Hikvision Admits Backdoor 'PR Issue'

By: John Honovich, Published on Oct 24, 2017

Hikvision is admitting a problem.

The backdoor itself is evidently not the problem for them.

The problem, according to Hikvision, is a public relations issue, as their new Cybersecurity Director / spokesperson Chuck Davis [link no longer available] explained:

Undoubtedly, Hikvision is correct that they have a 'PR issue' but the 'PR issue' is grounded in real product and communication problems.

Vote / Poll

Positive - ****** *** ************* ************

** ********** ******* ** is * ******** **** Hikvision *** **** ** hire * *** ************* spokesperson *** **** *****' background (********* ******* ** IBM) ***** ******** *********'* struggling ************* *******, ********** since *****' *********** ************ disappeared ******* **** **** (see********* *** **** ** Cybersecurity *****).

********, ****** ***** ** a ****** **** ** a **** ** **** their****** ******* ****** * crisis ************** ******, *********-**** **** *********'******' *****. ***, **** **** an *********** ************* ****** willing ** ** *** public **** *** *********, rather **** ** ****** or *** ***** ***** releases.

*** ***** ** ****** downside, ***** *********'* ** issues, **** ** ***** was ** *****, ** would ******** **** ****** worse ** *** **** already ********* ***** *********'* cybersecurity.

Hikvision *** ******

***** ** ******* **** the ******** ** *********'* cybersecurity, **********:

*************, ***** *** *** comment ** *** ******* issues **** **** **** many ** ******** ********* product ******** **** **:

Reaching *** ******, ******** *** ****

***** ***** ****** ******* reported *** **** ** will ***** *** ** the ****** ** ** that:

**********, ** ***** *********** in *** ******** ******* on ********* ******** ******, obviously *** ******* **** do *** *****, *** because ********* ***** ** hide ** **** *** public. *** **** **** Hikvision *** ******* *** trade ***** ** ****** indirectly ** ************* ******** is ** * ******* to ********* **** ****. And **** ********* **** communicate **** **** *** dealers,*** ************* ** ****** with **** *** *****************.

*******, ** **** ******* out ** ***** ********** to **** *** ***** has ******* ** *******. We ********* ** *** hold ******** ******* *** for ****. ** *** to **** *** ****** of *** ******* ********** superiors.

Chinese ** *********

**********, ********* ***** ********** remains *** **** ******** for ***** *** ********* 'overseas'. ******** *******:

  • ****** *****, ***** ******** issues *** ********* *** important. **** ** ****, this ** * ******* where *** ********** ******** and ******** ******* *** entire ******** *** *** access ****** **** ** whatever ******** ** *****. By ********, *** '********' cybersecurity ******** ***** *********** and *****.
  • ********* ** **** ********* about *** ********* ***********'* ******* ********** ********* and *******. *** ************* *****, especially ***** *** *** Chinese ********** ******** *** own ********* ********, ***** to ** ********** **** their ********** *********, ******** criticism ** ****.
  • ******* *** ***** ** tightly ********** ****** *****, state ***** ************ **** Hikvision **** ** ********** nor ************* ***** *** they ******** ***** ** criticized ** * **** press. ***** ******* ** tactic ** ** ***** spin *** ** ****** everyone ** ****** ****** it. **** ******* ********* ************* ************* ** date.
  • ****** ************* ***** ****** costs *** **** ******* issues. **** ** * part ** *** ******* tension ******* ******** *** usability. ******* ********* ** and ****** ******** ***** and ******** ********* ** plain **** *** ***** it ****** *** ******* to ******* ********, ********** when ********* **** *** cost ** * *** differentiator. ****** ****** ************* seriously **** ******** ***** and **** ******** **** difficult ** *******.

New ****** / **** ********?

*****, ****** ***** ** definitely * **** ****. But **** ********* ***** allow ***** ** **** fundamental ******** ******* ** product *** *************? *********'* track ****** *** *** first ****** ************* ******** not *** ** **** definitely ** *********** ** see ** **** ******** over *** **** ****.

Comments (16)

At BEST, Hikvision could be graded as average! Who voted strong? I mean c'mon, I sell Dahua, but I don't drink the Kool-Aid.

The WHOLE of IoT is a cybersecurity sh*tshow atm. One motivated hacker and any one AAA manufacturer is the new victim. Until we stop relying on obfuscation to protect our products and switch over to fearless open penetration testing by third parties we're just waiting for another disaster to hit.

I keep saying we need a Pwn2Own style competition to keep all manufacturers accountable and frosty. This needs to happen if we are to get ahead of these issues and the attacks of tomorrow.

 

0900 CDT Edit: Now we're up to 3 votes... Seriously guys?

At BEST, Hikvision could be graded as average! Who voted strong?

Current Odds

Sean: Even Money

Marty: 3-2

Jon D.: 4-1

John H: 10,000-1 

:) 

Now with 3 votes in the "Strong" category, I should probably make my guesses.

Sean is actually NOT one of those votes if my previous conversations with him are any indicator. He's just a businessman, not a Kool-Aid drinking believer. I'm trusting he would be an "Average" vote.

Marty, on the other hand, he'd vote "Strong", depending on if he saw the poll yet and if he cared any more.

Jon D., also in the "Average" category.

If anything, all 3 are Hikvision employees.

Given the entirely non scientific nature of this poll, I'd suggest that anyone voting strong is merely doing it for s&gs.

I think the best thing all the manufactures could do is to have hack-fests (as Robert mentioned) and bug bounty programs.  Pay hackers and researchers to find bugs and disclose them so they can be fixed.  Crowd source better security.

But they do reward hackers for reporting their bugs. Dahua gives out cameras.

 

"frosty"?  Im not a member of or associated in any way with the US Marine Core, but Semper Fi.

Disagreeing with anything that has Chinese Government involvement, or worse dismissing it, is a dangerous hobby especially if you are Chinese and living in China. The latest disclosures involving mass doping in the 80's and 90's and the threat to anybody involved around it with imprisonment etc speaks for itself. Back to topic...This to me sounds like what it is, another PR exercise. Words are cheap, although this new guy I'm sure comes with a hefty price tag, and action is what's required, not more words...

I wonder if this gentleman is able to turn around what seems to be a 'culture' within Hikvision and if he has enough influence for the Chinese to actually listen to him.

Time will tell...

I voted average, but probably would have voted weak if they didnt patch the vulnerability and were not making positive moves towards cyber security. I will vote strong once they:

- implement optional firmware updates. These updates need to be notified to the end user via a push notification on the mobile app (or when they login) or if there is a notice that pops up whenever they login to the devices thru web interface of CMS. What Im saying is: Slapping up a notice on your website to inform users to update firmware is not working.

- Continue to invest more in cybersecurity and let the public know about it. Hiring this guy is a good move. He will need to be vocal about specific steps Hikvision is taking to make the most secure device in the industry. Make the steps often and specific.

If Hik really wants to get into the enterprise level their goal should literally be to make the most secure device in the industry. The only downside to this would be that their would be far less talking points on IPVM.

Called it! See, I know you well enough that you would never be a drone. Cheap as hell, but never a bought and paid for drone. :P

Cheap as hell

 

Says the guy that still works at a Dahua distributor.... :)

You're the one who brings up Alibaba as a counterargument to my prices! :P

I would like to vote for both weak and average.  What I mean is that I think that cyber security in this industry is generally weak.  If you compare Hik to a lot of other camera/DVR manufacturers (even VMS manufacturers) I think they're about average.  But if you compare the video surveillance industry to most other technology industries I think it's pretty weak.  

Agreed. Any network device needs attention. No network engineer would advice a company to use a Windows laptop on a network without the proper security measures. They take the neccessary steps to ensure a safe network.

All backdoors and 'hacks' (not changing the admin), could have been prevented by creating the right environment. We all know Windows to be a good platform but with issues. I think any IP security device should be treated the same way. Don't leave it in the hands of the one who builds it to decide your level of security.

It's not news that our industry is unprepared for providing network security nor that most security manufacturers are hoping not to be "outed" in public for shoddy workmanship.

What is news is that a company in the midst of all this is referring to it as a "PR Problem". That is beyond ridiculous..... I voted "Weak" just based on that comment.

