** ********** ******* ****** ** ***** *****:

No ***********

********* *** *** ******** *** ****** *********** *** ******** ** IPVM's *******. ******, **** ******* ** ** *** *******, *** interstitial ********* ** *** *** **** ** *** **** ** end ***** * *********, *** **** *********** ******* *** **** to ***** ****** *********.

Fix *** ******** ***************

** ********* ******* ** ******* ***** ******** **** *** **** Hik ****** ***** **********, **** ** ************** ***** *** *********** and ********** ********** **** **** *****.

*******, ** ********* ** ******* ***** ***** ***** ******** ********* claims *** **** ** ****** ********** ******* **** ***** **** track ******, *** ******** *************** ** ********* ****** **** ** fixed.

*** *******, *** ****** **** *** ******* ***** ** ***. Ironically, ***** *** *** ******** **** *** **** ***** **** their **** ******* *** **** ***** ** ******* ***** **** called ** ***. *********, ******* ***** ****-********** *,*** '*********' *** not **** **** **** ***'* *********.

********, *** ****** ***** ******* **** ** *********** **** (***** ******** ****) ***** *** ****** ** ******* ** ***** ****** ********* to *** ******* *** ****** ** ********** ** ********* ****** the *********** *** ********* **** ******, ********** *** *********** ***** devices **** ** ****** ** ******.

Communication ******** ********

**** ** *** ***** ** * ****** ** ************* ******.

  • *****, ********* ***** ***** * ****** ** *************** **** ******* **. It *** * **** ***** **** ********* *** ********* **, and **** ********* ******* *** ********* *** ***********.
  • ******, ********* *** ******* **** **** *** ****-**** *** ***** discontinued *** ** *** *** ***** * **** ***** **** Hikvision ********** ******** **** **** ***** ***
  • ***, ********* ****** ******* ** **, ******** ** *********'* ***** notice, **** ********* ***** **** ***** ****.

***** ********* ***** **** ***** *************** ********, ** ** * **** after *** ******* ***********. ***** **** **** ** ************ *** leave *** ******** *************** *******. ** ** ** *********** ********* for ********* ******* ** ********* ********* ** ****** ****** *** **** users **********.

Comments (15)

** *** ***** ********, ********* *** ***** *** ******* ** their ******-***************. *** ******** **************** ********. *** ******** *** ****** *** ****, ***:

  • *** *** ******* ** ***** *****, ****** ** ***** ******** 30th.
  • *** *** ******* ******* ***** **** **** *** ******** ***** their ****** **** *** ******** *******, *** ********* ** *** global *******.
  • *** *** ******* ***** ** **********-** ********* ******** ********, ****** *******, ***., ** ****-**** *** ****-****.

**** ******** ***** **** *** *** ***-******* *** ** ****** in *-* ****, ******** *** ***** *** **** ***** ********:

*** *** ***-******* *** ********* ***** **** * ******** **** EZVIZ ****** ********** ****:

*** ***** ** ** ****** ***** ******, ****** ** ******** or ****/********. *******, ******** ** *** **/**** **. ***** *** device's ** *******. **** ********** ** ***** ********.

*** *** **** ****/**** ******** ** *** ****** *** ********, but **** ** *** **** ************* *********.

**'** **** * **** ** ****** ***** **** *** ****** app ** ********.

**** *** ** *** *******,

*** **** ***** ** **** **** ** **** "*" ** the *** ** ****?

*-*?

** **** *** ***** ******* *** ***** / ******* / payment *** **** **** *****, ***** ******* ****.

** ***** ***** *** *** **** ** *** ****, *.*., reading ********, ** ****.

********* ***** **** *** **** ***** *** ******** ** *** Online, ********* ******* ** *** ******** ****** *********** *** ******* / *********.

**** ***'* **** ****** ***** **** *** ** :)

**** **** * ****** ******** ** ******** ** ********* ** millions ** ******* **** *** ****** ** ******* / ********** because ** ** ******* *********** *************. ** *** ** *** mind, **** ** ********* **** *********** *** ****** **** ******* do *** **** **** *******.

*** **** ****** ****** ** ***** "*" :)

**** *** *** ******. ***** *** * **** ** ****. We ******* *** ** ******* *********** ***** **** *** ***** has *** **** * **********.

** **** ** * ****** ***** ** ******* *** ******* we *** (***** **) ** **** ** **-**, ******** ** deletion **** *** ********* *******. **** *** ******** ** **** new **** ******* *** ************ ** *** *********.

**** ***** ** * ****** ******** **** ***** *** *** also *** *** **-** ****** ** ***** ******* ***/** *******/*********. Cost ** ***** * **** * **** *** **** **** a ******* **** **** ******** ** ****** ********* **** *******. Kind ** * ** *******.

* ****** **-** *** ****** *** ***** **-** ******* * could ****** ********* ** ****** ** ***** (***** ****** ******** generator). **** ******, *** ***** ****** * **** ****-*** *** Hikvision ***** *** ****** **** **** ********** ** *** ******** field.

