Suffering Criticism, Hikvision Keeps Insecure Online Service Up [Now Down]

In new press releases, Hikvision has given new details on their new Hik-Connect platform. See the North America and Global releases. The releases are mainly the same, but:

• The USA release is dated today, global is dated December 30th.
• The USA release informs users that they may continue using their HiDDNS URLs for existing devices, not mentioned in the global release.
• The USA release links to several how-to guides for creating accounts, adding devices, etc., on iVMS-4200 and iVMS-4500.

Both releases state that the new Hik-Connect app is coming in 4-7 days, awaiting App Store and Play Store approval:

The new Hik-Connect web interface looks like a stripped down EZVIZ device management page:

But there is no actual cloud access, either to settings or live/playback. Instead, clicking on the IP/Port No. opens the device's IP address. Port forwarding is still required. 

You can push UPnP/port settings to the device via settings, but this is the only configuration available.

We'll take a look at things again when the mobile app is released.

With all my due respect,

How many years it took IPVM to have "S" at the end of http?

5-7?

It took me a couple hours to migrate the systems we had (maybe 20) on this to no-ip, followed by deletion from the hikvision website. This was followed up with new ddns address and instructions to the customers.

This would be a better longterm plan since you can also run the no-ip client on other systems and/or routers/firewalls.  Cost is about a buck a year per host from a company whos core offering is secure supported ddns service.  Kind of a no brainer.

I tested no-ip and dyndns and chose no-ip because I could assign passwords to groups of hosts (using random password generator).  With dyndns, you could assign a long code-key but Hikvision would not accept this many characters in the password field.

To me, this is common sense to make this switch.  Just make sure you have a group allocation and system naming scheme before you do this.  I used a password generator with all characters 8 in length.  (username is "group":"siteusername").

I find it hard to believe that there is such commotion over a service offered for convenience (which no other vendors offered), but should have said "use at your own risk".  Now that I look back at it, it was pure laziness on our part not to use a reputable ddns source, especially with all the other systems and firewalls we have deployed (you should be using it on the router/firewall, anyway).

Hi

Isn't that what a corporation should do? Listen to its customers and react in kind? They made  a decision based on the data available. Data proved to be wrong. Reverse course. That we are so much talking about this means that this is a company to take even more seriously. Not only are they listening, they have the wherewithal to act swiftly upon our desires and perhaps needs. They should be commanded.

Now frankly, we have always made sure of disabling this "feature" and still do heavy firewalling on corporate networks. For the most part we block everything except what's necessary for video recording, camera management and other associated data.

This is somewhat similar to the path taken by Microsoft which for the longest time weren't listening... They are now making great products based on customer feedback (read criticism).. OTOH Apple is moving in a different direction...They removed the so-basic earphone jack from the iPhone and changed not much inthe Macbook except to add a RIDICULOUS touch bar . Meanwhile Micro$oft cannot keep up with the demand for the Ultimate Laptop:The Surface which is not a laptop but a tablet .... or is it a laptop :) Sorry to be OT

if anything this will add to Hikvision bottom-line and sales.

John

Again this is what leaders face everyday. Microsoft is the most hacked OS because it is the overwhelming leader.. Hik is criticized for good reasons among these that they're  the leader in the industry by a very large margin. The vulnerabilities are real but so are those from many of their competitors Axis especially another leader which faces less scrutiny at this point.

The entire field  of IP-based surveillance and security systems needs to take a deep breath and consider cybersecurity as part of what we do. Not a separate field to be handled-off casually to another party. We are whether we admit it or not responsible for the well being and correct behavior of the systems we put in place. While this creates a new level of responsibility and complexity it also will drive more revenues. The Internet Of Things is upon us. This new road will bring new threats. For us Integrator in IP Surveillance it is both an opportunity and a threat. I personally tend to see it as a much needed opportunity when prices of hardware is falling so precipitously. Hik is one small driver in this: The real culprit is Moore's Law. Silicon has been growing cheaper and better by the nanosecond... It wasn't 3 years ago that a 1080p was the TOL now 4 MP are <$200 with WDR....

Update January 5th, Hik-online.com is now shut down. The site is up and one can login but when doing so, it just displays the discontinuation notice with no other options - e.g., no ability to manage devices or check status. In addition, new devices cannot be added, despite the notice saying that this could be done through February 16th.

We confirmed with Hikvision technical support that they will help with retrieving device lists if you contact them with your credentials: URL / username / password.

They also recommended using 3rd party services listed on the DNS tab: noip, peanuthull, or dyndns.

I guess the ADI flyer is now incorrect - as they do not have a free DDNS service included...