Sell Dahua or Hikvision At All, Banned From Selling to US Federal Government, Says US HASC

Published Aug 29, 2018 13:44 PM

The US House Armed Services Committee (HASC) Communications Director has confirmed to IPVM that if a company sells Dahua or Hikvision at all, they will be banned from selling to the US federal government.

IPVM Image

However, this interpretation / implementation of the NDAA bill banning the Chinese mega-manufacturers is being contested. In this note, we review:

  • HASC's statement
  • Hikvision's lobbying efforts
  • OEM impact
  • Distribution impact
  • Dealer / integrator impact
  • Expected opposition
  • Future rules / guidelines issued

Will this be enforced when the ban officially commences next August? IPVM investigates inside.

Statement **** ** ****

*** ** ***** ***** ******** ********* is *** ********* ***** *** **** bill *** *** ********* ******* ***** and *********, ***** ******, **********.****** ******, ***** ***** ******** ********* ************** Director ********* ** **** ****:

*** *********** ** ****** ******* ** the **********. ** *** “******” ***** Hikvision / ***** ******* ** *** way ** ******, **** *** ****** from ***** ******** **** *** ******* government

Relevant *** *******

*** ****** ** **** ******* ** be ***** ** ***. *** (*)(*) of*** ***, ******* *********** *****:

***. ***. *********** ** ******* ****************** AND ***** ************ ******** ** *********.(*) Prohibition ** *** ** ***********.— (*) The **** ** ** ********* ****** may ***—(*) ***** **** * ******** (or ****** ** ***** * ********) with ** ****** **** **** *** equipment, ******, ** ******* **** **** covered ****************** ********* ** ********as * *********** ** ********* ********* ** *** ******, ** ** ******** ********** ** **** ** *** ******. [emphasis added]

******** ****** **** ********* *********** **** as ***** *** ******* **** ** the **********. *******, *** ** **** is ************ ** ** ******* **** products ** ******, ********** ** ***.

Hikvision ******** ******

********* ** ** ******* **** *** Daily ********* ****, ********* ** **** ***** and ******* ** **** ****:

*** ******* ***’* ******* ** ***** the **** ** ******** **********; ******, it ** ******** *** ** ******** statement ** ************* ****** **** *****prevent *** ****** ** ******** **** ***** ****** **** *********** ******* *** ********* ****** **** ***** ******** **** *** *.*. ********** **********. [emphasis added]

******, ******* *** ****'* *******, ********* is ********** ** ***** ******* ** lobbyists *** ***** ************ ********* *** two ***** ** ******:

****** **** ********* ******* ***** *** other ******** ***** ** *** ****** leading ** ** *** ****'* *******:

Hikvision ** *******

********* *** **** ** ****** ******* (nor ****** ************* ** *******) ***** the ***'* ******* *** ******** ** comment ** *** ** **** *********. However, ***** ***** ******* ***** ********, Hikvision ** ******* ********** ** ******** behind ****** *****.

SIA ** *******

***, *** ** ***** ************ **** on-staff *********, *** **** ** ****** comment ***** *** ***'* ******* *** declined ** ******* ** *** ** HASC *********, ************* ** *** *******, **** *** comment. *** **** **** **** ***** a ****** ********* ** **** ***** in *** ******.

OEM ****** ***********

*** ****** ** **** ********** ****-********* like *** (**********) *** ********* ***** potentially ** **** ******. ** ** hard *** ****-**** **** ** ******* drop ******* ***** ******* ***** **** and *************.

********, ***** **** ***** ***** ** obligated ** ***** *** ********** ** OEMed ******** **** *** ** **** did **, **** ** ***** ********** customers *** **** **** ***** ** Hikvision ********** ********, **** ***** **** be ****** *** ********** ***.

** *** ***** ****, *** ************* risks ***** ********* ****** ***** **** this ***** ********** *** ******** **** the *** *****.

Distribution ******

************ ****** ** ****** ** ** more *******, ******** *** *** *******, etc., ** **** *****, ** *** sell ** *** *****, ***** ********* not ** ******** ******* **** ***** dealer ********* ***** **** ** *** US ******* **********.

********** ****** ********* (**** *&* *****) could ** ******** ** **** ** regularly **** ** *** *****. ******, theoretically, *** ***** ** ****** ** would ** ********** ****** *** *********** inconsequential ** **** ******* *** ***** or *********.

Dealer / ********** ******

**** ***** ** ***-**** *********** ***** avoid **** ******, ** *** *********** who ** *********** ********** **** ***** avoid ***** ****** ***** **** ******* who **** **** **** ***** ** smaller ***-********** ******* ******.

*** ****** *********** (*.*., *** / Tyco *** ***) *** *** **** likely ** ** ******** ** **** as ***** ********* **** ** *** a ***** ** ******** **** *******, price-sensitive ********* *** ******* ** ***** and ********* ***** ** *** **** time ******* ****** ** ******* ********.

******* *** ***** **** **** *** be ******** ** * *** ** selling ** *** ******* ********** *** also ************* **** *** ***** *** federal ********** **.

*** *** ******* ***** *** **** to *** ******** ** *** ***, but **** ************* **** *** ***** Guard (***** ** *** *****), *** *******'* ******** ** ** office (***** *** *** ** ************* ** ******** *******), ** *** ****** **** ** the *********** *********** (***** ********** ** *** ******* **********.)

Potential **** ******* ******

*** ********'* ******* ************** ** ****, to ****, ** **** *** *** only ******* **** ** **** ** the ** ********** (***/** ********** ******, critical **************, ***.).

*** ** **** *********** ***** * far ******* *** ******* ****** - effectively ********* **** ** ****** ******* selling ***** *** ********* ** *** vs ***** ******** **** *** ** government. **** **** ******, **** *********** who ***** **** ************ ** *********** sell ***** ******** *** ****** ** forgo **** ** ***.

***** ** **** * *********** **** that *** ******* *** ******* ** state *** ***** ***********. **** ** already *********: *** **** ** ******* in ******** ****** *** ** ***** and ********* ********* **** ***** *** NDAA's ******* (***** ** **** **** *********).

Expect **** **********

** ****** ************* **** ********** **** the ******** ** ****, ********** **** the ******* ******* ** *** ******** who **** ** ******** ***** **** businesses ** ****** ***** **** *** US ********** *** ***** *****-********* *********. Moreover, ** ****** ********** **** *** private ****** *** **** **** ** an ********* ** *** ** ********** into **** *** ** **** / offered ** ******* **********.

Rule / ********** ****** ******

** **** *****, ** ****** ****** rules ** ********** ** ** ****** by ******** ** ********** ******** ***** how *** *** ** ***** ***********. When **** ******* ** *******. ***** then, ** ***** ****** *********** ******** and ****** ***** *** *** *** should ** ***********.

Poll / ****

Comments (160)
U
Undisclosed #1
Aug 29, 2018

Hikvision is going from being a money train to a toxic waste truck.

(10)
(1)
(1)
(14)
U
Undisclosed #2
Aug 29, 2018

Now THIS... THIS just got interesting. 

No doubt this article ruined Marty Calhoun’s morning BM.

(7)
(1)
(2)
(18)
UI
Undisclosed Integrator #3
Aug 29, 2018

And Sean Nelly's :)

(11)
(1)
(1)
(2)
(3)
JH
John Honovich
Aug 29, 2018
IPVM

Leave Marty alone...

In all seriousness, for the handful of Hikvision dealers that sell heavily to the US government, the ban, as is, was already a problem.

This is more of a problem for companies that only do a minority of business to the US government but most to SMB / residential. What do they do, if this comes to pass? Do you drop Hikua to keep your small US gov business but potentially lose / cause disruptions in your main market? That's not an easy call.

(8)
(3)
U
Undisclosed #1
Aug 29, 2018

 Do you drop Hikua to keep your small US gov business but potentially lose / cause disruptions in your main market? That's not an easy call.

If this really gets teeth and causes problems I expect to see more instances of "Bob's Cameras, Inc." and "Bob's Hikvision Outlet, Inc." - one person setting up two legal entities to get around the issue of being banned from government sales if you sell Hikua.

While it looks dramatic on the surface, given how poorly GSA is administered and the lack of penalties for companies that knowingly sell banned product that is miscategorized, I am not sure there will be much enforcement behind this.

(15)
(3)
Avatar
Clint Hays
Aug 29, 2018

I was just thinking about a soon to be increase in LLC creations.

 

AAA Camera Company - Pro Hikua

AAA government Security - No Hikua

 

All with the same backend management/staff/owners.

(10)
(2)
(4)
UM
Undisclosed Manufacturer #24
Sep 12, 2018

Is Marty still a member?

JH
John Honovich
Sep 12, 2018
IPVM

We do not disclose who is or is not a member. And I do not want to speak for Marty.

Generally, anyone who is a Hikvision dealer and has non-trivial US government business is in a difficult position.

(1)
UI
Undisclosed Integrator #5
Aug 29, 2018

I have to think there are some website partner pages being edited feverishly at the moment.

(4)
(1)
(3)
UM
Undisclosed Manufacturer #14
Aug 30, 2018

there is one simple solution to the totally retarded rule from the government: just split your business in two formal entities. takes some work, but you can sell to/from both. you can even have the same physical store, but webshops would need to buy an additional domain name.

(3)
UI
Undisclosed Integrator #3
Aug 29, 2018

This is definitely an interesting development.  I'm wondering how quickly these companies that work with government can drop Hikvision/Banned Camera manufactures from their lineup.  

(4)
MM
Michael Miller
Aug 29, 2018

So is this just Hikvision or Dahua or does this include all the OEMs?

JH
John Honovich
Aug 29, 2018
IPVM

Yes, good point. As discussed in the original ban passage, products 'produced' and sold by 'affiliates' would be impacted.

(2)
(1)
MM
Michael Miller
Aug 29, 2018

I bet FLIR can't wait for the DAHUA naming rights to be over. 

(9)
(2)
UI
Undisclosed Integrator #22
Sep 04, 2018

So when will DVtel change their Hik OEM encoder? Or is that ok to have "just a little bit of Hik" in your line up and not draw any attention to it?

(1)
(1)
UM
Undisclosed Manufacturer #21
Aug 30, 2018

John - don't forget to add Stanley who just acquired 3xLogic (HiK OEM) to the list of major players impacted

(1)
(1)
U
Undisclosed #4
Aug 29, 2018

How is this a good thing? It seems that the US has security concerns with these cameras and are blatantly ignoring the litany of other unsecured devices from numerous other vendors. Do I trust the security of a Hik camera? No. Do I trust a Bosch, Panasonic, Axis? No, no, no. Why do I sell/install them then? I HAVE NO CHOICE, the camera market has moved in to the IT space.

 

(6)
(1)
(1)
(2)
(1)
UI
Undisclosed Integrator #3
Aug 30, 2018

IP cameras are IT devices.  Whether or not you lock them down, they are network cameras, NETWORK.  Today, IP cameras are really computers with lenses on them.  How could this not move into the IT space?  

(5)
UI
Undisclosed Integrator #22
Sep 04, 2018

That's pretty well on the money. Security is, well - security. Vulnerabilities are actually all IT based, created by a generation of geeks without a shred of knowledge of CCTV. The ball started rolling years ago when Axis just looked to IT departments and disregarded integrators to grow their model. Now look where we are - every IP camera manufacture is complicit in compromising the very essence of security. It may well be the way of the world that it was always going to go to IT but there are absolute basics that's should still apply. Never place any security system on an internet facing platform. never share a network with any other IOT device other than the security devices that comprise the system. If you you have to use the network, ensure the very basics of firewalls, password changes, and full security configuration is used. If its a particularly sensitive camera, that doesn't need to be send over the internet - then leave it off. Think analogue and remember the very first letter of "C"ctv. You'd be amazed how easy it is to lock down a system by simply removing the RJ45 from the link to the outside world. At some point common sense will kick in...….

 

(1)
(1)
JH
John Honovich
Sep 04, 2018
IPVM

Never place any security system on an internet facing platform. never share a network with any other IOT device other than the security devices that comprise the system.

While that does improve security, that is increasingly unrealistic as users value remote access and manufacturers can improve products with cloud services (e.g., better analytics, off-site storage, etc.). Look at current stats - Surveillance Systems Remote Access Usage Statistics. Remote access is most common already and will increase as the utility of cloud-connected systems expand.

The future is certainly Internet connected video surveillance. Systems need to be good enough and trustworthy enough to support that.

BP
Bas Poiesz
Sep 04, 2018

The future is certainly Internet connected video surveillance. Systems need to be good enough and trustworthy enough to support that.

John I fully agree. That's why I feel pushing for legistation/a clear rule set would make much more sense. Way more sense compared to this bill.

UI
Undisclosed Integrator #22
Sep 04, 2018

I don't disagree, but the issue is that remote access is being sold as system capability without the caveat that its leaving your system wide open to hacking.

As for cloud storage, well that's a very pretty concept that just fills millennials with all the aspiration they need. But who really trusts the cloud when in essence you ae sending off private, confidential, potentially compromising, commercial and operational data to an unknown facility, operated by unknown persons  with unknown resilience to hacking. We know how weak iCloud and Yahoo was  - so what makes CCTV or access cloud any better? 

People are being sold a myth and expecting CCTV manufacturers to pick up the full responsibility for LAN/WAN/Cloud resilience, which is not practicable. They are part of the solution, but not solely responsible.

Ask yourself another question - just how much of the US Government and Defence data is hosted by external Cloud storage and has this storage been under the same microscope as Hikvision for it's integrity or are people just blindly accepting that its tighter than the Trump/Putin make bonding?

A security solution is end to end and nothing should be looked at in isolation.

(1)
U
Undisclosed #4
Aug 29, 2018

What can I sell? I need a new low cost CCTV solution. :(

(3)
Avatar
Howard Kohnstamm
Aug 29, 2018
IPVMU Certified

Check out VITEK. Not made by D or H.

(2)
(3)
(1)
U
Undisclosed #9
Aug 29, 2018

Vitek is just a TVT OEM, you can just buy Qsee or avycon or ENS for the same thing.

(5)
(3)
(3)
CW
Christopher Wise
Aug 30, 2018

Isnt Digital Watchdog also??

UM
Undisclosed Manufacturer #15
Aug 30, 2018

see above for Vitek.  DW is very similar.  MOST of their lineup is coming from Korea.  Their turrets are TVT OEMs.  

(1)
UM
Undisclosed Manufacturer #15
Sep 05, 2018

or below...for Vitek

UM
Undisclosed Manufacturer #15
Aug 30, 2018

Not entirely true.  They have a product mix of both Korean and Chinese products.  The Transcendent lineup is TVT OEM, the OnCue recorders and Virtuoso camera lineup come from Korean facilities.  

PH
Peter Hu
Aug 29, 2018

UNV, Avycon (TVT), VideoPark, Tiandy, Relong

(3)
UD
Undisclosed Distributor #13
Aug 29, 2018

UniView

(2)
BP
Bas Poiesz
Aug 30, 2018

@John Honovic: this is my point, people will search the next brand with good/decent quality at the hik/dahua pricepoint.

With this knowledge the next series of articles/ban requests/lobby efforts can be started. Just leave out the brand name for now and add it at a moment of choice.

(1)
JH
John Honovich
Aug 30, 2018
IPVM

people will search the next brand with good/decent quality at the hik/dahua pricepoint.

Disagree not about Dahua nor Hikvision but about how brands gain significant share. Some people will 'search' for the next brand but most people make purchasing decisions based on heavy sales and marketing expenditures plus local support.

If Uniview steps up with tens of millions of investment in US sales, marketing and local support, hiring 100+ people, Uniview has the chance to become a major player.

Otherwise, sales will go up for Uniview, given the Hikua situation but they will remain minor players since most dealers want local 'factory' salespeople and local support.

(2)
BP
Bas Poiesz
Aug 30, 2018

Well for EU, Hik sales started before the Hik footprint with local staff really started.

It has helped their growth no doubt. My point is not it will be UNV, my point is that the door is wide open for any Chinese brand to be funded right into the spot.

If so many installers and intergrators (and thereby also end users) have gotten used to the pricepoint, I am certain there will be a big demand in that space.

 

BP
Bas Poiesz
Aug 29, 2018

My points have been eloquently worded by Robert Shih:

1. If foreign state ownership is the issue, then Dahua should not have been included. Also, a more comprehensive electronics bill should be drawn up to cover more potential threats from China.

2. If this is trade related, then tariffs would have sufficed rather than completely forcing the market's hand. Also, the Buy America act would have been sufficient if properly enforced.

3. If cyber security were truly the issue, then there should be a governing body that upholds these standards across the board that all manufacturers should abide by.

 

Adding that if a company sells these brands anywere excludes them from government business is really strang.

If you feel their judgement is off because of selling these brands, the list should be more comprehensive.

 

 

(22)
(1)
Avatar
Sean Nelson
Aug 29, 2018
Nelly's Security

Genius Interpretation! They must think the thousands of companies selling Dahua and Hikvision are secret Chinese spys and had to act accordingly.

If this isnt a clear indicator of how mindless the ban was and still is, i dont know what is. 

If they hate Hikvision and Dahua that bad, just ban them completely already and stop beating around the bush.

SMDH

(8)
(7)
(2)
(2)
(3)
U
Undisclosed #1
Aug 29, 2018

Or, they think integrators selling those products are ignorant to the risks they pose, and thus don't want to deal with them at all. I am only slightly exaggerating here. If you can't recognize the risks posed with those products, you shouldn't be advising the government and selling them anything "security" related.

(7)
(1)
Avatar
Sean Nelson
Aug 29, 2018
Nelly's Security

What specific risks does a current Dahua and Hikvision camera have that other non-banned manufacturers have such as an Axis camera or you name it?

(6)
(1)
(1)
U
Undisclosed #2
Aug 29, 2018

That it is manufactured by a company with a track record of intentionally placing back doors into their products, a company no less owned by a hostile foreign government.  

There, I summed up the Hikua dilemma in one sentence. 

When’s the liquidation sale? 

Oh, and sorry for interrupting your morning BM.

(9)
(5)
(7)
Avatar
Sean Nelson
Aug 29, 2018
Nelly's Security

I understand that you must be happy that it actually takes an act of congress for you to compete but honestly thats not something to be proud so lets keep the argument sensible and free from undisclosed sarasm. Oh an BTW, ban or not, I still eat competitors like you for breakfast and BM them out each morning so your statement is not entirely false.

The backdoors were not intentional. Vulnerabilities are found in every manufacturer. Dahua is not owned by China. And to call China hostile is debatable. I shut down your summation in 4 sentences.

I'll let you know when the liquidation sale is, perhaps then you can actually make some money. ;)


(7)
(16)
(1)
(11)
(6)
UM
Undisclosed Manufacturer #7
Aug 29, 2018

And to call China hostile is debatable.

No, it isn't. 

(24)
(1)
(1)
UM
Undisclosed Manufacturer #8
Aug 29, 2018

Absolutely correct UD#7 - China has blatantly stated their hostility to the US, both militarily and economically.  

(12)
(1)
EV
Ed Vergara
Aug 30, 2018

I agree. All you have to do is follow what's going on in South China Sea.

(1)
(1)
(2)
UI
Undisclosed Integrator #22
Sep 04, 2018

China is no more hostile than the US. Trump initiate the hostile tariffs against many of its "allies" as well as it's perceived foes. That is hostile.

 

(1)
(2)
(2)
Avatar
Gary Lane
Aug 30, 2018
APT .RED

Hey Sean, it worked!  I looked at your web site to get an understanding of what you like for breakfast. My pallet is more refined, so I will not be able to understand your perspective very well.

While I prefer all government stay out of my business; It appears that the federal government must pass laws to prevent ignorant people from knowingly and willfully risking security for personal gain. It seems to me this is a new concept by the federal government over the past few years.

Not to worry Sean, there is plenty of other government entities that prefer personal gain over security, you will be fine and have plenty of breakfast to feast.

(2)
(2)
(1)
Avatar
Sean Nelson
Aug 30, 2018
Nelly's Security

Thanks Gary. This conversation is starting to get wierd. Nonethless, I cant stay silent to subtle trash talk, although its respectful that you disclosed yourself. I said I eat competitors for breakfast via our sales, I dont eat my own products which is what you alluded to. While you may be fasting, I dont necessarily consider that a "refined" pallete choice.

(1)
(1)
(1)
UM
Undisclosed Manufacturer #18
Aug 30, 2018

Yet the size and number of back doors and vulnerabilities is astounding!!

Selling these manufacturers is a security risk to the US gov, and critical infrastructure...

You seem more concerned to your profits in selling such cameras than you are to the risks they present.

As for your Chinese breakfast... enjoy while you can...

(1)
U
Undisclosed #4
Aug 30, 2018

Saying that selling these manufacturers poses a security risk to the US gov depicts a certain level of naivety.

The day you started using IP cameras is the day you created a whole new set of security risks. I feel I should inform you all that IT security is more complicated than China = Bad/Anything else = Good.

You have almost no ability to keep an educated and determined intruder out of your home, we all know that. We don't however seem to know that that logic also applies to our IT infrastructure. Try as you may, you can't really keep the Russians, Chinese, FBI, NSA, 16yo hackers etc off of your network. Did you ever really think you could? 

Do you think the Chinese have a problem hacking in to Axis systems?

Blame Hik if you want to, but as an IT and technical security systems auditor, all you guys are fucked.

It's the wild west of CCTV systems hacking and the manufacturers don't even give us the proper tools to secure the network.

Run a Shodan search and see how many systems out there are still affected by Shellshock.

(1)
(1)
UM
Undisclosed Manufacturer #19
Aug 30, 2018

Sounds to me like you're bitter you cant install cheap shit anymore.

every integrator that employs this kind of argument that basically says "any camera poses the same amount of risk as all other brands" is putting their head in the sand.

Also, NO I don't think Chinese have issues hacking into an Axis system. They are also the same country that blocks Axis out of almost all installs in their nation. China is going for world domination and they unfairly discriminate against other manufacturers from other parts of the world.

Answer this: Why is it NOT okay for the US to do the exact same thing as China and essentially block Hikua out of our nation?

(3)
U
Undisclosed #4
Aug 30, 2018

Bitter that I can't install cheap shit? Sorry, but even at $150 for a 4k camera,, that ain't cheap. Less than $1k for a full system? That's ALLOT of money for us regular folk.

I wouldn't say each camera has the same amount or risk. I'm saying they -for the most part- all have the same TYPE of risk.

You put your camera on my network, now you have all the risks of every other client on my LAN.

So, you are worried that a camera system may be vulnerable to China, yet you admit that the Chinese can hack in to other systems anyway. Now you are becoming a Security Specialist.

(4)
(1)
UM
Undisclosed Manufacturer #19
Aug 30, 2018

Asking if China can hack into an Axis camera system is like asking if Stephen Curry can hit a 3 pointer. You're talking about a country that admits it has an army of hackers.

 

I'm not claiming to be a security specialist. But at least I'm a realist.

(1)
UI
Undisclosed Integrator #22
Sep 04, 2018

Really? And your kit has no vulnerabilities - prove it. So your benevolent company is not interested in profits - is that because its a pseudo charity (Bosch) or is it because it's commercially ignorant?

Built your wall and use your own US manufactured kit....oh hang on....

UM
Undisclosed Manufacturer #18
Aug 30, 2018

Yes 4 sentences, that make little to no sense, while no one can say the back doors are intentional, neither can you say they are not...

As for whether China is a hostile government to the US, I suggest you try reading the news in general...

While I empathize, with the impact that this might have on your  business, it is not the governments concern if you base it off cheap OEM cameras, with little care to the security impact to the end user, Public or private!!

UM
Undisclosed Manufacturer #21
Aug 30, 2018

"The backdoors were not intentional"

How can you be so sure Sean?

Just because Hik told you so?

 

(4)
(1)
U
Undisclosed #4
Aug 29, 2018

Are you insinuating every company that has placed a backdoor should succumb to the same fate of crony capitalism? Goodbye, Microsoft, Juniper, Cisco, Sony, EA Sports, Blackberry. The question should be, what company did NOT provide a backdoor? When I find that company, I'll let you know.

(5)
(1)
(1)
U
Undisclosed #4
Aug 29, 2018

Direct State control is all I can think of. All of the other IP camera manufacturers  suffer similar issues as a lot of these devices will utilize many of the same software libraries. That's why when you see an openssh patch published, you'll soon notice vendors downstream start to patch their hardware.

(2)
(3)
Avatar
Sean Nelson
Aug 29, 2018
Nelly's Security

thats fair but Dahua is not state owned, thereby invalidating this argument.

(3)
(1)
(4)
U
Undisclosed #1
Aug 29, 2018

Sean - you really don't now exactly how involved the China government is with Dahua, do you? You don't know for sure if the backdoors and vulnerabilities discovered so far were intentional or not.

All you "know" is what they have told you. Keep in mind both Dahua and Hikvision have been shown to be dishonest and untrustworthy in multiple ways. 

You have not invalidated any arguments or "shut down" anyone's arguments here. You have only continuously shown how ill informed and blind you are.

(13)
(1)
(2)
Avatar
Sean Nelson
Aug 29, 2018
Nelly's Security

Sean - you really don't now exactly how involved the China government is with Dahua, do you? You don't know for sure if the backdoors and vulnerabilities discovered so far were intentional or not.

Please enlighten me on your insider knowledge and how Dahua compares to every other Chinese company that is or isnt involved with the China government.

(3)
(1)
(5)
(1)
U
Undisclosed #1
Aug 29, 2018

Sure, once you acknowledge my comment that you are talking out your ass and don't actually "know" one way or the other how much China is involved with Dahua, or the motivation behind the backdoors put in Hikvision's products.

(3)
(1)
(4)
Avatar
Sean Nelson
Aug 29, 2018
Nelly's Security

I never admitted this, therefore no ass talking. I asked you to enlighten me with your knowledge. Looking forward to your ass-talk free insider knowledge.

(3)
(1)
(4)
(3)
Avatar
Rich Moore
Aug 29, 2018

Can you both stop?  I usually enjoy reading the comments as I tend to learn something new from an installer/integrator's perspective.  If you two want to go at it, please do it offline.

(18)
(1)
(1)
(2)
(2)
UM
Undisclosed Manufacturer #12
Aug 29, 2018

Sean, you're business and therefore livelihood is Hikvision, thereby invalidating most arguments you make.

Objectivity and safeguards against manufacturer influence are why IPVM is the most respected source of information in our industry.

(8)
(2)
BP
Bas Poiesz
Aug 29, 2018

If Objectivity is the aim you would make a rule set ANY manufacturer needs to meet. Banning two that are now the biggest is far from objective 

(2)
(1)
JH
John Honovich
Aug 29, 2018
IPVM

Banning two that are now the biggest is far from objective

Worth keeping in mind that those two are now the biggest because China blocked out their foreign competitors, ironic given the issue we are discussing here.

(5)
(1)
(1)
BP
Bas Poiesz
Aug 29, 2018

If that’s China’s plan, what’s stopping them from now backing UNV or another company and doing it all over again? 

The ban leaves room for any Chinese company not mentioned by name, and that’s a lot 

(2)
(1)
Avatar
Sean Nelson
Aug 29, 2018
Nelly's Security

This is a stellar oppurtunity for UNV right now, but then again, they should obviously tread lightly of capturing too much attention. Danged if you do, Danged if you dont.

(2)
(1)
(2)
U
Undisclosed #1
Aug 29, 2018

Nobody (seemingly even Dahua and Hikvision themselves) really knows for sure what current risks are in those devices. The Hikvision IP Camera Critical Vulnerability 2018 report shows that new vulnerabilities are constantly being found in Hikvision devices.

Hikvision and Dahua have an extensive history of critical easily exploited vulnerabilities. Far more so than Axis or other non-banned manufacturers. Couple that with the fact that these products originate from a country (China) that is not really considered to be a US ally. This makes those products significant risks.

If the Swedes (Axis) elect a Communist dictator and start pumping out firmware riddled with comparable vulnerabilities I would be all over the suggestion to ban them as well.

Of course, this has been presented to you multiple times, but you don't seem to be able to evaluate it beyond "Axis has some vulnerabilities also" and "Hikvision makes me money, therefore we shouldn't pick on them".

I've said this before, let Hikvision go a year or two with no critical vulnerabilities being reported against them AND have their response to vulnerabilities not be spin and victimization, and maybe they could be considered a more trustable device. Let's see if we can get through the next 11 months with no new Hikvision cyber security snafu's. 

 

 

(10)
(1)
Avatar
Sean Nelson
Aug 29, 2018
Nelly's Security

Much bigger footprint for Dahua and Hikvision to be exposed than Axis or the others. No telling how many vulnerabilities still havent been found in those products. Axis is a great company, and has great products, but they are more expensive and traditionally geared towards enterprise market which are typically installed on much more closed networks. Much smaller footprint.

(2)
(3)
(2)
(1)
UM
Undisclosed Manufacturer #18
Aug 30, 2018

Sean, the footprint argument is BS!!!  Regardless of how many cameras are sold, there is no correlation to the number of vulnerabilities... If I manufacture 5 cameras, it does not make them secure under that reasoning..

Enterprise systems, are not necessarily closed systems, I have dozens of customers that are based across the world, I can get in to the their systems for diagnostics etc...

And again you lay yourself bare by the statement that that AXIS is more expensive... Cheap is cheap, the expansion of Hik footprint has been done by vast investment and loans by the Chinese Government, and the Chinese Government keeping rivals out of their own domestic market...

 

As they say in China   感谢上帝,推迟Sean Nelson购买我们的产品!!

(2)
(1)
Avatar
Sean Nelson
Aug 30, 2018
Nelly's Security

What, in your opinion, has more vulnerabilities? Hikvision or Windows OS? Or even for this sake Apple products?

let me ask you another question

Who has been hacked the least among the above manufacturers?

Footprint. 

(2)
(3)
U
Undisclosed #1
Aug 30, 2018

What, in your opinion, has more vulnerabilities? Hikvision or Windows OS? Or even for this sake Apple products?

Sean, you ask a lot of questions, and pose a lot of (misinformed) opinions about why you think Hik is not a threat, but you rarely state anything definitive that can be independently verified.

Maybe try posting some data and numbers of your own, instead of "asking" people for responses. Do some research on what you think is comparable data and come back with an information-supported argument.

(1)
Avatar
Sean Nelson
Aug 30, 2018
Nelly's Security

Would you also like me to provide data that the earth is round and the sky is blue?

(1)
(4)
U
Undisclosed #1
Aug 30, 2018

Would you also like me to provide data that the earth is round and the sky is blue?

Nah, just start with backing up your claims about Hikvision with actual verifiable data.

Or, if you can't do that, just keep deflecting and asking stupid questions.

(1)
(1)
BP
Bas Poiesz
Aug 30, 2018

This is senseless Sean. Windows has more bug and cracks than Hik ever will, but it's American. So it's safe and Bill Gates allways had everyones interest at hart.
Just like Facebook always wanted you to just enjoy their games. They never did anyone any harm right?

If they don't want to see the big picture, they never will.

(1)
(1)
UM
Undisclosed Manufacturer #20
Aug 30, 2018

LOL.  We don't want to see the big picture.  That is funny.  Thanks for the chuckle.

(1)
UM
Undisclosed Manufacturer #18
Aug 30, 2018

Hik......for a device that does so little in comparison to the others, the number of vulnerabilities is astounding!!

If you disagree, please provide accurate verifiable information, not reheated Hik/Dahau misinformation....

(2)
UM
Undisclosed Manufacturer #20
Aug 30, 2018

That is a strawman argument.  Microsoft Windows version x or y is an operating system, designed by huge teams, and designed to run on hundreds of manufacturers of systems.  It is an operating system designed to run tens of thousands of software programs and allow user interaction, etc.

An IP camera is an IoT device or embedded device with a few APIs and designed to do one primary thing - capture video and send it out the network.

Yes, there are cameras that can run apps, but let's ignore that for now.  There are only 3 or 4 manufacturers that do that, on a limited set of models.  And there are only a handful - maybe a hundred apps in the world.  

Any complex system, like an operating system designed to run 3rd party code, and to run on different hardware platforms is going to have vulnerabilities.  The question is how forthcoming are they with info and with updates.

Can you imagine if a car company didn't acknowledge defects or issues or recalls... Oh wait... That is why certain car companies don't make it to the US...  There are dozens of Indian or Chinese or other car companies that we have banned,  Maybe it is due to their track record, or simply product safety.

Same thing here.

An embedded device should be easier to harden because you don't need to expose the internal modules.  Everything should be parsed and sanitized and filtered before the OS gets the data.

A companies track record is SO important here.  Personally, the ONLY way Hik or Dahua can make this better is to 1) actually become open vs. sending out poorly worked fluff marketing bulletins and 2) start over from the ground up - get rid of 100% legacy code and actually design a new camera & NVR & DVR & VMS.  Design it with cybersecurity in mind.  Yeah, it may require a new API and integration, but heck - with thousands of engineers it shouldn't take too long :).  Yeah, I now that adding more engineers doesn't actually speed up a project based on man-hours needed....

Start from the ground up stating no more plugins and only HTML5.  Use ONVIF and known encryption protocols.  Don't hide the encryption in a special FIPS firmware, but trumpet that YOU ARE THE ONLY COMPANY WITH FIPS COMPLIANT CAMERAS, when they are not publicly available.

Finally, you HAVE to solve the grey market/OEM issues.  I know that is how you started and you sell a ton of products, but you have to pick your channel.  Either be a B2B product and cut out the OEM or stick to OEM and be honest about it.

We have all seen the OEM > direct backstabbing.  It is shameful home many large "manufacturers" with a nice brand name don't actually manufacture cameras.  I have a feeling that in the next 12 months much of this will shake down due to the ban and the Honeywells, etc. will have to bail out of the game or pick a different OEM and be honest about it or actually make their own products!!!!

(5)
(1)
U
Undisclosed #4
Aug 30, 2018

The OSs on camera/NVR equipment is a full fledged Operating System. Complete with a TCP/IP stack, DDNS, HTTPD. You can install anything else you want if you know how to compile by source and are strong willed enough to endure dependency-hell as packaging software has normally been pulled from the base images.

 

In other words, it's a pain to install other apps, but it's certainly not impossible.

 

(1)
UM
Undisclosed Manufacturer #20
Aug 30, 2018

The OS on an IP camera or NVR SHOULD NOT be a full-fledged OS.  It should be a stripped down OS that has removed ALL of the unneeded features, functions, libraries, and servers/daemons.

Maybe that is the difference between the different tiers of manufacturers.  Some re-write the OS and remove the unneeded things, others just use the stock firmware or lock things down but don't really remove things (think telnet).

Another big piece is that some manufacturers use Trusted Platform Modules (TPM).  This makes it so that a skilled hacker can NOT change the OS or recombine firmware (Hikvision). Thus better securing the camera.

(1)
CC
Chris Chambers
Mar 24, 2019

Excellent way to point out the blatantly obvious.  There is almost zero analogy between an OS that must run on hundreds to thousands of different hardware options, and run thousands of different programs/drivers/etc., versus a very limited purpose device where the maker has full control over both hardware and software.  Anyone suggesting the 2 are comparable has no clue.

UI
Undisclosed Integrator #22
Sep 04, 2018

How obvious is it that IPVM and others will not spend the time and effort in analysing vulnerabilities of a small manufacturer? Yes, Hik and Dahua have a built a huge glass house for themselves and are there to be pilloried whilst the myriad of start-ups, non-Chinese OEM and plenty of others go under the radar and are pushing kit out that leaks like a sieve. 

This a simply a jingoistic monologue that is as boring as it is repetitive. 

 

UM
Undisclosed Manufacturer #20
Sep 04, 2018

Are small startup OEM companies being sold to and installed in US federal Government facilities? That is the point of this discussion.  I am sure that these small companies have cyber issues, and should be discussed, but that is separate from this discussion of Hik and Dahua and related being banned by the US bill.

(1)
BP
Bas Poiesz
Aug 29, 2018

If this is your point, ban all Chinese, not just the two biggest at this moment.

At least that would be a clear statement.

At best, you kill the Hik and Dahua business in the USA and in a few years a new lobby for a new ban will try to kill whichever Chinese company has stepped into the void hik and Dahua leave. 

People won’t go back up to the high prices lower quality of pelco and the likes of them. 

Call me ignorant because I like Hik but banning two brands just makes little sense. It’s a bandaid.

(2)
(3)
JH
John Honovich
Aug 29, 2018
IPVM

People won’t go back up to the high prices lower quality of pelco and the likes of them.

That's a strawman. The Pelco buyer has largely moved to Axis, Avigilon, Hanwha, Genetec, Exacq, Milestone, etc., with or without the Chinese.

At best, you kill the Hik and Dahua business in the USA and in a few years a new lobby for a new ban will try to kill whichever Chinese company has stepped into the void hik and Dahua leave.

You've made this argument now a few times so I'll address. Hikvision and Dahua are way bigger (on the order of 5 - 12x as large) as the next biggest Chinese video surveillance manufacturer plus Dahua and Hikvision have been taking market share away from other Chinese companies inside of China. Because of that, your assumption that other Chinese companies will easily fill the 'void' is much more questionable than you imply.

And given that you seem to be granting that Hikua is effectively a cancer, the US might as well treat that now.

(5)
(2)
BP
Bas Poiesz
Aug 29, 2018

I never granted hikua to be a cancer.

Firstly I prefer not to use a desease that hurts so many in any way or form, even an argument.

Secondly, already on IPVM people are discussing alternatives and the likes of UNV are popping up.

Another Chinese brand at the Hikua price point.

(1)
JH
John Honovich
Aug 29, 2018
IPVM

the likes of UNV are popping up.

Another Chinese brand at the Hikua price point.

Would you be happy if the ban includes UNV too?

UNV is certainly the 3rd most common Chinese branded option but they are a distant, distant 3rd in the West. They will need to invest tens of millions in overseas sales and marketing to attempt to be a serious factor, which they have refused / been incapable of to date.

(1)
BP
Bas Poiesz
Aug 29, 2018

No I don’t want UNV on the list. My point is the uselessness of this ban.

The door is wide open for UNV if China decides to fund it.

instead a clear bar could be set to any product should meet before being sold.

if you now switch to a US built camera that is so weak the Chinese can break in is that any better?

 

JH
John Honovich
Aug 29, 2018
IPVM

if you now switch to a US built camera that is so weak the Chinese can break in is that any better?

That's a genuinely laughable assumption that Dahua and Hikvison cybersecurity is somehow comparably strong. Keep in mind, both companies, among various issues, continue to maintain an unremovable side door that lets them access any system (e.g. Hikvision Responds To Cracked Security Codes).

(4)
(1)
U
Undisclosed #1
Aug 29, 2018

If this is your point, ban all Chinese, not just the two biggest at this moment.

OK, I have no problem with that. I'd like to see any Chinese surveillance cameras, access control equipment, DVR/NVRs, software and similar components banned in the commercial surveillance sector. It would probably be worth banning them in the consumer sector as well, but I think that is impractical. Similarly, I have always felt the ban of Huawei equipment from the telecom market was logical as well.

China is not our ally. We ("we" being the general American population) like their cheap goods, I get that, and it is probably a necessary evil on a number of fronts to import low-cost mainstream consumer stuff from China. At the commercial level, and particularly at the Government level, that stuff should be strictly banned. I stopped buying Lenovo laptops a decade ago for similar reasons when I was in charge of IT-related purchases for various companies. If a country is hostile to us (directly, or passively) I don't think we should be plugging their equipment into our networks.

For this bill, I think Hikvision was named because they have direct government control, and they have a history of cyber security vulnerabilities across basically all of their products. Dahua is mostly guilty by association, they have proved to have similar gaping and mishandled vulnerabilities, and if we suspect the Chinese government would use Hikvision as an attack vector, it is logical to assume that cutting off Hik would just have them move to Dahua, so might as well just cut that off right from the start.

In all seriousness, if XM, Longse, or any other large(ish) Chinese manufacturers try to step into Hik/Dahua's shoes here and fill the void, I would expect their names to be directly added as well.

I don't think the bill named Hikvision and Dahua in the sense of listing the entirety of the threatening or suspect companies, they were just the two most popular and visible companies to start with. There is likely more to come.

(9)
(1)
(2)
(1)
BP
Bas Poiesz
Aug 29, 2018

You’re the first or at least one of the first to just say that’s right ban all Chinese.

Most others try to give reasons that make no sense and misguided info.

we may not agree but I appreciate your clear view and explanation

(2)
U
Undisclosed #1
Aug 29, 2018

Thanks. FWIW, I think you put forth some compelling points as well.

(1)
CC
Chris Chambers
Mar 24, 2019

+1,000 for "China is not our ally."

UM
Undisclosed Manufacturer #12
Aug 29, 2018

Hikua is the biggest threat because of several factors. Mitigate the largest threats first but maintain the market for low priced camera systems that do have a good use in society. If another threat emerges, ban them too. 

You went from one extreme to the other, naming Hikua and then Pelco to misrepresent options available in the market. There are several options of price and quality between those two brands. 

I think a really great thing Hikvision did for themselves (and horrible for the industry) is changing the perception people have for what a professional camera should cost. They were able to do this because of an infinite government-sponsored budget and because the camera industry is very underregulated, so specification sheets can easily hide cut-corners, low-grade components, build quality issues and swiss cheese firmware.

(2)
JH
John Honovich
Aug 29, 2018
IPVM

I think a really great thing Hikvision did for themselves (and horrible for the industry) is changing the perception people have for what a professional camera should cost.

Interesting point. No doubt competing on low price was a key Hikvision tactic and important to their early success but it had very negative downsides:

(1) Their brand and general consumer perception became centered around low-cost because of their literally constant sales. They devalued other manufacturers but they also devalued themselves.

(2) By being so cutthroat on price (while spending so much on sales and marketing), Hikvision created many enemies among their rivals. This is a key reason why competitors are largely cheering the US government's actions.

I genuinely think that Hikvision's long-term outcome would have been better not being so centered on cutting prices.

(2)
U
Undisclosed #10
Aug 29, 2018

gutting pricing - in any global industry/market they choose to seek domination of - is an overt and well-documented practice that the PRC uses as SOP#1.

it is what they do.

(2)
Avatar
Sean Nelson
Aug 29, 2018
Nelly's Security

I disagree. Price compared with Quality is what made them so popular. Market Disruptors tend to have enemies in their respective market so its not surprising that competitors are cheering this. Can you imagine the cheers from ADT and the likes if Simplisafe got banned?

(4)
(1)
JH
John Honovich
Aug 29, 2018
IPVM

Price compared with Quality is what made them so popular.

Actually, it is price compared to quality + massive sales spending + marketing spending. 

Market Disruptors tend to have enemies in their respective market

For example, Axis was a market disruptor (think back to 2008). Competitors did not hate them because (1) they competed on quality, not price and (2) they are not funded by an authoritarian government. 

(6)
(1)
Avatar
Sean Nelson
Aug 29, 2018
Nelly's Security

Im not disagreeing there are ways to disrupt markets other than prices. Look at apple. Companies like that are often more respected for the value they add to the industry. Axis is respected because of this and because they were pioneers in the IP camera industry. Companies like this rarely put others out of business because they are in a class among themselves or created a new industry altogether.

Nevertheless, there are companies who disrupt based solely on pricing and/or demolishing old ineffecient sales models. These companies are generally hated in their respective industries because it makes other companies lower their margins or become uncompetitive altogether. Again Simplisafe is a great example. Amazon could be mixed in the group. Red box. Netflix. Etc. 

(3)
(1)
U
Undisclosed #10
Aug 29, 2018

"Nevertheless, there are companies who disrupt based solely on pricing and/or demolishing old ineffecient sales models."

historically, I would argue this point.  As it is willfully obtuse and ignores all the prior debate about fair trade practices and sustainability.

But I long ago recognized that you are not debating, and instead are content to parrot the hikua propaganda to the end... 

(4)
(1)
UM
Undisclosed Manufacturer #12
Aug 29, 2018

Couldn't disagree more with your examples. The foundation of disruption for those companies was technology. This technology allowed them to challenge the conventional sales model and/or price. Hikvision just undercut everyone else dramatically with no differentiation in technology or innovative sales model. 

(4)
BP
Bas Poiesz
Aug 29, 2018

So you’ve gone from government owned to government funded... 

Does that mean that to you any Chinese company is government funded?

JH
John Honovich
Aug 29, 2018
IPVM

I have not gone anywhere. Hikvision is both owned and funded by the Chinese government.

(1)
BP
Bas Poiesz
Aug 29, 2018

This is going in circles. Dahua is not government owned and has as much government backing as the next manufacturer would. 

 

(2)
JH
John Honovich
Aug 29, 2018
IPVM

Dahua won nearly a billion dollars in Chinese government contracts for concentration camps in the past year, so they have ton more government backing that every non Chinese video surveillance manufacturer combined.

(5)
(2)
UM
Undisclosed Manufacturer #18
Aug 30, 2018

Yes you are right again, the price of Hik, is reflected in the quality of the cameras, especially the firmware and software that has had so many vulnerabilities uncovered over the last decade....

You can stop sucking Hik dick now....go find a replacement manufacturer..

(1)
(2)
(5)
(1)
U
Undisclosed #10
Aug 30, 2018

(1)
Avatar
Sean Nelson
Aug 30, 2018
Nelly's Security

ROFL, typical emotional uneducated reply. I know you undisclosed manufacturers are giddy and can hardly contain yourself but wow!

(1)
(1)
(2)
(1)
U
Undisclosed #4
Aug 30, 2018

Dude, you are wasting your time arguing with undisclosed users.

(3)
U
Undisclosed #10
Aug 30, 2018

(1)
UM
Undisclosed Manufacturer #18
Aug 30, 2018

Really, yet you are not sycophantic towards your Chinese suppliers... You sit on this discussion, make false, illogical arguments,

My business is not circling the bowl.....you made your money by buying cheap vulnerable cameras, and now that your going to be excluded from a market space, you regurgitate Hik/Dahau talking points...Claim that there is little to no correlation between price a quality, and cannot even agree that our Government would be safer without the Chinese own and sponsored manufacturers installed in its facilities!!

Get off your knees

 

(2)
(2)
(4)
(1)
Avatar
Sean Nelson
Aug 30, 2018
Nelly's Security

I enjoy a good debate but im starting to feel sorry for you and its no fun anymore. I wont allow you to make yourself look any more foolish than you already have.

(1)
(3)
Avatar
Ryan Ace
Aug 30, 2018
IPVM • IPVMU Certified

As this is a professional forum, I am kindly asking everyone to refrain from profanity.

Thanks.

(4)
U
Undisclosed #4
Aug 30, 2018

Remember, they are not banning the Chinese. They are banning US (Security Professionals) from selling Chinese products. The US government has displaced it's political/economic responsibility on us, without actually banning any product.

 

Not fair at all if you ask me.

 

Either let the market decide or step in with politics. Don't force every Security Professional to enforce your ill-thought plan.

 

Good luck enforcing Trumps ban on HikHau y'all.

(2)
(1)
Avatar
Sean Nelson
Aug 30, 2018
Nelly's Security

Good Point. 

My same thoughts are with the tarriffs. You arent hurting the Chinese. You are hurting the consumer.

I voted for trump but he has pulled some doozies lately. One of them saying Google is biased. I dont think they are biased at all, but even if they are, who cares, they are a private company they can be as biased as they want.

Stay out Government!!


(2)
(1)
UM
Undisclosed Manufacturer #18
Aug 30, 2018

Do you actually read IPVM on a regular basis?  Simply look for the articles regards these manufacturers and you will see that the number of threats and issues from these manufacturers dwarfs any other manufacturer....

(1)
(2)
(1)
UM
Undisclosed Manufacturer #18
Aug 30, 2018

I do not think that "they think thousands of companies are Chinese spies", I think it is a true concern over the Chinese government being so entwined in camera companies, that the US Government cannot trust or rely on them.

Anyone that has read IPVM over the last 5 years or so can see one security failure after another from these manufacturers, Other countries are excluded from Chinese government projects because of their own security concerns......

What is good for the goose is good for the gander...

(1)
(1)
UI
Undisclosed Integrator #22
Sep 04, 2018

McCarthyism at play. Jeez, I guess some countries never learn.....

U
Undisclosed #4
Aug 29, 2018

Right, I was referring to Hik.

UI
Undisclosed Integrator #6
Aug 29, 2018

I don't mean to politicize this topic, but usually people in significant government and political positions equip their homes and private offices with extensive security measures, including, but not limited to, surveillance equipment.  What are the chances that some of these folks used the equipment, which is the subject of our discussion, in their homes and private office, and through this equipment the Chinese Government got into their network?  We're now hearing that the Chinese Government was monitoring a certain politician's network in "real time", got emails as soon as they were sent and received. I don't know how factual this particular story is, but I think it is possible to do such a thing.  How embarrassing, to our industry, would this be if we learn that it was equipment we use that enabled our adversaries to compromise these networks?

Also, I wouldn't expect our government to spell out how any government official, or politician's network was breached other than a general statement that the breach occurred.  It's possible that our government has specific information about hacking, that they will not divulge for fear of  giving away methods and abilities of our intelligence gathering folks.

(5)
(2)
Avatar
Daniel S-T
Aug 30, 2018

I'd be more willing to bet many have cameras they've now banned in their homes and don't even know it.

(1)
U
Undisclosed #10
Aug 29, 2018

(15)
U
Undisclosed #11
Aug 29, 2018

If you are going to ban Dahua and Hikvision you must ban all other China cams the basis of the ban is a threat to national security. I am actually less worried about hik and dahua because of their volume, there is way more effort put in to detect backdoors/vulnerabilities. This is not the case with low volume vendors. Using those cameras can actually be a greater threat since they are not likely put under the microscope. The ban should also require the removal of such systems already in place, which it does not.

(2)
(1)
(2)
Avatar
Sean Nelson
Aug 29, 2018
Nelly's Security

If you are going to ban Dahua and Hikvision you must ban all other China cams the basis of the ban is a threat to national security. I am actually less worried about hik and dahua because of their volume, there is way more effort put in to detect backdoors/vulnerabilities

Whats even more sad about the ban is that Hikvision probably has the most cyber secure Chinese made surveillance product right now. Unfortunately they were too late in the game.

(2)
(11)
(1)
(3)
U
Undisclosed #1
Aug 29, 2018

Whats even more sad about the ban is that Hikvision probably has the most cyber secure Chinese made surveillance product right now.

Seriously, just stop trolling. It's getting ridiculous.

(5)
(1)
(1)
(4)
Avatar
Sean Nelson
Aug 29, 2018
Nelly's Security

I have definetely trolled many times in the past, but this is not one of them. 

(1)
(9)
(4)
UM
Undisclosed Manufacturer #16
Aug 30, 2018

So they are the "best of the worst??"  Not sure that is the standard of a successful security model.  I think that is the point lost in all of this - we are in the security business.  We are not making Lego.

(4)
(4)
BP
Bas Poiesz
Aug 30, 2018

we are in the security business. We are not making Lego.

I fully agree with that statement. That's why making clear rules and minimum requirements make way more sense. For traditional CCTV (with no network connections) it might not have been needed, but it's very needed today.

It would take work but make a better industry. More usefull then a ban on a few brands.

UM
Undisclosed Manufacturer #20
Aug 30, 2018

The standard for a successful security product would start with not being listed by CERT or DHS or whomever with having a vulnerability, especially a 9 or 10 rating.  Obviously, there can be vulnerabilities or other issues and not be listed (yet), but that is a good start. 

Let's go through the camera calculator and see which products made in China do NOT have any vulnerabilities listed.

Hikvision is NOWHERE near the top of the best in cybersecurity.  They constantly have vulnerabilities disclosed, and often due to sloppy coding, and not due to other libraries (openSSL, etc.) finding a vuln.  

(2)
(1)
UM
Undisclosed Manufacturer #18
Aug 30, 2018

LMAO!!!!!!!!!!   Oh Sean, you are precious!!!!

I have the least flammable Pinto on the road!!!!

(5)
UM
Undisclosed Manufacturer #12
Aug 29, 2018

I can understand this argument, however, Hikau's risk factor is 100x that of other Chinese brands like TVT, Longse, etc. simply by the market penetration into enterprise\government sectors in the USA and marketing power to expand that. I think it makes sense to ban the largest threats while still allowing for the low price market to exist. Banning all Chinese cameras could have an impact on the safety and security of millions of people who may not be able to afford anything but a $500 8 channel kit on Amazon. 

(1)
(1)
U
Undisclosed #11
Aug 29, 2018

You are confused. First, the ban does not apply to amazon shoppers. Second, if dahua and hik were selected because they are the largest, then why not mandate removal of old systems? A better solution if they felt the ban was needed would be to list acceptable manufactures.

(1)
(1)
UM
Undisclosed Manufacturer #12
Aug 30, 2018

You are confused. First, my English language, grammatically correct and cohesive sentence tied the banning of all Chinese cameras to Amazon shoppers, not this federal ban. Second, removal of currently installed Hikua systems in federally owned, operated, or funded facilities is mandated. An even worse solution would be listing acceptable manufacturers since there are thousands of acceptable ones and only two banned ones.

(1)
(1)
U
Undisclosed #11
Aug 30, 2018

Yet again, incorrect. The ban does not require removal. IPVM's reporting on it is incorrect. Take the time and actually read the legislation. There is nothing in the language that requires removal of equipment already in place. 

If you intended to suggest an alternative to the federal ban you should have said so cohesively.  It does not read that way, so much so that you had to defend it in the way you did. :)

Finally, my point with respect to white listing when right over your head.  There are not thousands of acceptable brands. All china brands are suspect. The smaller manufactures more so because they are not tested extensively. If the feds are actually concerned about security they should vet 10 or so quality brands and white list them. Problem solved. I understand though that as a manufacture you feel threatened.

(1)
(1)
(1)
RS
Robert Shih
Aug 29, 2018
Independent

I emphasize, YET AGAIN, that Dahua is NOT equivalent to Hikvision. This Bill does NOT work for all threats and it limits the market unnaturally.

(2)
(4)
UM
Undisclosed Manufacturer #12
Aug 30, 2018

Robert,

In my perspective, Hikvision ban is a reactive law (as laws usually are) and Dahua ban is a proactive one. It is amazing to witness the very rare occurrence when the US government is proactive!

(1)
(1)
RS
Robert Shih
Sep 05, 2018
Independent

Funny, but not productive IMO.

The issue of ownership separates them. Dahua is not the same exact threat as Hikvision, because of this.

Dahua CAN (not guaranteeing they WILL) change if given guidelines to follow and may be able to EARN trust (not that they have it now).

Hikvision, even in following guidelines, can't ever be trusted on the basis of its ownership.

That's the crux of my argument.

UI
Undisclosed Integrator #6
Aug 29, 2018

I'm sure I'm quite naive about cyber security beyond VPN's and strong passwords, but this ban may be simply folly in preventing or stemming cyber attacks, and will have little to no impact on China's, or any other adversarial country's, ability to breach our critical networks.  There are many pathways into a network, by a multitude of other network connected devices, not limited to surveillance equipment or particular manufacturers.

A US manufacturer of network client devices may use all components manufactured in the USA, which is highly unlikely. But that same manufacturer may later switch to components sourced from other manufacturers in countries that may or may not be adversarial to the US.  Would this make the product subject to scrutiny or a ban?  

A WiFi thermostat or Wifi controlled lighting, among a host of other connected devices can be used to attack a network.  It seems like it's going to be a monumental task to ban so many things, and this may not solve this problem.

I don't think the Chinese government, or any other adversarial country for that matter, will simply limit their efforts to breach our networks to just a few industries' products.

 

(7)
UM
Undisclosed Manufacturer #12
Aug 30, 2018

Agreed, especially when you are starting to see the mainstream adoption of smart home devices on residential networks. This is a recipe for a disastrous DDOS attack. However, as a standard cybersecurity practice, end users should avoid technology with a track record of vulnerabilities, poor best practice methods for network integration, and lag and\or denial of those vulnerabilities, no matter what manufacturer or country of origin. 

(1)
JH
John Honovich
Aug 30, 2018
IPVM

US Senator criticizes Hikvision on social media overnight:

This is not the type of attention Hikvision wants nor needs.

(13)
(2)
U
Undisclosed #1
Aug 30, 2018

That "Chinese Spy Company" tagline could really catch on, seriously. Hikvision is going to be spending a boatload of PR cash to dig out of this.

(1)
JH
John Honovich
Aug 30, 2018
IPVM

Hikvision is going to be spending a boatload of PR cash to dig out of this.

Stop looking on the negative side. Think about how many jobs Hikvision can create for American PR people ;)

(11)
UM
Undisclosed Manufacturer #20
Aug 30, 2018

I don't always spy on government networks, but when I do, I use ********* cameras, the Chinese Spy Company...

(1)
(1)
(6)
BP
Bas Poiesz
Aug 30, 2018

That's definitely bad press.

I vaguely recognised the name so I asked google for more info on.

They could have hired him for their lobby! (pun intended)

(1)
Avatar
Rich Moore
Aug 30, 2018

Vaguely recognized the name?  He ran for president 2 years ago.  Did fairly well.  

(1)
(1)
BP
Bas Poiesz
Aug 30, 2018

Sorry Rich I am not a US citizen, or even resident. I needed Google and got more than I was expecting.

(2)
UD
Undisclosed Distributor #17
Aug 30, 2018

I got an option to consider- Go Vivotek (Taiwanese) and enjoy a ringside seat until the fight is over...

(3)
UM
Undisclosed Manufacturer #19
Aug 30, 2018

I'd like to add that this is not just affecting the govt projects.

I was in a meeting with a large retail company yesterday and was told the reason they are completely moving away from Hikvision is because they were shown the hacked hik camera map by a consultant.

They immediately freaked out and demanded the removal of all Hik cameras and replacement with a premium brand moving forward. The negative exposure Hik is receiving right now is at an all time high and buying decisions are being changed and reversed more than I have ever seen.

(2)
(6)
(2)
UM
Undisclosed Manufacturer #18
Aug 30, 2018

Then jump right on it and sell them the premium brand they are comfortable with...

(1)
U
Undisclosed #1
Aug 30, 2018

they were shown the hacked hik camera map

It's a great tool for showing just how poor Hikvision's cyber security has been.

(2)
UI
Undisclosed Integrator #6
Aug 30, 2018

In 2014, the Nest WiFi thermostat was hacked at a Black Hat Conference in 15 minutes.  They were able to get root to the network through the device.

You can watch this on Youtube and there are lots of articles about it if you want to do the research.  

So, how many products are being looked at in this same light?  How difficult would it be for foreign actors to use their products, or our products, to spy?

Hopefully, they're aware that thousands of products can be used this way, and these countries won't put all their eggs in one basket, should one line of devices be banned.

(2)
(2)
UM
Undisclosed Manufacturer #18
Aug 30, 2018

yep your right.....lets not do anything then....

As we move into the internet of things we need to start looking at all manufacturers this is true, but that does not mean that as security vendors, we should not be looking at the most blatant offenders first.

Standards are needed, for all devices that are attached to the network, but that does not mean until we have every last item is secure we should do nothing...

(2)
UI
Undisclosed Integrator #6
Aug 30, 2018

I'm not suggesting we do nothing....  Just pointing out how the problem is much larger than just camera equipment manufacturers.  If I were working in a hostile regime and wanted to breach the network of a target country, I'd look to do it with their own devices, manufactured in their own country, thereby not raising suspicion and completely going under the radar.  The Chinese must know that any device originating in China and exported to the USA or elsewhere is going to be held with suspicion on it's face.  

(1)
UI
Undisclosed Integrator #23
Sep 05, 2018

The fact that IPVM replied to Marco Rubio's tweet total dispels it's repeated argument that it is being impartial to Hik/Dahua. IPVM has an agenda and it is revealing that more everyday. 

 

https://twitter.com/ipvideo/status/1035149285665513472

(1)
(1)
(1)
JH
John Honovich
Sep 05, 2018
IPVM

We responded with a title and link to a relevant report:

I could understand the accusation if we responded with something juvenile or ad hominem. However, criticizing us for sharing related information is a stretch.

But, hey, we are not the PRC. You are welcome to criticize us here.

UI
Undisclosed Integrator #22
Sep 05, 2018

Trump had better hire Mercury quickly.....

On a separate note, Rubio seems to be man who is more than a little confused. IPVM loves a Wikipedia trawl...so lets have it Marco...

"He favors collection of bulk metadata for purposes of national security" 

"....he hopes for greater economic growth as a result of trading with that country (China)"

"In February 2018 he attracted controversy following the Stoneman Douglas High School shooting at a town hall event held by CNN when he was questioned by a survivor of the shooting about the supposed $3,303,355 he had received in donations from the NRA. Rubio replied, "I will always accept the help of anyone who agrees with my agenda". (mmm.....I think I can read into that one pretty easily...).

"He disputes the scientific understanding of climate change, arguing that human activity does not play a major role in global warming"

Yep - lets all listen to Marco, because he's all about credibility and integrity.

 

 

(1)
(1)
(1)
CC
Chris Chambers
Mar 24, 2019

I've got $20 that says you don't even know what "Mike's Nature Trick" is.  Until you've done at least a few hundred hours of researching the global warming scam, from both sides, I suggest leaving the now named "climate change" out of discussions about security cameras.

DG
Dennis Gallen
Dec 03, 2018

I'm not sure how the statement "... as a substantial or essential component of any system, or as critical technology as part of any system." can be interpreted as blocking purchase from those companies selling multiple brands (including Hikvision or Dahua). I would interpret this as anyone selling a system, like an inspection system that happens to have a Hikvision camera as a "component" of the system. They key word is "system". 

JH
John Honovich
Dec 03, 2018
IPVM

Dennis, thanks for your first comment. Ultimately, neither my nor your interpretation will matter. The ultimate judgment will be the purchasing rules the government puts in place next year.

UI
Undisclosed Integrator #25
Aug 05, 2019

This was such great information and is an important topic to educate others on. We really felt this was a great topic to link within our article, "How to Choose the Best Security Systems Provider for your Facility." Check it out! https://umbrellatech.co/choosing-the-best-security-systems-provider-for-commercial-facilities/

UI
Undisclosed Integrator #26
Aug 06, 2019

Are you able to clarify this scenario. An integrator sells Honeywell/Interlogix Intrusion Panels. Both of these companies OEM cameras to banned manufacturers. Can you not sell to the federal government because you are selling non-camera products from a manufacturer who OEMs to a banned firm?

JH
John Honovich
Aug 06, 2019
IPVM

As an integrator, you would only potentially be banned if you sold Dahua or Hikvision products (or their OEMs). If you resell products from a company that OEMs Dahua or Hikvision but you do not resell those Dahua/Hikvision specific OEM products, you would not be affected.

The 'blacklist' element is still being debated / evaluated, see: Ban Proceeds But White House Requests Delay of Hikvision / Dahua Partner Blacklist