Times Investigates Hikvision's Chinese Government Control

By John Honovich, Published Sep 16, 2016, 01:48am EDT

The Times of UK, founded in 1785 with 1.6 million daily readers, has published a 2 part investigation into Hikvision's government control:

Two key quotes from the Times reporting:

Hikvision, a company controlled by the Chinese government

Hikvision grew out of China’s military surveillance wing and several high-ranking executives continue to hold positions in the Communist Party.

This is consistent with what IPVM has reported, such as Hikvision Chinese Government Origin, Hikvision and the China Communist Party, Hikvision Exec Simultaneously Chinese Government Security Leader.

Additionally, IPVM was one of the sources and was quoted in one of the reports.

********, *** ***** ******* on ******** ** ********, including *** ********* ******:

******* *** ******** ** be *** *******’* ******* provider ** ************ *********.

** ******** ******** ********** had **** **** ** Hikvision’s ******* **********.

** *** *** ** the **** *.** ******* Hikvision ******* **** ** in *******, **** ****** a ******* **** ** monitor ****** ****** *********.

**** ******* *** *********** ****** ****** ****** that **** ************ *********'* Chinese ********** *******.

Trouble *** *********

**** ** ******* *** Hikvision. *** *****, **** have **** **** ****** their ********** ******* ** 'overseas' *******. *** **** mainstream ***** ******* **** story, ** ********* ********** of *** ******* *** spreads *** **** ** a ******* ********.

** *** ** *** midst ** * *********** rise ** ********* **** will *** ********* ** the ********* *** ******** the **** *** ********** of ***** ** ****** organizations.

Update: * **** ********** *** *******

Comments (123)

Brilliant

Agree: 9
Disagree
Informative
Unhelpful
Funny

I was told about the article from a partner and came here straight away. You didn't disappoint

Agree: 4
Disagree
Informative
Unhelpful
Funny: 2

And the BBC has picked this up:

Agree: 5
Disagree
Informative: 5
Unhelpful
Funny

BBC Radio talking about state subsidies for Hikvision cameras, allowing them to keep prices low.

The station is interviewing a series of people including UK security professionals.

Agree
Disagree
Informative: 4
Unhelpful
Funny
Agree
Disagree
Informative: 2
Unhelpful
Funny

currently talking about it now live on radio 2

Agree
Disagree
Informative: 1
Unhelpful
Funny

Wait wait wait... does this mean IPVM is no longer the National Enquirer of our industry?

Agree
Disagree
Informative
Unhelpful
Funny: 11

This great news prices should drop even lower

Agree: 1
Disagree: 1
Informative
Unhelpful: 1
Funny: 11

This great news prices should drop even lower

I am not sure if you are joking or not. Worse, I actually think you might be right ;)

Agree: 2
Disagree
Informative
Unhelpful
Funny: 5

Showed the paper with headline to a Hikvision customer this morning and he said:

"Yeah but The Times is a very British paper though eh? There's nowt wrong with Hikvision, I've sold three systems this morning"

This will change nothing at the low to mid end, hope I'm wrong though.

Agree: 4
Disagree
Informative
Unhelpful
Funny: 2

Unfortunately people care more about price than anything. Hopefully this doesn't end poorly for the free world.

Agree: 3
Disagree: 1
Informative
Unhelpful
Funny

Unfortunately people care more about price than anything. Hopefully this doesn't end poorly for the free world.

Capitalism will kill the free world? How ironic!

Agree: 1
Disagree
Informative
Unhelpful
Funny: 2

Haha, that is fairly ironic. However, I think it's less to do with capitalism and more to do with society's ever declining standards and desire for security & privacy. We're giving up our liberties for no good reason. Also if the free market wasn't manipulated that could help...

Agree: 1
Disagree
Informative
Unhelpful
Funny

So what? Support the democratic chinese citizens.

NSA is monitoring all network activities anyway. Disconnect your surveillance network from the Internet and you are free !

Agree: 2
Disagree
Informative
Unhelpful
Funny: 1

That seems... likely? Customers love disconnected systems they cannot access remotely.

Congrats to IPVM on breaking these stories long before anyone else.

Agree: 7
Disagree
Informative
Unhelpful
Funny

I would go so far as to say that without IPVM, these stories may have never surfaced, or would've taken far longer to see the light of day, but then, as the National Enquirers of the U.K., BBC and Times were bound to report on this eventually anyway.

Agree: 2
Disagree
Informative
Unhelpful
Funny

</sarcasm>

Agree
Disagree
Informative
Unhelpful
Funny

depends... our enterprise customers are strictly forbidding connecting the surveillance network to even the corporate network. Only the network segment used by the Access Control system can be connected to the corporate network because of time and attendance data transfer.

however we do not sell Hikvision to enterprise customers at all.

Agree
Disagree
Informative: 1
Unhelpful
Funny

Same. Just sounds like a hornets nest we don't want to poke. Panasonic and their Advidia line is a bit concerning. I'm sure other manufacturers are sneaking in Hikvision under the radar as well.

Agree: 3
Disagree
Informative
Unhelpful
Funny

So true. They OEM for many of the "major" brands, like Interlogix and several others. I know many write the concerns of others off, but we've just decided not to risk it...for our own sake as well as our clients. Then again, most of our clients are enterprise, so it might not be as big of a deal for the smaller firms.

Agree
Disagree
Informative
Unhelpful
Funny: 1

Any chance this will be part of the 2016 Presidential debate? If anyone is attending, ask them if they are aware

Agree
Disagree
Informative
Unhelpful
Funny: 4

Heck, our presidential candidates, and we may as well put ourselves in the same "basket of deniables", don't even know or care about even more serious issues.

Try on Net Neutrality for starters.

Just as we have surrendered our surveillance manufacturing to the Chinese state, so too have we surrendered our networks to global corporations with allegiances only to the highest bidders for access and control to all our data.

Agree
Disagree
Informative
Unhelpful
Funny

Actually Hillary Clinton and Donald Trump have both made strong statements on either side of Net Neutrality. You can guess which one lands where and which one has an actual informed position.

Agree: 3
Disagree: 1
Informative
Unhelpful
Funny

You can guess which one lands where and which one has an actual informed position.

Honestly, no, I could not imagine either of them being informed on this.

Agree: 8
Disagree
Informative: 1
Unhelpful: 1
Funny

Agree
Disagree
Informative
Unhelpful: 1
Funny: 15

Depends on which day it is.

Agree: 1
Disagree
Informative
Unhelpful
Funny

Would there be a benefit to switching to one of the rebranded versions of Hik, such as Interlogix for security purposes? Do they alter the firmware in such a way that if there was a backdoor or other security risk that it could be disrupted?

Agree
Disagree
Informative
Unhelpful
Funny: 2

Sure, because certainly you buying a rebranded version of HIK won't amount to any additional profitability on the part of the communists.

No, the answer is to stop giving them more and more of your money, no matter whose name is on their stuff.

Agree: 5
Disagree
Informative
Unhelpful
Funny

Moreover, beside the monetary viewpoint, you don't think their white label products are equally as suspect from a security standpoint as those bearing their label? As someone who used to be a white label HIK reseller and had their network hacked as a result, I can assure you that it doesn't matter whose name is on their stuff, anything HIK is going to be vulnerable.

Agree: 4
Disagree
Informative: 3
Unhelpful
Funny

I'm no longer in bed with them, but in my experience the answer is no. The only difference we've noticed between OEM firmware and baseline is that OEM get's less support and is not prioritized.

Agree
Disagree
Informative
Unhelpful
Funny

Now all we need to do is actually find that backdoor...

Agree: 4
Disagree: 1
Informative
Unhelpful
Funny

Bad acting software would likely only be introduced when needed and would be delivered by a firmware update.

Agree
Disagree
Informative
Unhelpful
Funny

As a foreign supersnooper, you don't want to wait too long before infecting, people are notoriusly lazy when it comes to firmware updates.

I would guess a shockingly high percentage of cameras go to their death with original firmware.

