Top Manufacturers Gaining and Losing 2017

Published Nov 03, 2017 12:01 PM

3 years ago, IPVM statistics accurately and early identified the rise of Hikvision usage across Western markets (see Top Manufacturers Gaining and Losing Ground 2014). Again, in 2015, IPVM statistics showed the continued strong expansion of Hikvision (see Top Manufacturers Gaining and Losing 2015).

But, in 2016, IPVM statistics showed Hikvision's expansion starting to decelerate (Top Manufacturers Gaining and Losing 2016).

Now, in 2017, has Hikvision re-energized their dealer growth or are they hitting a wall?

Inside this report, we examine Hikvision's moves plus notable performances from the following:

  • Arecont
  • Avigilon
  • Axis
  • Dahua
  • Exacq
  • Genetec
  • Hanwha
  • Milestone
  • Pelco

Summary *******

***** ********* ****** ******* **** ***+ responses ** ***********:

  • ******* ******* ****/************ ***** ********, ******* greater ********** ** ******** ******** ** integrators.
  • *******, *** ****** ***** **** *** occur **** ******* ******* *** ******** manufacturers *** ******* ********** ***** *******.
  • **** ** * ***** **** **** the **** ** *** ****** ** diminishing **** ** ******** ****** *** lower **** ************* ** ****** ******* and ********** ****** *** ***** ****** cost ***********.

*******: ****, ******* *** ****** **** the *** * ****** *********** ******** using ************* **** ** ** ****.

******: *********, *********** ***** ********* ***** of *******, *****, *********, *** *****.

*******: ***** *** ********* **** *** two **** ********* ************* *** *** few ******** ** ******** **********, ********** a ********** ******* ********.

Top ******: ****

**** ****** ****** ***** **** *******, where **** **** *** ** *** brands ** ****** *******, ** ** the **** ***** ***** **** *********** were ***** **** ******** ****. **** outranked ********* ** **** ***** ****** of *********** ********* **** *** ** their ********, *** ** *** ******* total (*********** **** **** **** **** - *********** **** **** **** ****).

*****, * ***** ********* *** **** in *** ****, *** ********* ** a ****** *********** *** **** ******** with **** **** ****, ****** **** Axis *** **** *********** *********:

  • "****. ***** ***** ******** ***** ***** to ** *** **** ******."
  • "****, ***** **** ********* *******"
  • "**** ** *** *** ******* ** out ** *** **** **** *********."
  • "****, **** **** ****** **** ********** on ******* ******* *******, *** ******** down ******* ** ******* **** ***** end ****** ******."
  • "************* **** **** ******* *** ** models ******** **** **** ** ** niche *******."
  • "****, **** ********** ****** *******."

****** ****' ***-***** ******** *** **** relatively ***** (***:**** ** **** ********* *******), *** ********** *** **** ***** more **** ****' "*****" ********:

** ******* ***** **** **** ******** this ****. ************ *** ******* ******** and ***** ********. **’** ***** ****** a ****** ***** ********* ** *** system ** **** ********** *** *********. We’ve **** **** ** *** ********* side ** *** ******** *** ******* but ***** ********** ** ** ***** surveillance ***** ** *** * ****** ask *** **. **** **** ** it’s * ******** ********.

Solid *****: ******

****** *** ** *********** ********* **** use ** ***** *****, *** * notable ****** ** ******* ********* ********* more ***.

  • "****** - *** * ****** ** becoming * ****** **** **** ** can **** **** ******* **** ** gives * **** ***** *** **** compression **** * ***** ****."
  • "****** *******.. *** ***** ** **** and *** ***** ** *****. *********** image ******* *** ** ** ***!!! not **** *******."
  • "** *** ***** **** ** *** Hanwha ******* * ****** *******. ******* of *** ****** ** *** ****** are *******"

*** ***** *** ****** ** **** their ******** ** ***** *** ***** absorbed ** ***********, **** **** ***** hanging ** ** *** "*******" ****:

  • "******* ** ****** ******* *** *******/****** in *****."
  • "******* ******* *** ******* ** ******* to ****, ********* *** ***** ********* higher *** ******."
  • "*******/******. *******, *****, *** *******. (**** go ** ** ********* ***** *** name ******...)"

Genetec **** *** ******

***** ***** (****** ***-**** ********* **** Genetec, *********, ***., ** ***-**-*** ******* like ********) ******* *** *** **** one **** *********** *******, ****** **** the ***** ******* ******.

  • "*******, ************* *** **** ****** ** some ***** *** ***** ******* ************, in ******** ** *** ******** ** the ****** *** ********, *******, *** strategic ************."
  • "******* ******** **** ******. **** ********* are ******* ** ******* ***** ***, outdated **** ****** ********* *** **** like *** ****** *** **** ***** as ****. **** ***** ** ********** easy ** **** **** * ******** sees ***** *** **** ****** ******** into *** *********."
  • "******* - *** ********** *** ***** in **** ** **** **** ***** significantly ****** ******* *** ** ** terms ** ******* **** *** ***** RSM."
  • "******* ******** ****** *** ******** *********. Customers *** ***** ** ******** *** systems *** *** ******* ** *** extra ******* *** ********** ********."

Hikvision - ******** *********

** ****, **** *********** ******** ***** significantly **** ********* **** ***** ***** significantly ****, ******* ********* **** * modest *** ****, ****** ****'* ****** deceleration **** ******** *********. **** ** particularly *********** ** ********* ***** *** not ***** ****** ****** ** ******/********** accounts, *** *** **** **** *** Hanwha ******* ****** ***** ** **** be **** ****** *** ********* ** become * ********** ** **** ********.

******** ****** ***** ******** **** *** most ****** ******* *********** **** *** dropping *** *****, ****** ****** ********** and ****** **** ******* **** *********** to *********'* ****:

  • "*********. ** **** * **** ********** and ***’* **** **** *********. *** cyber ******** ****** ****’* ** **** concern. **’* *** *** ******* *** handled ***** ********** ****’* **** **** disappointing. ** **** **** **** * downturn ** ***** *******."
  • "*********, ******** *** ******* **********"
  • "********* *******. *** ** ******** ********, customers ***'* **** **** ** ***** networks."
  • "*** ****** **** *** *** **** to *** ****** *** *** ***** security ****** ** *** ***** *** risk"
  • "*********. *** ** ******* *** *** press ******"
  • "*********. *** ********* **** ** ***** in *** ****, ****** ** ****** with *** ******** ***** *** ***** that ***** *** ****** ****."
  • "*********. ******** ********, ********* ***'* ***** it."
  • "*********- *** ** ******** ********."
  • "*** ******, *** *************. *** ***** and ***** ***** ** ******* *********, cannot ******* ***** ** *** *** cameras **** *********. "
  • "*********. *** *** **** ********* *** service *****. * *** ** ******** complaints **** ** ***** ** *** recorders *** ********."
  • "********* *** ** *** **** ** platform ********."
  • "** **** *********** ******* ********* ******* lines. ****** *** ** ***** ******** concerns."
  • "*********, ***** ********* ********* ***** ******** private **** (*** ***'*) *** *** lowest ****, *** **** **** ***** level ****** ******* **** ****** *** manufacturers, ****** ***** ***** ***** *****."

Positives *** *********

*******, ***** *** *********. *****, * number ** *********** *** ****** ******* significantly **** ** *********, **** **** than ***** *** ********. ******** ******** included:

  • "********* *** ** *** ****** **** support **** ***** ******* ******."
  • "********* - *** *** *******"
  • "** *** ******** ***** ********* **** than ***** ****** **'* * *** system. ***** **** **** *** ***. Despite *** ******* *******, **'* ***** easier **** ***** ** **** *** install *** ******* ******** ******. **** Dahua, ** *** **** **** *********."
  • "********* - ****** **** ******** *** we *** *** ***** **** ** critical ********** ** ******* "
  • "*********. ***** *******"

********, ********* **** ********* ******* ********** increased ************* *****. *** *******, **** have **** *********** **** *** ******** (e.g., *****-*******, ********, ****** *******, *******, etc.), ***** **** ********* **** **** raise ***** ******* ******* ***** *** sell **** *** ******. ****, ***** with ***** ******** ******* ****** *** board ***** **** ***** *** **** growth ******* ****** ****** *********.

Dahua - ***** **********

*********** ****** **** **** ***** **** double ***** ****** ** *****. **** Hikvision, ***** ******** ******** **** * top ****** *** *********** *** ******* less ***** *******. **** ********* *****'* general ******** ** ********* ********** ** a *****-***** *****.

  • "** *** ***** **** ** *** dahua *******. *** ** *** ********* issues ** **** **** *******."
  • "***** *** ** ***** **** *************** over *** **** *** ***** **** they ***’* **** ******* ** ********* quickly ******."
  • "** *** ***** ******** **** ***** due ** ******* ******** ** ****. Because **'* ****** ** *** ******** it **** ****** ******** ** ****** email **** *** *****." "* ****** to ** ** * *******, ****** the ***** ******, *** ******** *** proper ********. ****** ***, **** ****** provide ** **** ***** **** **** detects *** ******* *** ******* *** firmware."
  • "***** ******* ** ***************"
  • "** *** ****** *** **** ***** of *********, *****, ***. ** ***'* feel *********** ******* **** **** *** constant ******** ******."

Arecont - ********* *******

******* *** ***** ******* ** ********* use ***** *********** *** ******* *****, and **** *** ** *********. **** was * ************ ***** **** *** Arecont: ********* ********* ************ ****** *******,******* ****** *** ** ******,* ***** ****** **** ****,******* ***** *** ** *****, *** ******* ***********. ** *** ** ****, ***** products **** ********* ***** ****** ** recent ***** (******* ***** **** ****,******* ** *** ** ****).

** *** ** ** ******** **** integrators ***** ******** ** **** **** from *******.

  • "*******. **** **** ** ** * standard *** ******* ********* *******, *** they *** **** *** **********."
  • "*******, ****** **** ***** * ** 3 *****-****** ****** ******** ********** ** quotes ** **** ** *** ** we've ******* *** ***** **** **** year. ***** *****-****** ****** *** *** be *** **** ************* **** ****** reputations *** ***********."
  • "******* :) **** ** **** ****, Its *** *** ****** **** ** know *****, ********, *********** ****** ***."
  • "************* **** ******* *** ** *********** customers *** **** ******* ******* ** manufacturing."

Pelco - **** ** *** *****, *** ******

***** *** ****** ****** ** **** and ****, *** *** ** *********** mentions ** ****. **** *** **** in ****, **** *********** ******* ********* movement **** **** *****:

  • "*****. **** ******* ********* ** * number ** ***** ***** ********* ** Avigilon *** ***** *******."
  • "***** *************. *** ******* *********** ***'* really ***** ********. "
  • "*****, ******** .......******* ** *******"
  • "***** - ********* ****** *****."

***** *** *** ****** **** ** hope *** *****, ** ********** ****** that *** *** ******** *** **** stable *** *** * **** ***** point *** ****:

***** ********** ** *** *** * more ****** ********. *** ***** ***** for **** ******* ** **** **** and ** ******** * **** **** friendly ********* *** *** *** *****.

IndigoVision - *******

************ *** ** ******** ** ****** increased ** ********* ***. **** ** noteworthy ********* ******* *** ******* *** been ********* ******* ** ***** ***** American ****,****** ******* **-******** ***** *********************** *********** ***** *** ** **** 2016, *** ******* ** ***** ******* are *** ***** ********* ** ********** uptake.

2018 *******

**** **** ** ** *********** ****. Can ********* ***** *** ******* **** their ********** ** ****? *** ****, Hanwha, *******, ***. ***** ***** ******** advantages ** ******** **** ********?

Comments (34)
UM
Undisclosed Manufacturer #1
Nov 03, 2017

Nice to see indications that the industry is focusing on selling value in upper tier products listed here. There's some really great technology getting introduced into security products and it's creating a lot of opportunity for those willing to embrace it and educate their customers about it. The race to the bottom was and is an ugly business to be in. 

(5)
UM
Undisclosed Manufacturer #2
Nov 03, 2017

My impression mid to upper tier business is backtracking some and going back to value more.

I think the lower sized businesses are still looking for bottom line pricing and do it yourself. That's my impression, though I could be wrong.

(1)
UI
Undisclosed Integrator #3
Nov 03, 2017

Any mention of Bosch one way or the other? 

Avatar
Brian Karas
Nov 03, 2017
IPVM

Yes, there were a couple of mentions of Bosch from integrators both using more Bosch and less Bosch. Overall it was a net zero for Bosch.

(3)
GK
Geoffrey King
Nov 06, 2017

Is this including Sony?  If so, I'd think that has to be quite the disappointment.

Avatar
Brian Karas
Nov 06, 2017
IPVM

No, Sony was counted separately, though the numbers were actually the same as for Bosch. 

(2)
GC
Greg Cook
Nov 07, 2017
IPVMU Certified

Brian how about Panasonic?

Avatar
Brian Karas
Nov 07, 2017
IPVM

Overall, very slight gain, responses favoring Panasonic mentioned Video Insight, no specifics about their cameras or recorders.

Avatar
Tim Pickles
Nov 06, 2017
Direct Security

The statistics on which this article was produced were, I assume, taken from IPVM's fee paying subscribed members only? 

Given the torrent of negativity, bullying and attacks on anyone supporting Hikvision, it is fair to assume that many choose not to even bother with paying IPVM for the pleasure of being vilified. This then creates an environment that will always show diminishing Hikvision integrator interaction within the forums and associated polls.

It certainly doesn't reflect whats happening on the ground - even if John thinks it does.

Put simply, there is very little point in a Hik integrator contributing anything to IPVM when they are attacked so maliciously within an atmosphere created by John (notably less so by other IPVM admins).

I'd be curious to read the IHS Physical Security Equipment & Services Report 2017 for their take on the market. 

Similar publications by IHS are quite interesting reading providing a balanced view of the industry. I would especially like to draw readers attention to page 3 of their Video Surveillance Trends document regarding cyber-security that endorses my long held view that the greatest threat is from engineers, lack of basic security knowledge and customers lack of engagement in contracts that support installed systems.

 

(2)
(6)
(1)
(5)
JH
John Honovich
Nov 06, 2017
IPVM

It certainly doesn't reflect whats happening on the ground - even if John thinks it does.

 

I applaud you for your ongoing loyalty and you can feel free to ignore these statistics but I can assure you, Hikvision management is seeing the pressure (things like Hikvision's ongoing campaign against IPVM and cybersecurity emergency marketing underscore that). It's not just that, it's that it's hard to get bigger and bigger when you are already big, same thing Axis, Avigilon, etc. have faced without Hikvision's 'other' problems.

Btw, as for IHS, while they offer some limited commentary, their goal is to tabulate numbers, getting them from manufacturers and overwhelmingly paid for by those same manufacturers. So, with IHS, it is not so much that they are balanced but that they cannot offend the manufacturers since their business literally depends on them for both supplying the 'content' (numbers) and then buying the 'content' (aggregated numbers) that they sell. Good for them that they can sell a limited number of $25,000 a year subscriptions but their model fundamentally bars them from real analysis or critique.

(6)
(1)
Avatar
Tim Pickles
Nov 06, 2017
Direct Security

I am fully aware of how IHS work,s John - I have contributed to them several years back on behalf of a manufacturer (Napco). Yes, they do just deal with figures and trends - which in previous posts you hailed in preference of anecdote. 

The limited commentary is reasonable and concise on cyber-security. Even just a small article balances the threat and points the finger at wider issues that I don't see promulgated in IPVM. Yes, IPVM digs into the technicality - but in doing so, ignores the elephant in the room (the engineer with passwords in his phone and an IT Dept with no concept of physical security).

But I do believe they have a more global perspective on the market than IPVM without the need to drill into the specific equipment's.

In fairness to Hik, even if your claim that their sales are dropping off were true - its not set against the context that you cite above that their domination restricts room for growth, you merely imply their sales are falling whilst Axis are growing. I also need to come back to the source of your evidential data  - which, correct me if I am wrong, is a straw poll of your members? This is fine - but it must be accepted that this is not necessarily an accurate reflection of the state of play on the ground for the aforementioned reasons and rationale. Back to my original point - it's not what you ask - it's who you ask...

Its the nuances of your reporting. Looking at this article you opt to show Hiks negatives before positives. You opt to show many more negatives than positives. You cherry pick comments to highlight a positive as disguised slur - Hikvision cheap cameras twice. 

 

(3)
(1)
Avatar
Brian Karas
Nov 06, 2017
IPVM

Its the nuances of your reporting. Looking at this article you opt to show Hiks negatives before positives. You opt to show many more negatives than positives. You cherry pick comments to highlight a positive as disguised slur - Hikvision cheap cameras twice.

Tim - the general approach with the surveys is that things are presented in order from most to least.

Axis showed a larger overall number of integrators reporting using more of their product, which is why they are introduced first.

For Hikvision, there were more people stating they used less Hikvision product in 2017 than those stating they were using more. With that, the "negative" comments were listed before the positive ones. That is not a "nuance", it is a logical sorting method.

(4)
(1)
(1)
Avatar
Tim Pickles
Nov 06, 2017
Direct Security

John, I note your comments - but they are still nuances. For instance, Hik are the only manufacturer where you have decided to sort into negatives and (sort of) positives - everyone else just has a commentary. Yes, Axis will have more integrator's reporting as the vilified Hik integrator's are getting bored of the vitriol.

Whilst I am not accusing IPVM of inventing the statements, they have been selective in choosing which to use - some would say - conveniently.

(6)
Avatar
David Delepine
Nov 06, 2017
Brivo • IPVMU Certified

Ok, I need to step in to make a few points:

I want to start this off by saying I am a known Dahua dealer. Until a year ago I was using Hikvision and various OEMs. Dahua does help me make money, but that doesn't mean I have to blindly follow them or support them when they are obviously wrong about something.

Now it is no secret that John, and many others, are not Hikvision supporters. However it is also no secret that John, and many others, are not Dahua supporters either. For every article or post about a Hikvision problem, there is an almost equal number of posts about Dahua problems.

What's the point?

First, your assertion that Hikvision is the only one under fire is flat out wrong. Perhaps you only read the articles with Hikvision in the title but if you look around you will see Dahua, Arecont, Knightscope and plenty of others get spanked when they deserve it.

Second, John and the whole IPVM team have been very fair and have had numerous good things to say about Hik and Dahua. When talking about price vs quality, free inclusion of premium features, etc. Don't believe me? Go back and look at the camera and access control reviews and shoot outs. Both companies have been noted for making solid products that are far below average industry price.

Third, I have never been attacked here on IPVM (maliciously or otherwise) for choosing Dahua or Hik or any other brand. The people who get the most criticism are the ones who blindly support, and worse, attack IPVM for making these manufacturer's dirty secrets public. I get it, I really do. No one wants their money maker to look bad because it may cost them, well... money! Let's be honest though, isn't it better for us to know so we can head off potential problems or be ready with a solution when something bad happens? *cough cough* hack *cough cough* backdoor

So to make a short story longer and more pointless, Mr Pickles, IPVM is not the bad guy here and neither is John. No one is picking on, cyberbullying, or maliciously attacking anyone. Btw look back at your comments half the time it is Brian replying to you and you just keep saying "John" please at least get that much straight.

(12)
(1)
(7)
LB
Lukasz Bucko
Nov 06, 2017

HI 

We are using Hikvision for many Years , The problem with security and hacking that is happening its pretty much installer mistake using default passwords on the system and using Default ports , like 80 and 8000 Period .....

(1)
(8)
(3)
Avatar
Brian Karas
Nov 06, 2017
IPVM

Sorry, but that is just wrong.

The Hikvision backdoor allowed full access to the device, even if you had used non-default passwords with the best possible strength/complexity.

Using non-default ports may help reduce some automated scans and exploits, but you are still exposing a compromised device to a public connection.

The recent Hikvision backdoor exploit really made it impossible to make a Hikvision camera publicly available in any secure way, as the hard-coded magic string backdoor nullified anything the integrator did to setup strong passwords.

(8)
(1)
(1)
Avatar
Tim Pickles
Nov 06, 2017
Direct Security

Indeed, totally agree. If good security was in place and implemented by installers and clients, any 'backdoor issues' that most manufacturers have suffered from would not be the focus of debate.

Just covering off my thoughts about how Hik sites on a global platform - can I ask what country you are based in Lukasz?

(1)
(5)
(1)
Avatar
Brian Karas
Nov 06, 2017
IPVM

Tim, share your method/suggestion for 'good security' involving a device with a hard-coded backdoor that allows full access to the device (including reseting admin passwords).

Also, when you say "most manufacturers", can you cite the (many) other manufacturers that have had similar hard-coded backdoors in their products?

 

(3)
(1)
Avatar
Tim Pickles
Nov 06, 2017
Direct Security

Beyond TEMPEST, keeping the equipment off a public facing domain is a good starting point wouldn't you say?

I've installed in Prisons, Police Custody units and Border Controls - as a baseline none have systems that are in any way accessible to the "outside world" through a network connection.

Sit your kit in a shop window for all to look at and you will get all the attention you deserve - and yes, any exploit will be a vulnerability. 

 

 

(1)
(1)
(1)
MM
Michael Miller
Nov 06, 2017

Beyond TEMPEST, keeping the equipment off a public facing domain is a good starting point wouldn't you say?

So in this day an age, most people want to view their cameras from there mobile phone or remote computer.  How do you handle this?  Do you tell the customer that the equipment is not secure enough to safely allow remote access without getting attacked? 

(5)
Avatar
Tim Pickles
Nov 06, 2017
Direct Security

In the same way as any responsible integrator would - you explain that this is at their own risk. Does your Business Indemnity insurance cover you for offering a 100% hack proof solution to your client to view on a phone?

As soon as you open the door from the internet to your IOT device - you accept the risks therein.

If they feel its really important to them and not just a "gizmo", you tell your client that they need a formal service agreement that will allow for product firmware updates as when they become available. You advise them of the risks and need for good housekeeping and (in the EU) the implications of GDPR and remote surveillance. 

So - I assume you tell them that Hikvision is dangerous and that Communists will be able to see the cats in their back garden and instead that they use your preferred solution that offers 100% total security that you will bet your life on?

Have we learned nothing from Facebook, Twitter, Clinton and Trump? Nothing that points in any way, shape or form at the internet is safe and 100% secure. You'd never believe that reading some of the posts on here.

(1)
(3)
(1)
(1)
Avatar
Brian Karas
Nov 06, 2017
IPVM

Beyond TEMPEST, keeping the equipment off a public facing domain is a good starting point wouldn't you say?

Yes, it is a good starting point, but it is not a full solution. I am specifically curious how you would properly secure the device from internal and external threats, with a bit of detail.

Also, you totally skipped over the part about backing up your claim of "most manufacturers" having similar backdoor vulnerabilities.

(2)
Avatar
Tim Pickles
Nov 06, 2017
Direct Security

Well I suppose it would be impossible for anyone to counter my claim wouldn't it? Ok, so let me re-phrase it - most manufacturers may have either deliberate or un-intentional back doors that have not yet been discovered - in the same way as you knew nothing about Hikvisions until it was discovered. gSOAP affected most manufacturer's - but not Hik, although I accept its not exactly the same.

Hik would not be suitable for the highest level of system security, in the same way as Tecton (as used on our Trident fleet) would not suitable in department stores or corner shops.

Let me ask you a question Brian. Would you place a piece of paper in front of a camera in your own home with your bank details on it, your DoB, passports, PIN's and your children's photograph on and your most intimate personal photo's- then hook your NVR up to the net? Because that's the measure of the issue isn't it? What system would you have 100% total and utter confidence in to have pointing into your own children's bedrooms day and night, with the full address details?

Security starts at the top. If its important, critical or personal - do not point it at the net. If you do, no matter what kit you use, you do so at your own risk and this must be articulated to every customer. What if all is good with your non-Hik solution but someone gets your phone and PIN and logins in? That's what we call an open back door (non-Hik style). 

(1)
Avatar
Brian Karas
Nov 06, 2017
IPVM

 gSOAP affected most manufacturer's - but not Hik, although I accept its not exactly the same.

That is incorrect. There were several manufacturers that reported using the gSOAP toolkit, as we covered: ONVIF Widely Used Toolkit gSOAP Vulnerability Discovered. Still, there is no evidence it was was used by "most" manufacturers, and more importantly, there were no practical widescale exploits of it. In fact, we further covered this pointing out how the company that discovered it was over-hyping it: PR Campaign Exploiting Manufacturer Cybersecurity.

