Suffering Criticism, Hikvision Keeps Insecure Online Service Up [Now Down]

Author: John Honovich, Published on Jan 03, 2017

Hikvision suffered severe criticisms for its abrupt plan to discontinue its Hikvision Online service, with 3 core functions to be removed on Dec 30th.

However, all of those functionalities continue to run in 2017, including the security vulnerabilities, and Hikvision has no explanation of what will happen next.

Update January 5th, Hik-online.com is now shut down. The site is up and one can login but when doing so, it just displays the discontinuation notice with no other options - e.g., no ability to manage devices or check status. In addition, new devices cannot be added, despite the notice saying that this could be done through February 16th.

********* ******** ****** ********** *** ********* **** ** ************** ********* ****** *******, **** * **** ********* ** ** removed ** *** ****.

*******, *** ** ***** *************** ******** ** *** ** ****, including *** ******** ***************, *** ********* *** ** *********** ** what **** ****** ****.

****** ******* ***, ***-******.*** ** *** **** ****. *** **** is ** *** *** *** ***** *** **** ***** **, it **** ******** *** *************** ****** **** ** ***** ******* - *.*., ** ******* ** ****** ******* ** ***** ******. In ********, *** ******* ****** ** *****,******* *** ****** ****** **** **** ***** ** **** ******* ******** 16th.

[***************]

Dec **** ***

*** **** *** ******** ** ** *** *** *** *** user ************, *** ****** ****** *** ********** ************. **** ** the *********** **** ********* *****:

*** ******* *** **** ********* ***:

******, **** ** ***** ******* ******** ** ** *********, ** is, ** *********'* *****.

******* *****

*** *** ************ ********* ** **** *** **** ****** **, device ****** *** ********** ******* ****** ** ***** *****:

No ***********

********* *** *** ******** *** ****** *********** *** ******** ** IPVM's *******. ******, **** ******* ** ** *** *******, *** interstitial ********* ** *** *** **** ** *** **** ** end ***** * *********, *** **** *********** ******* *** **** to ***** ****** *********.

Fix *** ******** ***************

** ********* ******* ** ******* ***** ******** **** *** **** Hik ****** ***** **********, **** ** ************** ***** *** *********** and ********** ********** **** **** *****.

*******, ** ********* ** ******* ***** ***** ***** ******** ********* claims *** **** ** ****** ********** ******* **** ***** **** track ******, *** ******** *************** ** ********* ****** **** ** fixed.

*** *******, *** ****** **** *** ******* ***** ** ***. Ironically, ***** *** *** ******** **** *** **** ***** **** their **** ******* *** **** ***** ** ******* ***** **** called ** ***. *********, ******* ***** ****-********** *,*** '*********' *** not **** **** **** ***'* *********.

********, *** ****** ***** ******* **** ** *********** **** (***** ******** ****) ***** *** ****** ** ******* ** ***** ****** ********* to *** ******* *** ****** ** ********** ** ********* ****** the *********** *** ********* **** ******, ********** *** *********** ***** devices **** ** ****** ** ******.

Communication ******** ********

**** ** *** ***** ** * ****** ** ************* ******.

  • *****, ********* ***** ***** * ****** ** *************** **** ******* **. It *** * **** ***** **** ********* *** ********* **, and **** ********* ******* *** ********* *** ***********.
  • ******, ********* *** ******* **** **** *** ****-**** *** ***** discontinued *** ** *** *** ***** * **** ***** **** Hikvision ********** ******** **** **** ***** ***
  • ***, ********* ****** ******* ** **, ******** ** *********'* ***** notice, **** ********* ***** **** ***** ****.

***** ********* ***** **** ***** *************** ********, ** ** * **** after *** ******* ***********. ***** **** **** ** ************ *** leave *** ******** *************** *******. ** ** ** *********** ********* for ********* ******* ** ********* ********* ** ****** ****** *** **** users **********.