Maybe intentionally create a security vul. and then "patch" it and disclose it, to insure more people actually flash the new subversive version.

So thats why Hik keeps having security vulnerabilty issues, they're related. ;)

Agree: 1
Disagree
Informative
Unhelpful
Funny: 4

Research that shows that 2 manufactures had a) backdoors via their cloud system to remotely access and control cameras, including loading new software and running commands and 2) stored passwords in cleartext.

The 2nd manufacturer I can easily identify from the web browser screenshot. The 1st not sure.

Research document on the backdoors:

http://syssec.kaist.ac.kr/sub0501/articles/view/tableid/news/id/5

English document describing it:

http://english.etnews.com/20150601200002

I know that one manufacturer changed their password policy because of the publicity this created in Asian newspapers, even though it was an unrelated product. The fact that it was an IP camera and their company manufactured IP cameras caused them to make an edict that passwords need to be secured.

Agree
Disagree
Informative: 2
Unhelpful
Funny

Sooooo - wouldn't this be a BETTER time to go after Federal Contracting Officers who blatantly violate BAA and TAA and trample underfoot the Federal Regulations for Chinese Procurement. I still haven't heard back from the procurement officer on my secondary email.

I think I'll throw this article link directly at them to "open their eyes a little".

Thanks John

Agree: 4
Disagree
Informative
Unhelpful
Funny

John Honovich is the Bob Woodward of Hika-gate!

Agree: 2
Disagree
Informative
Unhelpful
Funny: 3

How many Hikvision employees are being forced to cancel their accounts today?

Agree
Disagree
Informative
Unhelpful
Funny: 3

How many Hikvision employees are being forced to cancel their accounts today?

At this point, now that it has hit the traditional press, I am not sure what is has to do with IPVM accounts.

We are certainly going to continue to report on this (indeed we have 2 upcoming posts queued up that gets into further details of the government control) but the challenge for Hikvision is now containing something that cannot be contained. It will be interesting to see how they handle this. Anyone with feedback from Hikvision employees, please share.

Agree
Disagree
Informative: 2
Unhelpful
Funny

I hope all integrators in my vicinity immediately cease selling Hikvision....

So I can be the only one busy as hell installing quality systems at a great value to my clients. I will worry about them being able to "phone home" or snoop the LAN.

Agree
Disagree: 3
Informative
Unhelpful: 1
Funny: 1

I will worry about them being able to "phone home" or snoop the LAN.

Yes, we all will.

Agree: 1
Disagree
Informative
Unhelpful
Funny: 3

I guess I deserved that one lol! :D

What I MEANT was, I will prevent it.

Forgive me, I've had a few beers with dinner and my guard is down.

Agree
Disagree
Informative: 1
Unhelpful
Funny

No "worries", mate.

Agree
Disagree
Informative
Unhelpful
Funny: 1

Jon, can you tell me generally what steps you take currently to insure your network is safe?

Let's say in the case of 8 CH POE hik nvr with 8 hik cameras.

@john, if you prefer we can start a new discussion...

Agree
Disagree
Informative
Unhelpful
Funny

It's simple, I place the system on a VLAN and behind a professional firewall and drop all outbound packets. I only allow inbound originated connections to pass through the firewall. I can also white list these inbound connections. I can easily drop all inbound traffic that doesn't meet my whitelist. I could even create a VPN instead of having the inbound rules.

Agree
Disagree
Informative
Unhelpful
Funny

...drop all outbound traffic.

How does the nvr get the time?

Agree
Disagree
Informative
Unhelpful
Funny

From an internal NTP server, if you like. Put two NICs in a server, one in the camera VLAN (NIC-1), the other (NIC-2) in a less secure VLAN with Internet access. Restrict only NTP traffic from the cameras and NVR to the server NIC-1. The server NIC-2 can get updates from Internet based NTP servers.

Agree
Disagree
Informative
Unhelpful
Funny

From an internal NTP server, if you like.

But is this what you actually do?

