Hikvision's Hik-Connect Cloud Connects To Vulnerable Devices
Vast numbers of Hikvision devices are vulnerable, but atypically, Hikvision's cloud service connects to those devices, without forcing any firmware updates, facilitating child pornography distribution and cybersecurity risks.
There are steps that Hikvision should take to mitigate these issues and force devices to be updated.
Outdated ******** ** ********* *******
**** ******** *********'* ***** ******** ***** connections ** * ********* ***-**-**** *******, including * **** ***** *************** ***************. *** *** ****** *** * version ** ******** **** *** *** the ****** *** *** *** **** any ***** ***************:
********* ******* *** **** ******** ******* manually ********* ************* ****** ********** ********, ******** ********* ** *** *** UI, ** ******* ********** ****** ***-********** ******. ******* ***** ******* ******* **** and, ** **** *****, ****** ****** access, **** *** ************* **** ****** to ****** ** ******** ******** ** auto-cloud ********.
Hikvision's ******** *************** *** *******, ******* *** ********
********* *** *** ** ****** ******** *************** ***** ****, **** ********* **** *** ******* devices. ***** ***** ** ******* ******** to *** *** ***************, ******* ** the ***-**** ************ ***** ** **** Hikvision *******, **** *** ****** *** to ******* ******* ******* *** *********** but****** *****-*** ********* ******* ** **** fail, ** ********* ** **** **********. **** *** ****** ** ******* with ********** ******** **** ***** *** revisions ******.
Competitor ******* ********
*** ** *** *********** ************* ********* of ******-**-***** ******* ** **** ********/******** vulnerabilities *** ** **** ******* *** remotely ********* ** *** ************ ******* action **** *** **** ** **********.
**** * *** ****** ** ********* to *** ********, *********, *** ***** provider **** ************* ******* *** ******** to *** ****** ******* *** ******** to ************* ******* *** ******* ** allow ***** ** *** ******** ******* of **** **** ******* **** ******.
******* **** *** **** *** ******'* firmware *******, **** ********* "** ** date":
******** **** **** ******* *** ******* for *******:
****** ******* *** ******** ******* *** if ***** *** *** ******** *********.
****** **** *** ************* *********** ******* but ****** *** ********* ******** ********** of ********, *** *******, "***** ****** at * **".
Require ******** ******** ** ***-********** ********
**** ********** **** ********* ******* * non-vulnerable ******* ** ******** **** ***-******* is ***** ******* ** * ******. While **** ***** *** *********** ******* future *************** ** ********, ** ****** be * ******* ***** *** ***** its ***** ********.
***** **** *** ********** ******** ********** friction *** *** *******, ** **** significantly ******** *** ******** ** ***** firmware **** **** *** *********** ******** risk ** ********* *** *** *********.
App ************ **** ******** *** *********
***** ***-******* **** *** ***** ********* firmware ******** ** *** ***, ** would ********* **** *** *** ******* firmware ******** ** ***** ** ****** the **** **** ***** *** ******** updates *** ********* *******.
** *** ******* *****, * **** Camera ******* *** ******** *** **** when ******* * ****** **** *** a *** ******** ******* *********.
**** ***** ****** ***** * *********** portion ** *********** ** ***** ******** Hikvision *****, ****** ** ***** *** help ***** **** ** *** *** Hik-Connect ** **** ********** *** *****.