** **, **** ** ****** ***** ** **** **** ******. Just **** **** *** **** * ***** ********** *** ****** naming ****** ****** *** ** ****. * **** * ******** generator **** *** ********** * ** ******. (******** ** "*****":"************").

* **** ** **** ** ******* **** ***** ** **** commotion **** * ******* ******* *** *********** (***** ** ***** vendors *******), *** ****** **** **** "*** ** **** *** risk". *** **** * **** **** ** **, ** *** pure ******** ** *** **** *** ** *** * ********* ddns ******, ********** **** *** *** ***** ******* *** ********* we **** ******** (*** ****** ** ***** ** ** *** router/firewall, ******).

**

***'* **** **** * *********** ****** **? ****** ** *** customers *** ***** ** ****? **** **** * ******** ***** on *** **** *********. **** ****** ** ** *****. ******* course. **** ** *** ** **** ******* ***** **** ***** that **** ** * ******* ** **** **** **** *********. Not **** *** **** *********, **** **** *** *********** ** act ******* **** *** ******* *** ******* *****. **** ****** be *********.

*** *******, ** **** ****** **** **** ** ********* **** "feature" *** ***** ** ***** *********** ** ********* ********. *** the **** **** ** ***** ********** ****** ****'* ********* *** video *********, ****** ********** *** ***** ********** ****.

**** ** ******** ******* ** *** **** ***** ** ********* which *** *** ******* **** *****'* *********... **** *** *** making ***** ******** ***** ** ******** ******** (**** *********).. **** Apple ** ****** ** * ********* *********...**** ******* *** **-***** earphone **** **** *** ****** *** ******* *** **** ***** Macbook ****** ** *** * ********** ***** *** . ********* Micro$oft ****** **** ** **** *** ****** *** *** ******** Laptop:The ******* ***** ** *** * ****** *** * ****** .... ** ** ** * ****** :) ***** ** ** OT

** ******** **** **** *** ** ********* ******-**** *** *****.

*** **** *** **** *********, **** **** *** *********** ** act ******* **** *** ******* *** ******* *****. **** ****** be *********.

********* **** ****** ** **** ** **** ****. *** ***** is ***** ** *******.

* **** ********** ***** **** *** ** **** **** ******** *** ******** ************************** ** ********. *********, ** ** **** *** ***** **** they *** *****.

** ******** **** **** *** ** ********* ******-**** *** *****.

************** ******* **** ********** **** ****** **** *****. *******, *** whole *******, ******** **** *** **** ** *** */***, ** definitely * ******** ** ******-**** *** *****.

* ** ***** **** ** **** *** ******* ** **** over *** **** ***** ** ***, ** **** ****** ****** over **** *** * ** *** ******* **** **** **** ever ** * *** ******* ** ********* (** *** ******* that **** ******* ** ******* **** ****).

****

***** **** ** **** ******* **** ********. ********* ** *** most ****** ** ******* ** ** *** ************ ******.. *** is ********** *** **** ******* ***** ***** **** ****'** *** leader ** *** ******** ** * **** ***** ******. *** vulnerabilities *** **** *** ** *** ***** **** **** ** their *********** **** ********** ******* ****** ***** ***** **** ******** at **** *****.

*** ****** ***** ** **-***** ************ *** ******** ******* ***** to **** * **** ****** *** ******** ************* ** **** of **** ** **. *** * ******** ***** ** ** handled-off ******** ** ******* *****. ** *** ******* ** ***** it ** *** *********** *** *** **** ***** *** ******* behavior ** *** ******* ** *** ** *****. ***** **** creates * *** ***** ** ************** *** ********** ** **** will ***** **** ********. *** ******** ** ****** ** **** us. **** *** **** **** ***** *** *******. *** ** Integrator ** ** ************ ** ** **** ** *********** *** a ******. * ********** **** ** *** ** ** * much ****** *********** **** ****** ** ******** ** ******* ** precipitously. *** ** *** ***** ****** ** ****: *** **** culprit ** *****'* ***. ******* *** **** ******* ******* *** better ** *** **********... ** ****'* * ***** *** **** a ***** *** *** *** *** * ** *** with ***....

**** ********** ******* ****** ***** ***** **** ******** ** **** point.

* **** *** *** ***** ** **** *** * **** to ********* **** ** **** *** **** **** ** ***** the **** ******** ******** ************* *** ** ******* ** **********, including *****, *.*.:**** ******** ******** *************,**** ****** **** ******,**** ******* ****** ******** ****** **** ******** *********, ***.

****** **** * ******* ****** ****:

  • ******, ** ******** ** *** ********* ** ******, **** **** people **** ** ********
  • *** ********** ** *** ************* - ** *** **** **** to **** *** **** **** ***** / ****** ** *******
  • **** ****** ********** **********

*** ***** ****** ** *********'* ********** *********. ********* ** ****** a ***** **** ** ************ **** *** ** *** ********* with *** **** *************. **** ****** ***** ** *** **** do ***, ********* ** **** ********** ******* ******** *** *********** are.