Agree
Disagree
Informative
Unhelpful
Funny

No, we use a VMS server, not their NVRs. In that case, we use dual NICs in the VMS server, one in the camera VLAN, one in the less secure VLAN. Camera VLAN is completely isolated from the Internet. The less secure side of the server is Internet facing. But the result is the same.

Agree
Disagree
Informative
Unhelpful
Funny

I assumed you used their NVR's, sorry.

Agree
Disagree
Informative
Unhelpful
Funny

No, we use a VMS server, not their NVRs.

Do you use any Analog HD cameras?

Agree
Disagree
Informative
Unhelpful
Funny

Not commonly.

Agree
Disagree
Informative
Unhelpful
Funny

So you don't care about informing your customers about potential dangers?

Agree: 1
Disagree
Informative
Unhelpful
Funny

Marco,

I assume any device is capable of having a backdoor or hack. I don't go out of my way of scaring people about "what-ifs". If that is the way you like to close sales, all the power to you. Just not my style

Agree: 2
Disagree: 1
Informative
Unhelpful
Funny

Jon,

I don't consider them what ifs, more so as educating the customer. I did it in my integration days and I continue to do it on the manufacturing side. Even if there is a product I do not like at my own company I will advise my customers against it as I value the working relationship more than just a sale. I was simply asking why you had the opposite attitude?

Absolutely every device can be hacked the point of John's investigative journalism has clearly pointed out that HIK is more susceptible than other manufacturers.

Agree
Disagree
Informative
Unhelpful
Funny

Axis has been the more suspect brand of late. How do you feel about Axis?

Agree
Disagree
Informative
Unhelpful
Funny

Absolutely every device can be hacked the point of John's investigative journalism has clearly pointed out that HIK is more susceptible than other manufacturers.

AFAIK, there has been only one actual 'hack' of a Hikvision device disclosed. A buffer flow vulnerability which may or may not have been exploited in the wild.

They had a malware infected app for a couple of weeks until it was pulled with a few hundred vendors because it was built with a rogue toolkit.

Most of their bad press stems from the users not changing the default password, which was eliminated in firmware a couple of years ago.

Agree
Disagree
Informative
Unhelpful
Funny

Jon,

When selling to US government end users or critical infrastructure end users with US government funding, would you disclose that the Hikvision products you are selling to them are made by a manufactured controlled by the Chinese government?

Agree
Disagree
Informative
Unhelpful
Funny

I haven't had that burden as of yet, so I'm unqualified in that arena. I would ask others who have had the pleasure and see if that is important to their clients.

Agree
Disagree
Informative
Unhelpful
Funny

Is any of this doom and gloom factually substantiated. I don't mean whether or not Hikvision has any connection to the Chinese government. That apparently is fact but rather has any malicious code or back doors actually been found in any Hik products. In some installations caution would be advisable but I don't really think it would stop me from installing in a supermarket or a restaurant. In the worse case scenario been pushed here I'm not particularly worried that someone in China can see how much someone is selling bananas for or whether table 5 is ready for their main course. The same installations probably have bugger all security on their own PCs and phones anyway. Personally I'd be more concerned about who is going to be the next POTUS. That is is more of a security concern for the whole world.

Agree: 4
Disagree
Informative
Unhelpful
Funny

Agreed. Why is everyone up in arms over Chinese-made IP cameras when the routers and network switches, computer motherboards, CPUs and literally every item on the planet is produced in China and shipped here. I'd say there's much more risk of network switches with hardware encoded back-doors sending info back to Chinese gov than an IP camera doing it.

Don't forget - that's how the NSA spies on each and every one of us. The NSA doesn't tap every phone on the planet - they just tap the fiber leaving the borders. Way more efficient.

What if HIKvision's success is really just old fashioned greed over profits? That seems the most logical explanation. Someone at HIK is getting paid some serious bonuses for dominating the market and in the process making these clowns from other companies re-think their entire businesses.

Agree: 4
Disagree: 3
Informative
Unhelpful
Funny

Why is everyone up in arms over Chinese-made IP cameras when the routers and network switches, computer motherboards, CPUs and literally every item on the planet is produced in China and shipped here.

You raise a good point. Since the US government has banned Huawei networking equipment for just that reason, it would be consistent to ban Chinese government owned Hikvision equipment.

What if HIKvision's success is really just old fashioned greed over profits?

Except you left out that Hikvision has made huge profits inside China and gotten huge funding inside China (from the government) and are using that to fund / subsidize their global expansion.

making these clowns from other companies re-think their entire businesses.

And how will these 'clowns' re-think their entire business? Are these 'clowns' going to get their governments to 'adopt' them?

Agree: 3
Disagree
Informative: 2
Unhelpful
Funny

Since the US government has banned Huawei networking equipment for just that reason, it would be consistent to ban Chinese government owned Hikvision equipment.

Perhaps the US government does not know or understand that Hik uses Huawei as a major supplier for the hackable part of their cameras, the SOC, via Huawei's subsidiary HiSilicon.

The Hisilicon SOC also includes the network interfaces, so if the US is serious about "banning" Huawei networking equipment, they should have no problem banning all Hik with HiSilicon SOCs.

Agree: 5
Disagree
Informative: 1
Unhelpful
Funny

For us, it's not just about being Chinese-made. You're right in that it's near impossible to avoid these days, and some of our clients are the big firms with locations in China making these devices we all know and love.

It's the direct connection to the Chinese government, specifically their Nat'l Defense, that is concerning to us. For a local analogy, it would be the difference between buying an American product, owned by a private American company or buying a product owned by a company that's owned by the NSA, or at least highly funded by it. Even that would concern us, but since those companies don't exist (as far as we know), we don't have to worry about it.

Agree: 2
Disagree
Informative
Unhelpful
Funny

I think you miss the point. Hikvision NVRs, IP cameras, DVRs, and any network device present a possible ingress point into a network. Their own lack of security and easy hack ability led to the Bitcoin miner hacks a couple years ago. China has somewhat of a record with state sponsored corporate espionage. Since Hikvision is 40% owned by the government it seems like a logical step.

In the US some people worry about our healthcare system being run by the government, the NSA, and any number of other items. Imagine how you would feel if the NVR and camera manufacturers in your data center were 40% owned by the US NSA.

Whether there IS a back door or not isn't as relevant as whether there COULD be a back door. The motivation is certainly there. After all how many years did it take Axis to discover their recent vulnerability? And that was something that wasn't intentionally hidden.

Agree: 4
Disagree
Informative: 1
Unhelpful
Funny

After all how many years did it take Axis to discover their recent vulnerability?

Though that was a 'front-door' exploit, so it doesn't give any obvious signs to its existence.

A backdoor exploit would typically have to try and connect at some point to an outside server. Which you could trap for.

Related: Request For IPVM To Create a Hikvision Honeypot...

Agree
Disagree
Informative
Unhelpful
Funny

Of course, that assumes it needs to communicate today. All those devices have clocks and typically time server connections.

Perhaps, this batch of code becomes apparent and active on a certain date in the future, like a terrorist sleeper cell?

I could write faster if my tin foil hat would stop slipping, but you never know.

Agree
Disagree
Informative
Unhelpful
Funny

But the code would still be present today, timer or not.

Agree
Disagree
Informative
Unhelpful
Funny

That's true, but UM13 is responding to my statement that backdoors give off evidence by attempting network connections.

So he is saying that the code would be on a timer. He is correct this would make detection harder, but it also limits the usefulness of the exploit.

A backdoor who waits more than a couple years before activiating stands a good chance of not ever getting activated.

Maybe thats the reason for the 5 yr warranty? ;)

Agree: 1
Disagree
Informative
Unhelpful
Funny: 2

BS

HikVision is the only NVR/DVR or Camera manufacturer that spit out spam or can be accessed for nefarious reasons.

Nevermind the 200+ other electronic systems manufacturers, they are not to be mentioned, no way they could be exploited, right? HikVision is the ONLY one that would, could, should create software for shakedown reasons and the only reason is that the Chinese government apparently has a piece of the action.

AXIS- No way/ Panasonic-never/Samsung-Nope/Pelco-NO/Sony-No way/Longsee-?

If someone (and there is plenty of takers) claim that HIKVISION is completely up to no good, investigate all of them, all of the major players, hire a cyber security outfit and prove HIKVISION is the bad guy and all other are squeaky clean.

Agree: 3
Disagree
Informative: 1
Unhelpful
Funny

Agree,

at least HIK hired

US-based security data and analytics company, Rapid7

and got a good report

Did other manufacturers do the same?

Agree
Disagree
Informative
Unhelpful
Funny

"at least HIK hired.... US-based security data and analytics company, Rapid7.. and got a good report"

Kind of like how the sub-prime mortgage industry in mid 2000's hired the ratings industry to rate them...? (While you are rating me, remember I pay you.)

Agree: 1
Disagree
Informative
Unhelpful
Funny

I can bet if HIK would be charging 2 or 3 times more for their product

we would not have this discussion

so the ? is

Is this about Pricing or China? :)

Agree
Disagree
Informative
Unhelpful
Funny

I can bet if HIK was made in the USA

we would not have this discussion

so the ? is

Is this about China or Pricing? :)

Agree
Disagree
Informative
Unhelpful
Funny

It's about both. When American consumers lower their standards SO FAR that they'd rather buy disposable electronics (when they break in 9 months just buy a new one, China is cheap! Fill our landfills with their junk!) for the lowest price, they expose themselves to security risks.

The US Government allows this to happen, and allows Hikvision to operate ON OUR SOIL, and American consumers think it's just "competition" or "capitalism", well it's not- the free market is manipulated by these people (Chinese government giving Hik $3Billion, with a 'B') and the American citizens are going to pay the highest price when all is said and done (when you're speaking Chinese).

Show me one consumer electronics device that isn't made in the east? One that actually gets any use in any volume? We should all be writing our state representatives and get them up in arms about this. Who knows, maybe they'll subsidize American manufacturing the way China supports their own manufacturing. I'm pretty sure we have a lot of people who need proper jobs.

At least UNV is American owned, and has no plans to open up shop on our soil. It's as close as we can get to an American made product at this point in time.

I'm shocked that anyone still sells Hikvision to be 100% honest, but I'm even more shocked at how careless and neglectful our society is.

Agree: 2
Disagree: 1
Informative
Unhelpful
Funny

Except that Hik isn't junk. It's more reliable than most others I've sold. They also have longer warranties than your 90 day timeframe. In fact, up to 5 years, depending on your level of purchasing power. So they won't be in landfills either. But don't let facts get in the way of your disdain.

Agree: 2
Disagree: 2
Informative
Unhelpful
Funny

Says the guy that's in bed with Hik. You have to pay a lot for those 5 year warranties. We used to sell a TON of Hikvision, but there's a reason why we don't anymore... integrity.

Agree: 2
Disagree: 1
Informative: 2
Unhelpful
Funny

What do you call "a lot"?

Agree
Disagree
Informative
Unhelpful
Funny

At least UNV is American owned, and has no plans to open up shop on our soil. It's as close as we can get to an American made product at this point in time.

UNV is owned by a US fund, but it is located in China, manufactures in China, sells in China and managed by the Chinese.

Hopefully we can get 'closer' than that.

Agree
Disagree
Informative
Unhelpful
Funny

I see,

it's about China,Pricing, and jobs in the USA :)

HIK makes cameras in the USA with Chinese firmware

Right?

Here is another wild theory

Network Printers and scanners made in China will email/transfer all documents

sound scary?
Agree
Disagree
Informative
Unhelpful
Funny

HIK makes cameras in the USA with Chinese firmware

Hikvision has never claimed to make / manufacturer cameras in the USA. Where are you getting this from?

Agree
Disagree
Informative
Unhelpful
Funny

I was responding to UD8 as joke

Agree
Disagree
Informative
Unhelpful
Funny

They're not branded as "Security" devices. And yes it sounds scary. We should be making things in America.

Agree
Disagree
Informative
Unhelpful
Funny

"We should be making things in America."