Comments (15)

** *** ***** ********, ********* *** ***** *** ******* ** their ******-***************. *** ******** **************** ********. *** ******** *** ****** *** ****, ***:

  • *** *** ******* ** ***** *****, ****** ** ***** ******** 30th.
  • *** *** ******* ******* ***** **** **** *** ******** ***** their ****** **** *** ******** *******, *** ********* ** *** global *******.
  • *** *** ******* ***** ** **********-** ********* ******** ********, ****** *******, ***., ** ****-**** *** ****-****.

**** ******** ***** **** *** *** ***-******* *** ** ****** in *-* ****, ******** *** ***** *** **** ***** ********:

*** *** ***-******* *** ********* ***** **** * ******** **** EZVIZ ****** ********** ****:

*** ***** ** ** ****** ***** ******, ****** ** ******** or ****/********. *******, ******** ** *** **/**** **. ***** *** device's ** *******. **** ********** ** ***** ********.

*** *** **** ****/**** ******** ** *** ****** *** ********, but **** ** *** **** ************* *********.

**'** **** * **** ** ****** ***** **** *** ****** app ** ********.

**** *** ** *** *******,

*** **** ***** ** **** **** ** **** "*" ** the *** ** ****?

*-*?

** **** *** ***** ******* *** ***** / ******* / payment *** **** **** *****, ***** ******* ****.

** ***** ***** *** *** **** ** *** ****, *.*., reading ********, ** ****.

********* ***** **** *** **** ***** *** ******** ** *** Online, ********* ******* ** *** ******** ****** *********** *** ******* / *********.

**** ***'* **** ****** ***** **** *** ** :)

**** **** * ****** ******** ** ******** ** ********* ** millions ** ******* **** *** ****** ** ******* / ********** because ** ** ******* *********** *************. ** *** ** *** mind, **** ** ********* **** *********** *** ****** **** ******* do *** **** **** *******.

*** **** ****** ****** ** ***** "*" :)

**** *** *** ******. ***** *** * **** ** ****. We ******* *** ** ******* *********** ***** **** *** ***** has *** **** * **********.

** **** ** * ****** ***** ** ******* *** ******* we *** (***** **) ** **** ** **-**, ******** ** deletion **** *** ********* *******. **** *** ******** ** **** new **** ******* *** ************ ** *** *********.

**** ***** ** * ****** ******** **** ***** *** *** also *** *** **-** ****** ** ***** ******* ***/** *******/*********. Cost ** ***** * **** * **** *** **** **** a ******* **** **** ******** ** ****** ********* **** *******. Kind ** * ** *******.

* ****** **-** *** ****** *** ***** **-** ******* * could ****** ********* ** ****** ** ***** (***** ****** ******** generator). **** ******, *** ***** ****** * **** ****-*** *** Hikvision ***** *** ****** **** **** ********** ** *** ******** field.

** **, **** ** ****** ***** ** **** **** ******. Just **** **** *** **** * ***** ********** *** ****** naming ****** ****** *** ** ****. * **** * ******** generator **** *** ********** * ** ******. (******** ** "*****":"************").

* **** ** **** ** ******* **** ***** ** **** commotion **** * ******* ******* *** *********** (***** ** ***** vendors *******), *** ****** **** **** "*** ** **** *** risk". *** **** * **** **** ** **, ** *** pure ******** ** *** **** *** ** *** * ********* ddns ******, ********** **** *** *** ***** ******* *** ********* we **** ******** (*** ****** ** ***** ** ** *** router/firewall, ******).

**

***'* **** **** * *********** ****** **? ****** ** *** customers *** ***** ** ****? **** **** * ******** ***** on *** **** *********. **** ****** ** ** *****. ******* course. **** ** *** ** **** ******* ***** **** ***** that **** ** * ******* ** **** **** **** *********. Not **** *** **** *********, **** **** *** *********** ** act ******* **** *** ******* *** ******* *****. **** ****** be *********.

*** *******, ** **** ****** **** **** ** ********* **** "feature" *** ***** ** ***** *********** ** ********* ********. *** the **** **** ** ***** ********** ****** ****'* ********* *** video *********, ****** ********** *** ***** ********** ****.