 

Read this IPVM report for free.

This article is part of IPVM's 6,538 reports, 881 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

School District Admits Not Following FDA Guidelines With 144, No Blackbody, Hikvision Fever Cameras on Aug 21, 2020
The Baldwin County School District has admitted it is not following FDA...
Hikvision Admits Minority Recognition, Now Claims Canceled on Jul 23, 2020
For the first time, Hikvision has directly addressed its minority recognition...
Dartmouth College Deploys K3 Temperature Screening on Sep 29, 2020
While Dartmouth College has a $6+ billion endowment, the College has bought...
Dahua USA Admits Thermal Solutions "Qualify As Medical Devices" on Jul 02, 2020
Dahua USA has issued a press release admitting a controversial point in the...
Clinton Public View Monitor (PVM) Mask Detection Tested on Jul 09, 2020
Face mask detection, or more specifically not wearing one, is expanding...
Hikvision Salespeople: We Don't Need A Blackbody on May 13, 2020
Dahua jumped out on its cross-town rival selling fever cameras but Hikvision...
Hanwha Face Mask Detection Tested on Jul 01, 2020
Face mask detection or, more specifically lack-of-face-mask detection, is an...
Integrator Acquisitions 'A Good Market' During COVID-19, Says Greybeards on Jul 28, 2020
Industry broker Ron Davis of the "Greybeards" says that the integrator and...
Integrators Rising Against Coronavirus on May 27, 2020
IPVM integrator statistics make it clear - Coronavirus's impact on business...
Avigilon Social Distancing Analytics Tested on Aug 26, 2020
Avigilon released its social distancing analytics in response to the...
InVid Flaunts Violating FDA Guidelines on Aug 28, 2020
InVid Tech is showcasing an open violation of FDA fever screening guidelines...
Colombia's President Promotes Bad Hikvision Fever Camera Setup on Jun 17, 2020
Colombia's President Iván Duque has promoted a haphazard Hikvision fever...
ISC News Fakes Fever Screening, Falsely Quotes FDA on Jun 18, 2020
ISC News, the Reed publication behind the ISC East and West trade shows, has...
Manufacturers Doing Better Than Expected Against Coronavirus on May 05, 2020
Coronavirus impacts are not hitting manufacturers as badly as they feared,...
Dangerous Hikvision Fever Camera Showcased by Chilean City on Aug 07, 2020
Deploying a fever camera outdoors, in the rain, with no black body, is...

Recent Reports

New Products Show Fall 2020 continues tomorrow with Genetec, Milestone, Avigilon, Microsoft and more! on Sep 29, 2020
IPVM's sixth online show continues tomorrow and will feature New Products...
Avigilon / Motorola VS Virtual ISC West on Sep 29, 2020
ISC West has historically been so dominant that no player would think of...
Dartmouth College Deploys K3 Temperature Screening on Sep 29, 2020
While Dartmouth College has a $6+ billion endowment, the College has bought...
Hanwha AI Object Detection Tested on Sep 28, 2020
Hanwha has added detection and classification of people, cars, clothing...
Favorite Access Control Manufacturers 2020 on Sep 28, 2020
200+ Integrators told IPVM "What is your favorite access control management...
OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
The Future of Metalens For Video Surveillance Cameras - MIT / UMass / Immervision on Sep 25, 2020
Panoramic cameras using 'fisheye' lens have become commonplace in video...
Hikvision Sues Over Brazilian Airport Loss on Sep 24, 2020
Hikvision was excluded from a Brazilian airport project because it is owned...
China General Chamber of Commerce Calls Out US Politics on Sep 24, 2020
While US-China relations are at an all-time low, optimism about relations...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
IP Networking Course Fall 2020 - Last Chance - Register Now on Sep 23, 2020
Today is the last chance to register for the only IP networking course...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Norway Council of Ethics Finds Hikvision Human Rights Abuses "Ongoing" on Sep 23, 2020
Hikvision's involvement in "serious human rights abuse" in Xinjiang is...
IPVM Camera Calculator User Manual / Guide on Sep 23, 2020
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The...