Ok, so let me re-phrase it - most manufacturers may have either deliberate or un-intentional back doors that have not yet been discovered

They may also have undiscovered code that excels at mining Bitcoins, or a flight-sim Easter Egg, but. What matters here is what has been provably discovered, not what "might" be lurking. Hikvision has had multiple proven vulnerabilities, despite their claims of making cyber security a priority. They have shown continued of examples of a poor security mindset. This is simple, public, fact. 

The Hikvision hacks and exploits have not been primarily due to the fault of installers, as Lukasz claimed and you "totally agreed", they have been due to Hikvision's own poor engineering.

Let me ask you a question Brian. Would you place a piece of paper in front of a camera in your own home with your bank details on it, your DoB, passports, PIN's and your children's photograph on and your most intimate personal photo's- then hook your NVR up to the net?

How did this become the test case? But to answer your question, no I would not generally purposefully expose those kinds of details on a device directly connected to the internet.

What system would you have 100% total and utter confidence in

You are getting off topic, I asked you to provide some specific details of how you would secure a device with a hard-coded easily exploited backdoor of the type Hikvision has suffered from. 

You stated:

If good security was in place and implemented by installers and clients, any 'backdoor issues' that most manufacturers have suffered from would not be the focus of debate.

So, I am asking you (again) to describe this "good security" that can protect against Hikvision's hard-coded backdoors. Keep in mind that Hikvision is not some esoteric specialty device manufacturer here where it is reasonable to assume the devices are always going to be used on closed systems that are fully air-gapped. It is quite common these days for systems to be remotely accessible to some degree or another.

You made these claims, Tim. I am just asking you to elaborate instead of hand-waving away the insecurities of the Hikvision exploits.

(1)
Avatar
Ross Vander Klok
Nov 06, 2017
IPVMU Certified

That is a very poor straw man argument if there ever was one.  And no that is not the measure of the issue at all, not remotely.  Comparing what one would feel comfortable doing in their own home to millions of cameras deployed around the world that contain known exploits doesn't really measure up.

(3)
MM
Michael Miller
Nov 06, 2017

So firmware with many cyber security holes is not an issue? 

(2)
(1)
Avatar
Tim Pickles
Nov 06, 2017
Direct Security

I think you'll find the ongoing tirade at Marty an example of bullying. Yes, some of what he says I don't agree with either - but it seems that for a long time now, anything he posts is attacked from all angles at a level that is personal and vindictive.

You will find that the number of front page articles attacking Hik are not equal to Dahua at all. That's ok as Hik obviously has a greater market presence - I'm just correcting your claim.

Its very generous of IPVM to throw in the occasional recognition of something good from Hik - buts its usually with a barbed caveat.

You will have read that I complemented and commented on the fair revue of the access kit - but as you never mentioned it, perhaps you missed that nugget.

I'm curious - having stated that you know of Dahua dirty secrets, why do you continue to sell their kit. Do your customers know of your views of the kit you sell them? Or is it the case that the dirty secretes to which you elude, really aren't an issue at all and that you are just jumping on the bandwagon of Hik knocking?

Noted on the John/Brian comment - that is clearly my error.

 

 

(3)
(1)
Avatar
Brian Karas
Nov 06, 2017
IPVM

You will find that the number of front page articles attacking Hik are not equal to Dahua at all. That's ok as Hik obviously has a greater market presence - I'm just correcting your claim.

To be fair he said "almost equal".  You will also find that our coverage is generally rooted in other public statements, events, etc. We do not just wake up and say "let's 'attack' Hikvision today" or "let's 'attack' Dahua this week". We look at things these companies say/publish, other events involving them, and so forth and provide additional analysis or commentary around those items. In that regard, total coverage of a company is going to be tied into other things they do or events surrounding/involving them.

Its very generous of IPVM to throw in the occasional recognition of something good from Hik - buts its usually with a barbed caveat.

Almost every manufacturer (or staunch manufacturer supporter) would likely say the same about our coverage of them. We try to provide the pros and cons, and look at things that readers may not have initially considered on their own. Coverage of Hikvision has been no different in that regard.

I think you'll find the ongoing tirade at Marty an example of bullying.

Where have Marty's post/comments been 'attacked' by IPVM? Show me an example of that you consider to be an 'attack from all angles'.

 

(1)
Avatar
Tim Pickles
Nov 06, 2017
Direct Security

Almost equal is not almost at all Brian - though I assume you attacking a very liberal interpretation "almost". 

Where did I say IPVM specifically attacked Marty? IPVM provides the platform whereby he can be attacked and in doing so is complicit, but I don't recall saying your directly or personally attacked him.

 

(1)
(1)
(1)
Avatar
Brian Karas
Nov 06, 2017
IPVM

Where did I say IPVM specifically attacked Marty? IPVM provides the platform whereby he can be attacked and in doing so is c

OK then, where is Marty 'attacked' by commenters? Where do people just randomly gang up on Marty without provocation?

 

(1)
Avatar
Tim Pickles
Nov 06, 2017
Direct Security

Well Brian that all depends on your interpretation of provocation. If by daring to disagree with IPVM or the Hikvision haters, that constitutes provocation then yes, I'm sure Marty gets all that he deserves. As I recall one commenter accusing him of being unpatriotic because he argued a Hik case, I would suggest this is not justified.

 

(1)
(1)
(1)
JH
John Honovich
Nov 06, 2017
IPVM

IPVM provides the platform whereby he can be attacked and in doing so is complicit, but I don't recall saying your directly or personally attacked him.

Tim, we provide an open platform for people to debate and criticize. We let you criticize me as much as you want. This is extremely rare and, in fairness, you should at least acknowledge that. I can respectfully engage with you even though are criticizing me on our site.

(3)
Avatar
David Delepine
Nov 06, 2017
Brivo • IPVMU Certified

So I will agree with you that Marty gets a good deal of flak from many of the subscribers and from the IPVM staff at times. However, this is usually due to Marty saying something outlandish or directly attacking IPVM for releasing those dirty secrets I mentioned (I will get to your question about my stance on the Dahua dirty secrets, but want to answer/refute things in order). Now does that justify personal or vindictive attacks? Certainly not. However I have never seen one of these personal attacks coming from John or the IPVM staff, but are from fellow subscribers like you and I.

I never claimed the number of "front page" articles between Hik and Dahua equal, my exact words were "For every article or post about Hikvision, there is an ALMOST equal number..." I was not making the distinction between front page articles and other types of articles/discussions which in recent weeks there have been A LOT of bad discussion posts about Dahua because of the hack. Lol just thinking of that reminds me of "Dahua, hacked the world over"

In several camera reviews/shoot outs I recall only good things being said about Hikvision (and Dahua) no barbed caveats. If you require proof please go back and read the reviews and shoot outs for the 4mp and 8mp cameras.

Yes I did forget about your comment on the access control article, but now that you mention it... if I recall correctly is was kind of a backhanded compliment was it not?

I continue to sell my clients Dahua because it is cost effective and provides a good value. I take steps to ensure cyber security, but some of my techs have not been as thorough and we have had a few get hacked. I do tell my clients the truth about Dahua, that there have been issues with cyber security and the occasional glitch. However I give them an option to upgrade to another brand if interested, however most prefer the price. I also must mention that our camera clients are usually not huge corps nor are they government organizations that require top notch cyber security. Back doors are serious issues, the hacks are more just annoying but not nearly as serious. The hacks are easily preventable, back doors are not (at least to my knowledge).

Anyways hope this helps clarify my statements and answer your questions. Please let me know if there is anything else :)

(2)
(2)
Avatar
Tim Pickles
Nov 06, 2017
Direct Security

I hear what you are saying and am not in total disagreement. However, my comments were not in any way backhanded in regards to the access. I think I even mentioned that I wasn't really that excited as, for my market, its not a good fit anyway.

Hacking is really not the issue in the UK as it appears to be for yourself. Of corner shops, offices and stores are being hacked - you are clearly suffering from levels of cyber attacks greater than in the UK as I am unaware of any of my installations having been hacked for the past 25 years.

I do honestly think you've compromise your integrity, at least in part, if you sell, promote and install a product that you honestly believe has had dirt secrets deliberately embedded into them. Your comment regarding the hacks being attributable to your engineers is honest and extraordinarily common place across the whole industry.

Marty can happily defend himself, I'm not here to do that. But having said that, I feel his comments are provoked and then fed upon to fuel the anti-Hik frenzy. I guess no-one will ever agree, so we'll just have to put this down to perception and what it feels like to be a minority group - Hik Lives Matter ! :-)

(1)
(1)