**** ** ******** ******* ** *** **** ***** ** ********* which *** *** ******* **** *****'* *********... **** *** *** making ***** ******** ***** ** ******** ******** (**** *********).. **** Apple ** ****** ** * ********* *********...**** ******* *** **-***** earphone **** **** *** ****** *** ******* *** **** ***** Macbook ****** ** *** * ********** ***** *** . ********* Micro$oft ****** **** ** **** *** ****** *** *** ******** Laptop:The ******* ***** ** *** * ****** *** * ****** .... ** ** ** * ****** :) ***** ** ** OT

** ******** **** **** *** ** ********* ******-**** *** *****.

*** **** *** **** *********, **** **** *** *********** ** act ******* **** *** ******* *** ******* *****. **** ****** be *********.

********* **** ****** ** **** ** **** ****. *** ***** is ***** ** *******.

* **** ********** ***** **** *** ** **** **** ******** *** ******** ************************** ** ********. *********, ** ** **** *** ***** **** they *** *****.

** ******** **** **** *** ** ********* ******-**** *** *****.

************** ******* **** ********** **** ****** **** *****. *******, *** whole *******, ******** **** *** **** ** *** */***, ** definitely * ******** ** ******-**** *** *****.

* ** ***** **** ** **** *** ******* ** **** over *** **** ***** ** ***, ** **** ****** ****** over **** *** * ** *** ******* **** **** **** ever ** * *** ******* ** ********* (** *** ******* that **** ******* ** ******* **** ****).

****

***** **** ** **** ******* **** ********. ********* ** *** most ****** ** ******* ** ** *** ************ ******.. *** is ********** *** **** ******* ***** ***** **** ****'** *** leader ** *** ******** ** * **** ***** ******. *** vulnerabilities *** **** *** ** *** ***** **** **** ** their *********** **** ********** ******* ****** ***** ***** **** ******** at **** *****.

*** ****** ***** ** **-***** ************ *** ******** ******* ***** to **** * **** ****** *** ******** ************* ** **** of **** ** **. *** * ******** ***** ** ** handled-off ******** ** ******* *****. ** *** ******* ** ***** it ** *** *********** *** *** **** ***** *** ******* behavior ** *** ******* ** *** ** *****. ***** **** creates * *** ***** ** ************** *** ********** ** **** will ***** **** ********. *** ******** ** ****** ** **** us. **** *** **** **** ***** *** *******. *** ** Integrator ** ** ************ ** ** **** ** *********** *** a ******. * ********** **** ** *** ** ** * much ****** *********** **** ****** ** ******** ** ******* ** precipitously. *** ** *** ***** ****** ** ****: *** **** culprit ** *****'* ***. ******* *** **** ******* ******* *** better ** *** **********... ** ****'* * ***** *** **** a ***** *** *** *** *** * ** *** with ***....

**** ********** ******* ****** ***** ***** **** ******** ** **** point.

* **** *** *** ***** ** **** *** * **** to ********* **** ** **** *** **** **** ** ***** the **** ******** ******** ************* *** ** ******* ** **********, including *****, *.*.:**** ******** ******** *************,**** ****** **** ******,**** ******* ****** ******** ****** **** ******** *********, ***.

****** **** * ******* ****** ****:

  • ******, ** ******** ** *** ********* ** ******, **** **** people **** ** ********
  • *** ********** ** *** ************* - ** *** **** **** to **** *** **** **** ***** / ****** ** *******
  • **** ****** ********** **********

*** ***** ****** ** *********'* ********** *********. ********* ** ****** a ***** **** ** ************ **** *** ** *** ********* with *** **** *************. **** ****** ***** ** *** **** do ***, ********* ** **** ********** ******* ******** *** *********** are.

****** ******* ***, ***-******.*** ** *** **** ****. *** **** is ** *** *** *** ***** *** **** ***** **, it **** ******** *** *************** ****** **** ** ***** ******* - *.*., ** ******* ** ****** ******* ** ***** ******. In ********, *** ******* ****** ** *****,********** ****** ****** **** **** ***** ** **** ******* ******** 16th.

** ********* **** ********* ********* ******* **** **** **** **** with ********** ****** ***** ** *** ******* **** **** **** credentials: *** / ******** / ********.

**** **** *********** ***** *** ************* ****** ** *** *** ***: ****, **********, ** ******.

* ***** *** *** ***** ** *** ********* - ** they ** *** **** * **** **** ******* ********...

