Hikvision Europe Warns Of "A Wave of Cyberattacks"

By: John Honovich, Published on Sep 28, 2017

Hikvision Europe has issued a "Hikvision Security Advisory" press release [link no longer available] and emailed an e-newsletter with the advisory at the very top:

Hikvision Europe also urged users to upgrade their IP camera firmware to remove the Hikvision backdoor.

Wave Certainly

They are certainly correct to refer to it as a 'wave of cyberattacks' as the hacks on video surveillance products this month have been far more broad and severe than ever before.

Dahua Mostly Hit

Ironically, this wave has overwhelmingly hit Dahua recorders (see Hackers Globally Attacking Dahua Recorders), not Hikvision devices, as Dahua has numerous cybersecurity vulnerabilities (e.g., Dahua's backdoor) of their own, including issues with their recorders that are more commonly made publicly accessible than IP cameras.

Hikvision IP Cameras Certainly At Risk

At the same time, Hikvision IP cameras (and their numerous OEMs who we have verified), face risk as well. In September 2017, full disclosure was made to the Hikvision backdoor, showing how easy it was for hackers to attack vulnerable Hikvision IP cameras.

Right Thing To Do

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

To that end, Hikvision Europe is certainly doing the right thing to make it clear to their customers and partners that this is a real risk and real attacks are occurring. Moreover, Hikvision Europe deserves respect for prominently sending out notice, rather than obscuring it.

Hikvision Better Response Than Dahua

Hikvision Europe's response to the Dahua driven wave of cyber attacks has been better than Dahua's own. Dahua's only public communication to date was a press release that buried the hacks in spin about launching latest cybersecurity initiatives [link no longer available]. This is a positive for Hikvision but only reinforces how poor Dahua's response has been.

Hikvision USA Failing So Far

Unlike Hikvision Europe that addressed the issue head on and professionally communicated the risks publicly, Hikvision USA is ignoring the risks and failing to warn their customers of this wave and the recent disclosure of Hikvision's backdoor. Instead, Hikvision USA blogged arguing that they only had 8 CVE cyber vulnerabilities and bemoaning an 'online blogger'. [Update: now, Hikvision USA Misleads Dealers On Backdoor]

Communicating Risks Clearly Is Critical

Manufacturers not only have a responsibility to clearly and prominently communicate risks but they also will benefit by rebuilding trust by being more forthright.

1 report cite this report:

Surveillance Systems Remote Access Usage Statistics on Oct 11, 2017
Remote access is a major benefit and risk for video surveillance. It is a...
Comments (11) : Members only. Login. or Join.

Related Reports

Salesforce Drops Dahua and Hikvision on Aug 12, 2020
Salesforce has dropped Dahua and Hikvision as customers, forcing the two mega...
Thermology Expert: "95-99%" Doing Fever Screening Wrong, Unjustified Compensating Algorithms "Insane" on Aug 27, 2020
A thermology expert tells IPVM "95 to 99% of people" are doing fever...
2020 Mid Year Video Surveillance Industry Guide on Jul 27, 2020
The first half of 2020 has been shocking, for the world generally, and for...
Genetec Drops Support for Dahua and Hikvision on Jun 01, 2020
Genetec has dropped support for Dahua and Hikvision, citing US blacklisting...
Axis Compares Fever Camera Sellers to 9/11 on Sep 18, 2020
Axis Communications, the West's largest surveillance camera manufacturer, has...
Fever Cameras Are Medical Devices, Per The FDA, Dahua, Feevr, Hikvision, InVid Contrary Claims Are False on May 28, 2020
Fever cameras are medical devices, despite what euphemisms various sellers...
Hikvision Illicitly Uses Back To The Future In Marketing on Jul 03, 2020
NBCUniversal told IPVM that Hikvision UK's ongoing coronavirus marketing...
Anyvision Presents AI Facial Recognition and Mask Detection on Jun 08, 2020
AnyVision presented its AI facial recognition and mask detection at the May...
UK Firm Markets False Fever Screening, Hikvision Disavows on Jun 30, 2020
A UK security firm falsely claimed its Hikvision-based thermal solution could...
JCI / Tyco Drops Dahua on Sep 03, 2020
Johnson Controls (JCI) / Tyco Security has completely dropped Dahua OEMs from...
Dahua, Hikvision, ZKTeco Face Mask Detection Shootout on Jun 19, 2020
Temperature tablets with face mask detection are one of the hottest trends in...
Honeywell Warns of Huawei, Advocates Futureproofing on Aug 31, 2020
For years, Honeywell has profited from OEMing Dahua and using Huawei...
Hikvision Admits Minority Recognition, Now Claims Canceled on Jul 23, 2020
For the first time, Hikvision has directly addressed its minority recognition...
Wrong Dahua Australia Medical Device Approved on Jul 20, 2020
Dahua's body temperature system is now in Australia's medical device...
Dahua Buenos Aires Bus Screening Violates IEC Standards and Dahua's Own Instructions on Jun 30, 2020
Dahua has promoted Buenos Aires bus deployments as "solutions that facilitate...

Recent Reports

Hanwha AI Object Detection Tested on Sep 28, 2020
Hanwha has added detection and classification of people, cars, clothing...
Favorite Access Control Manufacturers 2020 on Sep 28, 2020
200+ Integrators told IPVM "What is your favorite access control management...
New Products Show Fall 2020 Starts Tomorrow! on Sep 27, 2020
Tomorrow, IPVM's sixth online show will feature New Products from over 25...
OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
The Future of Metalens For Video Surveillance Cameras - MIT / UMass / Immervision on Sep 25, 2020
Panoramic cameras using 'fisheye' lens have become commonplace in video...
Hikvision Sues Over Brazilian Airport Loss on Sep 24, 2020
Hikvision was excluded from a Brazilian airport project because it is owned...
China General Chamber of Commerce Calls Out US Politics on Sep 24, 2020
While US-China relations are at an all-time low, optimism about relations...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
IP Networking Course Fall 2020 - Last Chance - Register Now on Sep 23, 2020
Today is the last chance to register for the only IP networking course...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Norway Council of Ethics Finds Hikvision Human Rights Abuses "Ongoing" on Sep 23, 2020
Hikvision's involvement in "serious human rights abuse" in Xinjiang is...
IPVM Camera Calculator User Manual / Guide on Sep 23, 2020
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The...
Installation Course Fall 2020 - Save $50 - Last Chance on Sep 22, 2020
This is a unique installation course in a market where little practical...
SimpliSafe Business Security Launched Examined on Sep 22, 2020
SimpliSafe has launched "SimpliSafe Business Security" that the company...
FLIR CEO: Many New Fever Entrants "Making Claims That The Science Just Won't Support" on Sep 22, 2020
FLIR's CEO joins a growing number calling out risks with fever / screening...