Hikvision NA Biggest Sale of 2017 (Twice)

By: IPVM Team, Published on Dec 28, 2017

Hikvision North America has been relatively disciplined the past 5 months, reducing the number of sales and the breadth of what is on sale.

No more.

After hitting a record price cutting run in the first half of 2017, Hikvision NA is back with its biggest sale of 2017.

Update: And again, a second time in 3 weeks.

Inside, we examine this sale, what has changed, how it compares and reflects on Hikvision's positioning and the overall market.

Biggest **** ****

*** **** ** ********* running ** ** ** 15%, they **** ******* *** recent *********** ** ***-*** products *** *** *** minimum ******** ****** ** half. **** ** *** December **** **** ***** from ***:

*** * ***** *****, another '******* **** *****':

** ********, ******** **** 2nd **** ***** **** ********** to '***** & ***** HD ******** ****' *** required ***** ** **** for *********:

 

Joining ** **** *** ********* ** * ** *

*** ********* ***** *** FLIR (** *** ***-*** products) *** *** ****** company / *** ********* ** join ** *** **** on *** ***** ******** one, *** *********'* ********** second *****.

**** *** *** * rough **** (***: **** ******** ******** **********) *** *********'* ***** sales mainly ***** *** ** their ********* ***** *** ownership ** ***.

Hikvision ***** ** ****

********* *** *** * rough **** ****** ****. In *********, ******* ******* ** *********'* IP ****** ************ *********, ******* *** easy *** *** *** vulnerability ***. ** ********,*** *** ************ *********, ******** *********'* **** *** Chinese ********** ********* ** the ******* *****. ** the ********,*********'* ****** ***** *** has ******* *******************'* ******** ******* ******** ONVIF *************** ****** ******** *** more ********* ** ******* **** been ****** ** ****** exploiting *** ******** *** Hikvision's ****-**** ******** ******* *** ********** to *** **** **********. 

Winner ***

*******, *** ** *** winner ****. **** **** can ******** ** *** struggling ************* ******* **** other, *** *** ************** **** **** **** their *** *-*** ********, ***** *** ***** *** cunning ** ***.

Bad **** *********

**** ********* ** ****** its **********, **** ** tried ** **** *** the **** * ******, is * *** **** for **** *** **** a ********** ** *** reality **** **** ****. Top **** ******* ****** has ****** **** ***** priority *** **** **** shows **** **** **** to **** ** ** margins *** ******* ** try ** ******* ****, especially **** *** *** negative ****** ** *** past *** ******.

From *** *** ** ***** ************ ** ********** **** *****, ********* *** ******* ******

** *** **** * ****** ago **** ********* *** *********** *** '*** ** ***** surveillance':

*** *** ** ** a ********** ********* *****. Hikvision's *** ***** ** trying ** **** *** damage **** *** ****** due ** ***** ************* issues, ********** ********* *** quality ********. ************* *** them, ***** **** *** stop ****.

 

Comments (42)

You must admit this is all guess work, right? Did Hikvision inform you of their NA Sales numbers? Without direct knowledge of Sales numbers (which you do not have) this is an attempt to misrepresent what has been an outstanding year actually as Hikvision has released many new and innovative products and accepted several industry awards.  Hikvision is well on the way to year 1,2,3,4,5,6 #7 in a row leading the Industry, is that not correct?

This is nothing more than an end of year offering from a company that has the same issues as every other manufacturer in this space offering IP Cameras.Glorifying and lambasting over 'possible short-lived engineering oversights' certainly does not constitute 'losing its discipline' mentality as being portrayed here.

As a dealer in good standing, we look forward to a very prosperous 2018.

 

 

Marty, you're back! A lot of us have been waiting for a classic Marty comment!

You must admit this is all guess work

No, we have lots of industry sources and the reports are consistent that Hikvision NA is missing their numbers significantly and struggling to grow.

Even without that, you don't need to be Sherlock Holmes to realize that a company who was crushing their numbers is not going to put their products on such aggressive price cuts.

Hikvision has released many new and innovative products

I actually agree that Hikvision has released many new products and many have been ambitious, like DarkfighterX and DeepInMind but those products have come out so late in the year that from a revenue standpoint (which is what we are talking about here) it will have minimal impact.

and accepted several industry awards

Irrelevant to growth. If growth was caused by industry awards, Arecont would be killing it, but they are not.

company that has the same issues as every other manufacturer in this space offering IP Cameras

Backdoor, security codes cracked, emailing admin passwords in plain text, UPnP issues, recommending port forwarding in their hardening guide and now in their cloud app - Let's be fair, Marty. Hikvision is #1.... in cybersecurity problems.

As a dealer in good standing

No, you are not a dealer in good standing. You are a dealer in GREAT standing and all Hikvision sources say that :)

John, when you're talking about 

cybersecurity problems

Do you have any facts about current, not fixed yet vulnerabilities? I understand that you hate Hik (and I don't care about your personal reasons), but as a user of this product and an integrator, I'd like to know if there's a real, non-hypothetical risk of getting security problems with Hik devices. If you know something, please disclose this information.

Dennis, I don't hate Hikvision and it's unprofessional of you to state that as if it is a fact when you ask a question of me. I don't smear you and then ask you for input.

Hikvision, like most every manufacturer, fixes vulnerabilities that are publicly disclosed. 

#1, are you using a VPN for Hikvison products? Or are you, as Hikvision directs, using port forwarding or Hik-Connect? Both of the later are going to expose you to future issues. Regardless of everything else, use a VPN.

#2, Hikvision has a track record of not fixing known vulnerabilities nor disclosing them unless and until someone publicly complains/publishes about it. With a company like that, you are taking a risk that you will be exploited by vulnerabilities that hackers know and Hikvision hides.

#3, Hikvision's poor track record is a bad sign about future issues. You can certainly take the stance that the future will be much different than the past but it is more prudent and realistic than the past is predictive of the future.

I came to security area from IT/Telco so all those cybersecurity problems that physical security world actively discuss for the last couple years are pretty common for me, as IT guys always think about protecting the network devices. And, if we're talking about commercial installations, there're simple rules every specialist follows:

1. No port mapping, no exposed services to the Internet. There're some exclusions like when you have some servers in DMZ, etc. But it's not about CCTV. VPN only, all the cameras with a local access only (delete GW and DNS settings, monitor traffic, apply traffic policies for CCTV at your network security appliances).

2. IPS/IDS installed. Router with a firewall, managed by network professional, not a camera guy.

3. Policies in place. Starting from the installation to accessing system in the future.

4. Test new FW, upgrade ASAP.

5. We don't use android mobile devices, but, as we've seen, iOS app could be compromised too. When you have an idiot in your company who downloads XCode from some unknown server instead of apple resource, that's a major problem. That's a risk you bear when you deal with a young company that still learns how to do the business properly. No similar issues for the last 2 years, and that's good.

There were a lot of issues with Hik before. But tell me, what would be a problem for a business that has a network configured properly?

I agree, all those cheap chinese products are a big risk for residential.

Dennis, good feedback, well thought out, thanks for sharing!

what would be a problem for a business that has a network configured properly?

3 thoughts:

  • Lots of businesses don't have networks configured properly and lots of security integrators, especially smaller ones that 'multi-task' between video, alarms and locksmithing, etc. are not capable of properly setting up networks.
  • Secondly, there's always a risk if someone makes a mistake or makes a change later that exposes the network. But for someone like you who clearly knows what they are doing that risk is certainly low.
  • Third, if you are concerned about internal threats (and many larger businesses certainly are), Hikvision still has a known unfixed vulnerability. Anyone inside of the network can reset the admin password without any verification or authentication. We covered that here and here - Hikvision Security Code Cracked and Hikvision Responds To Cracked Security Codes

again, it's all about network security. In my case, any unauthorized connection to the dedicated security network would raise a flag.

As for me, it's very unprofessional to have the same network for your business needs and CCTV/alarm/access control devices. Don't tell me about vlans :)

As you mentioned, a lot of security installers, especially small businesses, are not professional network security specialists. I fully understand that and I strongly suggest never request services other than simple cable pull or camera mount from the security companies without good network background. Those days are gone. In this new reality, you shall think about cybersecurity and don't trust just a random guy who has a truck with some hand tools to protect you from those issues.

and that issue

Hikvision still has a known unfixed vulnerability

isn't it fixed in a new NVR FW?

No, they simply changed/strengthed the algorithm used, explained here Hikvision Responds To Cracked Security Codes.

But the admin password can still be reset by anyone on site. Hikvision has a page dedicated to explaining it.

To them, it is a customer convenience feature but to those who care about insider threats, it is a vulnerability. Your thoughts?

In my case, they wouldn't get that far: you have to be connected to the security network to be able to request that, wait for 1-2 hours for a key to be generated and sent back to you.

But in general, it is definitely a vulnerability. I hope they will remove this feature. It looks like it was made with residential market in mind: one guy installed, another guy services, nobody documents the install, and a customer doesn't know the password - all those typical issues.

I'd separate pro- solutions from home products and I would remove any known possibility to break into the system from the pro-rated NVRs and cameras.

Dennis -

We generally cover cyber security issues as they are reported and as we verify/investigate them.

We have covered all of the recent Hikvision vulnerabilities that we are aware of, and Hikvision has released updated firmware for these. However, given that the majority of Hikvision's many cyber security vulnerabilities have been rather simple to find and exploit, it would be very prudent to assume there are several more yet-to-be-discovered vulnerabilities still in the products. Particularly in some of the more recent apps and cloud services, which are frustrating users and integrators.

Hikvision's track record with shipping products with easily exploitable vulnerabilities should certainly have you as a user/integrator very concerned if you believe cyber security is an important component of delivering a quality system.

Hikvision, and several dealers, tend to take the approach of "but we fixed it!" as these vulnerabilities are continuously discovered. While they certainly should be fixing reported issues, it is well known that software updated for installed products are often missed, leaving hundreds of thousands, or even millions, of exposed and vulnerable devices. 

Also keep in mind, that vulnerabilities may be discovered by black hat hackers and not publicized, increasing the risks.

Those who value cyber security in their surveillance systems should avoid Hikvision until the company can go for a continuous period of no new vulnerability reports (minimum 1 year and multiple release cycles) before beginning to consider the product for cyber security oriented projects.

 

that's a good point

Those who value cyber security in their surveillance systems should avoid Hikvision until the company can go for a continuous period of no new vulnerability reports (minimum 1 year and multiple release cycles) before beginning to consider the product for cyber security oriented projects.

There is no way John hates Hikvision, he probably loves them in all honesty.  The ratings and article comments on Hikvision stories are probably the most popular on the site and drive up membership activity :)

Backdoorsecurity codes crackedemailing admin passwords in plain textUPnP issues, recommending port forwarding in their hardening guide and now in their cloud app - Let's be fair, Marty. Hikvision is #1.... in cybersecurity problems.

 

Forgot one.  This is the reason I stopped using them.  Quite a painful discovery.

Forgot one.

Well :), in my defense I was trying to keep it just to 2017 issues. But the infected iOS app is good to note, since it extends a pattern of minimally very sloppy procedures for Hikvision's development.

Btw, also recall just a year ago this week, Hikvision Online / DDNS service had a critical security vulnerability.

Let's be fair, Marty. Hikvision is #1.... in cybersecurity problems.???

 I 100% disagree with your statement.

Hikvision is the #1 company portrayed on IPVM to be a cybersecurity risk. IPVM does have good things to say as well, that is noted.

I strongly disagreed that polling a readership base of 10,000 constitutes a majority opinion of anything where there are most likely a million or more dealers and certainly more end-users. Selling 1 Million documented cameras per week, somebody, somewhere is pissed off about something.

Agree.

I understand, for the most of the guys here it's Terra incognita, but it's very typical for IT industry: the more products you sell, the more people search (and find) vulnerabilities.

MS Windows is a perfect example. Let's stop using it, they still have issues with cybersecurity (google patch Tuesday) and they are like 30 years on a market! :)

While I agree that every company will have to face cyber issues the more the product is used, backdoors and admin resets are not something every manufacturer or software company faces.  I believe Axis has been around longer in the IP camera space than anyone and they don't have 1/10th of the problems that Hikvision has had.

I 100% disagree with your statement.

Then who is #1 in cyber-security problems?

Or at least name anyone who has more cyber security issues than Hik.

That should be 100% easy, right?

Marty -

Hikvision's "#1 Rank" for vulnerabilities is a factor of the number of vulnerabilities they have had, and the severity/ease of exploit of those vulnerabilities.

This is based on publicly verifiable data, not a "poll" of our readership. However, surveys of our readers show high awareness and negative perception of Hikvision's ongoing struggles reinforcing the fact that these ongoing vulnerability discoveries are negatively affecting Hikvision.

If you disagree, show me another manufacturer with as many publicly-verified vulnerabilities as Hikvision. This has nothing to do with size of company, units shipped, etc. It is a simple statistic of publicly reported vulnerabilities.

Brian, the big amount of units shipped leads to the big amount of researchers looking for vulnerabilities. So, I can't agree on that: 

 This has nothing to do with size of company, units shipped, etc.

The amount of known and disclosed to public vulnerabilities is definitely a direct consequence of the amount of the units shipped.

Brian, the big amount of units shipped leads to the big amount of researchers looking for vulnerabilities.

Yes, but that is only part of the story. Hikvision is certainly more likely to be looked at by vulnerability researchers, but you also have to look at the kinds of vulnerabilities discovered. Should the "#1 vendor" by revenue or product volume not also be aware they are more likely to be scrutinized, and therefore place a high priority on vulnerability discovery and response? 

Many of Hikvision's exploits have been found by what I would call "casual" researchers, people who did not set out to actively audit Hikvision's security, but discovered crucial vulnerabilities while investigating other aspects of the product.

Further, many of the vulnerabilities discovered were very severe and very easy to exploit. They tell a story of poor engineering practice and a lack of focus on cyber security in general. Hard-coded backdoor accounts, which can be easily leveraged, are a clear example of poor development practices, and also a lack of internal audits/controls to find and remove any vulnerabilities proactively.

If Hikvision's rank as the #1 manufacturer in terms of cyber security vulnerability discoveries was mostly do to obscure buffer overflow exploits that were difficult to leverage, or years-old discoveries that were still haunting them, I could see how their position as the largest device manufacturer was a contributing factor and it might be unfair to call them the least secure manufacturer. However, they are being called out for simplistic mistakes, many of which are less than a year old in terms of discovery date. They are making coding errors that are very atypical of large organizations seeking to be dominant players in enterprise markets.

Hikvision earned their spot as #1 in cyber security vulnerabilities due more to their own preventable errors than to intense scrutiny by advanced researchers in proportion to their market share.

 

Sorry but with HIK you are opening your doors to everyone

 

Thank you.

Man I belong to a lot of forums and don't think people should be removed or censored.  However, I don't think there is one single thing out of Mr. Hikvision's pinyin keyboard that is of any use to anybody here.  

$$$ corrupts people and they in turn slightly entertain us with their desperate words. That's the limited value Mr. Hikvision offers us.

UD4, in retrospect I overlooked the entertainment value of it.  If he’s some big shot then I can understand a big ego at work but being that angry I can’t see that being the case?  I’m just glad it’s finally Friday! 

Update: And just 3 weeks later, another 'limited time offer' from Hikvision:

How many price cuts do the dwindling Hikvision loyalists need to see to realize that Hikvision USA is actually struggling? Companies who are doing great need not run such sales multiple times per month.

...realize that Hikvision USA is actually struggling?

But struggling in what way?  To meet some internal sales goal?  To turn a profit?

Hik USA must be one of the biggest suppliers already in the US, no?

But struggling in what way? To meet some internal sales goal? To turn a profit?

Yes and yes. 

Keep in mind, Hikvision's stock trades at ~10x revenue, compared to Avigilon's ~2x revenue so Hikvision needs incredible growth and profits to hold its valuation.

Hikvision USA doing ~20% growth and no profits is a negative for the company's valuation.

Hik USA must be one of the biggest suppliers already in the US, no?

Yes, they are but when you sell at half of Axis prices while spending more on sales and market, they should be dwarfing and crippling Axis. But they are not and need to resort to these all out sales to prop themselves up.

Hikvision USA doing ~20% growth and no profits is a negative for the company's valuation.

Ok, but if their strategy was truly to dominate the US market and cripple/shutdown competitors here as a first order of business, this would be consistent with these actions, no?

if their strategy was truly to dominate the US market and cripple/shutdown competitors

That might have been their strategy entering 2017 but exciting 2017, it has become obvious that the only companies they are likely to cripple are their own and Dahua's OEMs. The more upscale players are increasingly immune given Hikvision's various issues.

Also, these ongoing sales only reinforce those issues and fears among medium to higher-end buyers. It's contradictory too because Hikvision clearly wants to move upmarket but they cling to tactics (like cutting prices) that not only are ineffective upmarket, they are brand damaging since those buyers are not simply choosing the thing on sale, in stock, on any given day.

My primary business is IT related.
I have used HikVision or OEM made by products.

I have noticed a lot of shots taken at HikVision.

It is very similar to those taken at Microsoft for the most part even though Apple and others too have problems.

Most all of the time the issue is made worse by the lack of user/customer discipline or lack of security policies.

I am sure that when your market share increases or is large you will be a target.

Even so there are some legitimate concerns but don't overestimate the efforts of those in competition.

So what am I saying?  Just look at all the facts and consider accordingly.

 

But Microsoft and Apple are not owned by any government unlike Hikivsion which IS owned by the Chinese government. 

they like to blame Hikvision here. Even when the most of the issues are only exist just because a typical CCTV installer knows almost nothing about network security. People stuck in the last century when they think about IoT, computer networks, etc.

Dennis,

Hikvision has only itself to blame for things like this:

And that's just this month.

I encourage Hikvision to improve and we'd be happy to positively cover that as they do.

I don't use those cloud services and I'd never recommend to a client to use it. If you go with an unsafe network solution, you have to understand the risks. If you're not qualified, you can educate yourself (long way) or pay to a professional installer (expensive way). Pick one, there're no easy ways available with IoT and cyber-security

Dennis, I understand you do not and I respect your abilities. I also agree that many installers "know almost nothing about network security" but Hikvision has to take blame when it keeps telling people to do insecure things. It's not fair to simply blame the installers when Hikvision is targeting unknowledgeable installers and directing them in such fashion.

It's my experience if someone is looking for the most inexpensive camera, they're not going to look for the most qualified or expert installer to do the job.  If they're shopping on price, then they're going to look at install cost as well.  And if you, while qualified, are 25-50% more expensive to do the install, chances are they're not going to go with you and rather some inexperienced installer who's happy about the high margin on Hikvision cameras.  Is that installer notifying the customer about the risks?

Most all of the time the issue is made worse by the lack of user/customer discipline or lack of security policies.

The vulnerabilities in Hikvision's mobile app and cloud platform left users with little practical way to utilize those products in a secure way, since the vulnerabilities were primarily on platforms out of their control.

The Hikvision backdoor exposed any one who connected their Hikvision (or OEM) camera to the internet, regardless of discipline around things like strong passwords.

I am sure that when your market share increases or is large you will be a target.

This may be true, but a vendor of any size can avoid such obvious mistakes as hard-coding backdoors into their products.

So what am I saying? Just look at all the facts and consider accordingly.

Are you saying that Hikvision's ongoing history of vulnerabilities and poor approach to securing their products should be overlooked? Or are you saying these factual, proven vulnerabilities should be considered as a caution against using the products?

 

 

Less than 2 weeks from Hikvision's previous across the board sale, Hikvision is back at:

This time though they are limiting to Value and Value Plus series while excluding H.265, making it a far more restricted offering to lower end / older products.