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Chinese Government Hikvision Surveillance System On US Government Network on Jan 18, 2018
Hikvision, the Chinese government-owned manufacturer, has publicly claimed that their products are running on a US government network. Moreover,...
Axis: "It’s A Question Of Trust And Who You Want To Be Associated With" on Jan 17, 2018
Who do you trust? Who do you want to be associated with? Axis is raising hard questions to start 2018. In this note, we examine these questions,...
'Defiant' Hikvision 'Strikes Back' At WSJ And US on Jan 16, 2018
The fight is on. Hikvision and their owner, the Chinese government, 'strikes back' against the Wall Street Journal and US politicians raising...
Hikvision Removed From US Army Base, Congressional Hearing Called on Jan 12, 2018
Hikvision has been removed from a US Army Base and a US congressional committee is planning a hearing on cybersecurity risks and specifically,...
Hikvision Declares 'Never Click On Links In Emails' on Jan 09, 2018
Hikvision is stepping up its cybersecurity efforts with a clear recommendation - to never click on links in emails: It is a surprising change...
Chinese Government Attacks Western Reports on Jan 03, 2018
The Chinese government is angry at the BBC and WSJ's reporting on Chinese video surveillance (see BBC Features Dahua and WSJ Investigates China's...
Hacked Hikvision IP Camera Map on Dec 18, 2017
The interactive map below shows a sample of hacked and vulnerable Hikvision IP cameras across the USA. Hover over a marker to see an image from...
Robot Vandalism on Dec 11, 2017
Vandalism of security systems is a common concern. It is so common that camera vandalism statistics show that designers routinely sacrifice camera...
Broken Hikvision App Exposes Hypocrisy on Dec 06, 2017
While Hikvision talks about a commitment to cybersecurity, their broken app and their insecure 'solution' exposes not only their engineering...
ASIS Dumps 'ASIS' For Show on Dec 06, 2017
After 60+ years, ASIS is dumping its eponymous show name and replacing it with 'GSX'. This is a classic marketing mistake. For a show struggling...

Most Recent Industry Reports

PoE Powered Access Control Tutorial on Jan 19, 2018
Powering access control with Power over Ethernet is becoming increasingly common.  However, access requires more power than cameras, and the...
If You Have 4 Cameras, You Can Throw Them Away, If You Have 400, They Throw You Away on Jan 19, 2018
Do users care about anything but price? Do user care about cybersecurity? Do users care about trusting their supplier? These have become...
Chinese Government Hikvision Surveillance System On US Government Network on Jan 18, 2018
Hikvision, the Chinese government-owned manufacturer, has publicly claimed that their products are running on a US government network. Moreover,...
Winter 2018 Camera Course on Jan 18, 2018
Learn video surveillance and get certified. Register now. Save $50 on the course, ending this Thursday the 18th, plus get access to 2 class times...
VSaaS Usage Statistics 2018 on Jan 18, 2018
VSaaS has been a 'next big thing' for more than a decade. The prospect of managing, storing and streaming video from the cloud rather than...
Vivint Streety Video Strengthens Door Knocking on Jan 17, 2018
Vivint is famous (or infamous depending on your perspective) for mastering large scale door to door selling. The company has skyrocketed from a...
Axis: "It’s A Question Of Trust And Who You Want To Be Associated With" on Jan 17, 2018
Who do you trust? Who do you want to be associated with? Axis is raising hard questions to start 2018. In this note, we examine these questions,...
Software House Vulnerability Allows Inside Attacker To Open Doors on Jan 17, 2018
A vulnerability in Software House IP-ACM modules allows an attacker to potentially unlock doors, or perform other actions, on affected systems....
'Defiant' Hikvision 'Strikes Back' At WSJ And US on Jan 16, 2018
The fight is on. Hikvision and their owner, the Chinese government, 'strikes back' against the Wall Street Journal and US politicians raising...
The 2018 Surveillance Industry Guide on Jan 16, 2018
The 300 page, 2018 Video Surveillance Industry Guide, covering the key events and the future of the video surveillance market, is now available,...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact