Hikvision Rejects Responsibility for Hacked Hikvision Cameras

Published May 10, 2016 11:57 AM
PUBLIC - This article does not require an IPVM subscription. Feel free to share.

After a massive number of Hikvision cameras were hacked, Hikvision has added new, and questionable legal language, declaring that Hikvision will take no responsibility for hacked Hikvision cameras.

No Responsibility

The language is inserted in a legal disclaimer section included in Hikvision documentation such as user manuals and quick start guides in the box:

HIKVISION SHALL NOT TAKE ANY RESPONSIBILITES FOR ABNORMAL OPERATION, PRIVACY LEAKAGE OR OTHER DAMAGES RESULTING FROM CYBER ATTACK, HACKER ATTACK, VIRUS INSPECTION, OR OTHER INTERNET SECURITY RISKS

This language is not found in documentation prior to the hacks (such as the 5.2 user manual), but is now commonplace in the 5.3 and later documentation, that was released after the numerous hacking issues.

Extremely Uncommon

While product warranties have general liability limitations, it is quite uncommon for camera manufacturers to have explicit language excluding cyber security. Of course, this is even more significant given Hikvision's poor cyber security track record and Hikvision's industry worse cyber security rating from integrators.

Hikvision Chinese Government Ownership

Making this even more complicated, Hikvision is a Chinese state owned enterprise, run by the Chinese government / China communist party. Undoubtedly, the Chinese government is one of the best cyber hacking entities globally.

It is, minimally, ironic, that an organization so strong at cyber hacking would seek to use the International legal system to protect itself from the consequences of their own products being hacked.

End User Risk

If you are an integrator supplying Hikvision or an end user with Hikvision products deployed, we urge you to consult with your attorney to understand the legal risk and ask Hikvision to remove this clause.

Not only is it uncommon but the process of how Hikvision has simply added it to product documentation is questionable (e.g., Are Hikvision products bought before 2015 covered by this? Is inserting a disclaimer in a manual legally binding?).

Buyer Truly Beware

As it is, if Hikvision makes another colossal mistake (e.g., copying malicious code from a bulletin board like they did in 2015) or if they allow Chinese government backdoors in their cameras, Hikvision buyers take all the risk.

And while Hikvision's super low prices are attractive, one needs to seriously factor in these risks.

Comments are shown for subscribers only. Login or Join