Read this IPVM report for free.

This article is part of IPVM's 6,541 reports, 882 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Uniview H1 2020 Financials Examined on Sep 08, 2020
While Dahua and Hikvision, helped by fever camera sales, are recovering from...
Dahua Profits Surge Due To Fever Camera Sales on Aug 25, 2020
While Dahua's overall revenue is down, driven by challenges within China, the...
Costar Technologies / Arecont H1 2020 Financials Examined on Sep 16, 2020
Costar's financial results have been hit by the coronavirus with the company...
ADI Returns To Growth, Back To 'Pre-COVID Levels' on Aug 05, 2020
While ADI was hit hard in April, with revenue declining 21%, the company's...
Hikvision MinMoe Temperature Screening Terminal Tested on Jun 23, 2020
Hikvision has expanded its temperature screening options. We tested...
2020 Mid Year Video Surveillance Industry Guide on Jul 27, 2020
The first half of 2020 has been shocking, for the world generally, and for...
Sony 61MP Surveillance Sensor Examined on Sep 04, 2020
For a decade, the highest resolution single-imager surveillance cameras have...
Hikvision Returns To Growth Driven By Overseas Fever Cameras on Jul 29, 2020
While Hikvision's revenue fell in Q1 2020, it rebounded in Q2 attributed to...
Integrators Rising Against Coronavirus on May 27, 2020
IPVM integrator statistics make it clear - Coronavirus's impact on business...
Anyvision Raises $43 Million, Focusing on Access Control And Remote Authentication on Sep 04, 2020
While Anyvision has had a tumultuous 2020 with significant layoffs, the...
Anyvision Presents AI Facial Recognition and Mask Detection on Jun 08, 2020
AnyVision presented its AI facial recognition and mask detection at the May...
Hikvision Salespeople: We Don't Need A Blackbody on May 13, 2020
Dahua jumped out on its cross-town rival selling fever cameras but Hikvision...
Verkada Speaks On Disrupting Security Sales Channel on Aug 28, 2020
Verkada's fast growth has taken the industry by storm and their enterprise...
Dartmouth College Deploys K3 Temperature Screening on Sep 29, 2020
While Dartmouth College has a $6+ billion endowment, the College has bought...
Dahua Temperature Measurement Station Tested on Jun 17, 2020
Dahua hit the market hard with its original 'fever' camera (tested here)....

Recent Reports

New Products Show Fall 2020 continues tomorrow with Genetec, Milestone, Avigilon, Microsoft and more! on Sep 29, 2020
IPVM's sixth online show continues tomorrow and will feature New Products...
Avigilon / Motorola VS Virtual ISC West on Sep 29, 2020
ISC West has historically been so dominant that no player would think of...
Dartmouth College Deploys K3 Temperature Screening on Sep 29, 2020
While Dartmouth College has a $6+ billion endowment, the College has bought...
Hanwha AI Object Detection Tested on Sep 28, 2020
Hanwha has added detection and classification of people, cars, clothing...
Favorite Access Control Manufacturers 2020 on Sep 28, 2020
200+ Integrators told IPVM "What is your favorite access control management...
OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
The Future of Metalens For Video Surveillance Cameras - MIT / UMass / Immervision on Sep 25, 2020
Panoramic cameras using 'fisheye' lens have become commonplace in video...
Hikvision Sues Over Brazilian Airport Loss on Sep 24, 2020
Hikvision was excluded from a Brazilian airport project because it is owned...
China General Chamber of Commerce Calls Out US Politics on Sep 24, 2020
While US-China relations are at an all-time low, optimism about relations...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
IP Networking Course Fall 2020 - Last Chance - Register Now on Sep 23, 2020
Today is the last chance to register for the only IP networking course...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Norway Council of Ethics Finds Hikvision Human Rights Abuses "Ongoing" on Sep 23, 2020
Hikvision's involvement in "serious human rights abuse" in Xinjiang is...
IPVM Camera Calculator User Manual / Guide on Sep 23, 2020
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The...