****** ******* ***, ***-******.*** ** *** **** ****. *** **** is ** *** *** *** ***** *** **** ***** **, it **** ******** *** *************** ****** **** ** ***** ******* - *.*., ** ******* ** ****** ******* ** ***** ******. In ********, *** ******* ****** ** *****,********** ****** ****** **** **** ***** ** **** ******* ******** 16th.

** ********* **** ********* ********* ******* **** **** **** **** with ********** ****** ***** ** *** ******* **** **** **** credentials: *** / ******** / ********.

**** **** *********** ***** *** ************* ****** ** *** *** ***: ****, **********, ** ******.

* ***** *** *** ***** ** *** ********* - ** they ** *** **** * **** **** ******* ********...

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Cybersecurity for IP Video Surveillance Guide on May 18, 2018
Keeping surveillance networks secure can be a daunting task, but there are several methods that can greatly reduce risk, especially when used in...
Hikvision Source Code Transparency Center Examined on May 14, 2018
Following criticism of Hikvision's Chinese government ownership and Hikvision's IP camera backdoor, the company has responded with a series of...
Bad Research Plus Lazy Reporting - SSI And 'Global Market Insights' Examined on May 07, 2018
If you wonder why there is so much obviously wrong information online (factually, not simply disagreeing on opinions), this is a great example of...
Hikvision Critical Cloud Vulnerability Disclosed on Apr 25, 2018
Security researchers Vangelis Stykas and George Lavdanis discovered a vulnerability in Hikvision's HikConnect cloud service that: just by...
The Yolo Bro And The Death of Journalism on Apr 24, 2018
There's an old quote: The job of the newspaper is to comfort the afflicted and afflict the comfortable Unfortunately, the opposite is more...
April 2018 IP Networking Course on Apr 19, 2018
This is the last chance to register for our IP Networking course. Register now. NEW - 2 sessions per class, 'day' and 'night' to give you double...
'Best In Show' Fails on Apr 19, 2018
ISC West's "Best In Show" has failed. For more than a decade, it has become increasingly irrelevant as the selections exhibit a cartoon level...
TVT Backdoor Disclosed on Apr 09, 2018
Security researcher Bashis has disclosed a backdoor in TVT video surveillance products, with TVT issuing its own 'Notification of Critical...
P2P 'Fail To' 'Quick And Steady Access' - Hikvision Defends Port Forwarding on Apr 02, 2018
Following criticism of Hikvision's ongoing port forwarding recommendation (e.g., Hikvision Hardening Guide Recommends Port Forwarding and Hikvision...
Beware Scam Market 'Research' on Mar 30, 2018
The 'data' and 'research' that headlines many articles is a scam, perpetrated by a variety of Indian firms that have exploited the carelessness and...

Most Recent Industry Reports

Buy Arecont: Top Bid $10 Million Cash on May 22, 2018
Last year, Arecont had a deal for a purchase price of $170 million (see Failed Arecont China Acquisition). This year, Arecont has a deal for a...
Installing Box Cameras Indoors Tutorial on May 22, 2018
This tutorial starts our physical installation for video surveillance series, starting with Box Cameras, one of the oldest and most basic types....
The Hikvision Smart Classroom Behavior Management System on May 22, 2018
Hikvision's rapidly growing offering of analytics, which we most recently examined with Hikvision's ethnic minority analytics, is now going into...
Dahua Intrusion Analytics And VMD Tested on May 21, 2018
Dahua ships basic analytics on practically all their cameras, ranging from low cost to high end. To see how these analytics work in real world...
Exacq Improving Technical Support, Responding To Integrator Complaints on May 21, 2018
Exacq had been a long-term favorite of integrators, but since their 2014 Tyco acquisition, Exacq has fallen in IPVM integrator studies (though...
Best Manufacturer Technical Support 2018 on May 21, 2018
While 5 manufacturers made the worst technical support 2018 list, only 3 stood out as providing the best technical support to 190+ integrators in...
Stealth / UCIT - Remote Video Monitoring Provider Profile on May 18, 2018
Can 2 remote video monitoring companies, Stealth Monitoring from the US and UCIT from Canada combine to impact the market and compete in a changing...
Cybersecurity for IP Video Surveillance Guide on May 18, 2018
Keeping surveillance networks secure can be a daunting task, but there are several methods that can greatly reduce risk, especially when used in...
Forced Entry / Duress Access Tutorial on May 17, 2018
Even though access control normally keeps people safe, tragedies have revealed a significant issue. If users are forced to unlock doors for...
ADT Stock Drops 50% Since IPO on May 17, 2018
It has been a brutal 4 months for ADT. They first expected to IPO at ~$18. They IPOed at $14, dropping immediately to $12.39 And now, not even...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact