Hikvision Europe Warns Of "A Wave of Cyberattacks"

Published Sep 28, 2017 13:02 PM
PUBLIC - This article does not require an IPVM subscription. Feel free to share.

Hikvision Europe has issued a "Hikvision Security Advisory" press release [link no longer available] and emailed an e-newsletter with the advisory at the very top:

Hikvision Europe also urged users to upgrade their IP camera firmware to remove the Hikvision backdoor.

Wave Certainly

They are certainly correct to refer to it as a 'wave of cyberattacks' as the hacks on video surveillance products this month have been far more broad and severe than ever before.

Dahua Mostly Hit

Ironically, this wave has overwhelmingly hit Dahua recorders (see Hackers Globally Attacking Dahua Recorders), not Hikvision devices, as Dahua has numerous cybersecurity vulnerabilities (e.g., Dahua's backdoor) of their own, including issues with their recorders that are more commonly made publicly accessible than IP cameras.

Hikvision IP Cameras Certainly At Risk

At the same time, Hikvision IP cameras (and their numerous OEMs who we have verified), face risk as well. In September 2017, full disclosure was made to the Hikvision backdoor, showing how easy it was for hackers to attack vulnerable Hikvision IP cameras.

Right Thing To Do

To that end, Hikvision Europe is certainly doing the right thing to make it clear to their customers and partners that this is a real risk and real attacks are occurring. Moreover, Hikvision Europe deserves respect for prominently sending out notice, rather than obscuring it.

Hikvision Better Response Than Dahua

Hikvision Europe's response to the Dahua driven wave of cyber attacks has been better than Dahua's own. Dahua's only public communication to date was a press release that buried the hacks in spin about launching latest cybersecurity initiatives [link no longer available]. This is a positive for Hikvision but only reinforces how poor Dahua's response has been.

Hikvision USA Failing So Far

Unlike Hikvision Europe that addressed the issue head on and professionally communicated the risks publicly, Hikvision USA is ignoring the risks and failing to warn their customers of this wave and the recent disclosure of Hikvision's backdoor. Instead, Hikvision USA blogged arguing that they only had 8 CVE cyber vulnerabilities and bemoaning an 'online blogger'. [Update: now, Hikvision USA Misleads Dealers On Backdoor]

Communicating Risks Clearly Is Critical

Manufacturers not only have a responsibility to clearly and prominently communicate risks but they also will benefit by rebuilding trust by being more forthright.

Comments are shown for subscribers only. Login or Join