Hikvision Admits Backdoor 'PR Issue'

By John Honovich, Published Oct 24, 2017, 09:04am EDT

Hikvision is admitting a problem.

The backdoor itself is evidently not the problem for them.

The problem, according to Hikvision, is a public relations issue, as their new Cybersecurity Director / spokesperson Chuck Davis [link no longer available] explained:

Undoubtedly, Hikvision is correct that they have a 'PR issue' but the 'PR issue' is grounded in real product and communication problems.

Vote / Poll

Positive - ****** *** ************* ************

** ********** ******* ** is * ******** **** Hikvision *** **** ** hire * *** ************* spokesperson *** **** *****' background (********* ******* ** IBM) ***** ******** *********'* struggling ************* *******, ********** since *****' *********** ************ disappeared ******* **** **** (see********* *** **** ** Cybersecurity *****).

********, ****** ***** ** a ****** **** ** a **** ** **** their****** ******* ****** * crisis ************** ******, *********-**** **** *********'******' *****. ***, **** **** an *********** ************* ****** willing ** ** *** public **** *** *********, rather **** ** ****** or *** ***** ***** releases.

*** ***** ** ****** downside, ***** *********'* ** issues, **** ** ***** was ** *****, ** would ******** **** ****** worse ** *** **** already ********* ***** *********'* cybersecurity.

Hikvision *** ******

***** ** ******* **** the ******** ** *********'* cybersecurity, **********:

*************, ***** *** *** comment ** *** ******* issues **** **** **** many ** ******** ********* product ******** **** **:

Reaching *** ******, ******** *** ****

***** ***** ****** ******* reported *** **** ** will ***** *** ** the ****** ** ** that:

**********, ** ***** *********** in *** ******** ******* on ********* ******** ******, obviously *** ******* **** do *** *****, *** because ********* ***** ** hide ** **** *** public. *** **** **** Hikvision *** ******* *** trade ***** ** ****** indirectly ** ************* ******** is ** * ******* to ********* **** ****. And **** ********* **** communicate **** **** *** dealers,*** ************* ** ****** with **** *** *****************.

*******, ** **** ******* out ** ***** ********** to **** *** ***** has ******* ** *******. We ********* ** *** hold ******** ******* *** for ****. ** *** to **** *** ****** of *** ******* ********** superiors.

Chinese ** *********

**********, ********* ***** ********** remains *** **** ******** for ***** *** ********* 'overseas'. ******** *******:

  • ****** *****, ***** ******** issues *** ********* *** important. **** ** ****, this ** * ******* where *** ********** ******** and ******** ******* *** entire ******** *** *** access ****** **** ** whatever ******** ** *****. By ********, *** '********' cybersecurity ******** ***** *********** and *****.
  • ********* ** **** ********* about *** ********* ***********'* ******* ********** ********* and *******. *** ************* *****, especially ***** *** *** Chinese ********** ******** *** own ********* ********, ***** to ** ********** **** their ********** *********, ******** criticism ** ****.
  • ******* *** ***** ** tightly ********** ****** *****, state ***** ************ **** Hikvision **** ** ********** nor ************* ***** *** they ******** ***** ** criticized ** * **** press. ***** ******* ** tactic ** ** ***** spin *** ** ****** everyone ** ****** ****** it. **** ******* ********* ************* ************* ** date.
  • ****** ************* ***** ****** costs *** **** ******* issues. **** ** * part ** *** ******* tension ******* ******** *** usability. ******* ********* ** and ****** ******** ***** and ******** ********* ** plain **** *** ***** it ****** *** ******* to ******* ********, ********** when ********* **** *** cost ** * *** differentiator. ****** ****** ************* seriously **** ******** ***** and **** ******** **** difficult ** *******.

New ****** / **** ********?

*****, ****** ***** ** definitely * **** ****. But **** ********* ***** allow ***** ** **** fundamental ******** ******* ** product *** *************? *********'* track ****** *** *** first ****** ************* ******** not *** ** **** definitely ** *********** ** see ** **** ******** over *** **** ****.

Comments (16)

At BEST, Hikvision could be graded as average! Who voted strong? I mean c'mon, I sell Dahua, but I don't drink the Kool-Aid.

The WHOLE of IoT is a cybersecurity sh*tshow atm. One motivated hacker and any one AAA manufacturer is the new victim. Until we stop relying on obfuscation to protect our products and switch over to fearless open penetration testing by third parties we're just waiting for another disaster to hit.

I keep saying we need a Pwn2Own style competition to keep all manufacturers accountable and frosty. This needs to happen if we are to get ahead of these issues and the attacks of tomorrow.

 

0900 CDT Edit: Now we're up to 3 votes... Seriously guys?

Agree: 16
Disagree
Informative: 1
Unhelpful
Funny

At BEST, Hikvision could be graded as average! Who voted strong?

Current Odds

Sean: Even Money

Marty: 3-2

Jon D.: 4-1

John H: 10,000-1 

:) 

Agree: 1
Disagree
Informative
Unhelpful
Funny: 16

Now with 3 votes in the "Strong" category, I should probably make my guesses.

Sean is actually NOT one of those votes if my previous conversations with him are any indicator. He's just a businessman, not a Kool-Aid drinking believer. I'm trusting he would be an "Average" vote.

Marty, on the other hand, he'd vote "Strong", depending on if he saw the poll yet and if he cared any more.

Jon D., also in the "Average" category.

If anything, all 3 are Hikvision employees.

Agree: 2
Disagree
Informative
Unhelpful
Funny: 2

Given the entirely non scientific nature of this poll, I'd suggest that anyone voting strong is merely doing it for s&gs.

Agree: 1
Disagree
Informative
Unhelpful
Funny: 4

I think the best thing all the manufactures could do is to have hack-fests (as Robert mentioned) and bug bounty programs.  Pay hackers and researchers to find bugs and disclose them so they can be fixed.  Crowd source better security.

Agree: 3
Disagree
Informative
Unhelpful
Funny

But they do reward hackers for reporting their bugs. Dahua gives out cameras.

 

Agree
Disagree
Informative
Unhelpful
Funny: 4

"frosty"?  Im not a member of or associated in any way with the US Marine Core, but Semper Fi.

Agree
Disagree
Informative
Unhelpful
Funny

Disagreeing with anything that has Chinese Government involvement, or worse dismissing it, is a dangerous hobby especially if you are Chinese and living in China. The latest disclosures involving mass doping in the 80's and 90's and the threat to anybody involved around it with imprisonment etc speaks for itself. Back to topic...This to me sounds like what it is, another PR exercise. Words are cheap, although this new guy I'm sure comes with a hefty price tag, and action is what's required, not more words...

I wonder if this gentleman is able to turn around what seems to be a 'culture' within Hikvision and if he has enough influence for the Chinese to actually listen to him.

Time will tell...

Agree: 3
Disagree
Informative: 1
Unhelpful
Funny: 1

I voted average, but probably would have voted weak if they didnt patch the vulnerability and were not making positive moves towards cyber security. I will vote strong once they:

- implement optional firmware updates. These updates need to be notified to the end user via a push notification on the mobile app (or when they login) or if there is a notice that pops up whenever they login to the devices thru web interface of CMS. What Im saying is: Slapping up a notice on your website to inform users to update firmware is not working.

- Continue to invest more in cybersecurity and let the public know about it. Hiring this guy is a good move. He will need to be vocal about specific steps Hikvision is taking to make the most secure device in the industry. Make the steps often and specific.

If Hik really wants to get into the enterprise level their goal should literally be to make the most secure device in the industry. The only downside to this would be that their would be far less talking points on IPVM.

Agree: 2
Disagree
Informative
Unhelpful
Funny

Called it! See, I know you well enough that you would never be a drone. Cheap as hell, but never a bought and paid for drone. :P

Agree: 1
Disagree
Informative
Unhelpful
Funny: 1

Cheap as hell

 

Says the guy that still works at a Dahua distributor.... :)

Agree
Disagree
Informative
Unhelpful
Funny: 4

You're the one who brings up Alibaba as a counterargument to my prices! :P

Agree
Disagree
Informative
Unhelpful
Funny: 2

I would like to vote for both weak and average.  What I mean is that I think that cyber security in this industry is generally weak.  If you compare Hik to a lot of other camera/DVR manufacturers (even VMS manufacturers) I think they're about average.  But if you compare the video surveillance industry to most other technology industries I think it's pretty weak.  

Agree: 6
Disagree
Informative
Unhelpful
Funny

Agreed. Any network device needs attention. No network engineer would advice a company to use a Windows laptop on a network without the proper security measures. They take the neccessary steps to ensure a safe network.

All backdoors and 'hacks' (not changing the admin), could have been prevented by creating the right environment. We all know Windows to be a good platform but with issues. I think any IP security device should be treated the same way. Don't leave it in the hands of the one who builds it to decide your level of security.

Agree
Disagree
Informative
Unhelpful: 1
Funny

It's not news that our industry is unprepared for providing network security nor that most security manufacturers are hoping not to be "outed" in public for shoddy workmanship.

What is news is that a company in the midst of all this is referring to it as a "PR Problem". That is beyond ridiculous..... I voted "Weak" just based on that comment.

Agree: 5
Disagree
Informative: 1
Unhelpful
Funny

 

Agree: 3
Disagree
Informative
Unhelpful
Funny: 8
Read this IPVM report for free.

This article is part of IPVM's 7,197 reports and 958 tests and is only available to subscribers. To get a one-time preview of our work, enter your work email to access the full article.

Already a subscriber? Login here | Join now
Loading Related Reports