Please post when you start :)

Agree
Disagree
Informative
Unhelpful
Funny

Marty,

Do you plan to disclose to your customers that the Hikvision products you sell are made by a company owned by the Chinese government?

Agree: 2
Disagree
Informative
Unhelpful
Funny

JH, I have idea for you

Ask local integrator (decent size) to go on sales call with them

see for yourself if companies care or not about HIK situation

maybe you can help them to close a deal...seriously.

I would suggest 4-5 appointments at least

What do you think?

Agree
Disagree
Informative
Unhelpful
Funny

MANY integrators have no idea as to the Hikvision story, much less the end-users. To-date, my anti-HIK pitch hasn't failed me yet when delivered to any non trunk-slammer integrator with a backbone and/or common sense.

To that end, it is evident that ADI, too, has only recently come to their senses about the monster they've helped create in HIK, shifting stock levels dramatically and moving competing brands to their endcaps.

Agree
Disagree
Informative
Unhelpful
Funny

I think you understand that IPVM does not 'help' 'close a deal' on a 'sales call', for any manufacturer, for or against.

But 14, what I think you are getting at is this proposition:

None or almost no security end users care about Hik being owned by the Chinese government.

And I believe your implication is that the 'HIK situation' will have no impact on sales.

I think there will be a significant amount of US buyers, especially as you go to larger accounts, that will outright reject or put Hikvision under far more scrutiny once knowing the 'HIK situation'.

So far this year we have numerous reports from end users, integrators and consultants who will not use Hikvision because of their government ownership. I think it's a real factor.

The bigger questions are: How what percentage of buyers will this really matter? How much more reporting of the 'HIK situation' will occur? What will Hikvision do to counter this? How aggressive will competitors, like U2, be in using the government ownership as a counter?

Agree: 3
Disagree
Informative
Unhelpful
Funny

There was a news story earlier this year about IP cameras that were infected with malware that allowed them to be used for distributed denial of service attacks on web sites... Often US government websites. The article stated that some of the attacks a used up to 25,000 cameras. Some times the unsecured web site is not the target - just a means to attack someone else.

Agree
Disagree
Informative
Unhelpful
Funny

That's why you restrict the outbound traffic on the network.

Agree
Disagree
Informative
Unhelpful
Funny

If you restrict outbound traffic on the network, how do you remotely monitor the system?

Agree
Disagree
Informative
Unhelpful
Funny

Read my posts above. You put two NICs in the server. One in the restricted VLAN and one outside. You can VPN or remote into the server thru the less restricted NIC

Agree
Disagree
Informative: 1
Unhelpful
Funny

I am surprised how many people do not understand concept of using 2 NIC

in the server

Agree: 1
Disagree
Informative
Unhelpful
Funny

You put two NICs in the server.

you Always use server with dual NICs? What server manufacturer? Never single NIC embedded recorder, even for small jobs?

Agree
Disagree
Informative
Unhelpful
Funny

Not EVERY single install, no. But any that are sensitive either get a separate network entirely or a multi-homed server.

Agree
Disagree
Informative
Unhelpful
Funny

Never single NIC embedded recorder, even for small jobs?

The ones with POE usually are multi-homed anyway, no?

Agree
Disagree
Informative
Unhelpful
Funny

The caveat here is the NVR could be infected, just as an IP cam, if the same brand.

Agree
Disagree
Informative
Unhelpful
Funny: 1

Agreed.

That's how I tried to corner you, but you were too clever :)

Though I believe that as cheap as Hikua cameras are relative to the west, dvrs and nvrs are even a better value vs the west.

Agree
Disagree
Informative
Unhelpful
Funny

I'm not so much a conspiracy theorist but there are always possibilities.

How about 10 million devices doing a continuous storm across the known gateway address? Would that create some issues on government, banking, retail, home networks?

Let's say Black Friday? Let's face it, DMV is slow enough!

Snooping is an issue, mapping a network and sending that info is another, Denial of Service is something else and finally becoming a tool to pass malicious code can be a problem.

How many have to happen at once?

As a side note, why????

https://www.washingtonpost.com/world/china-bars-top-us-technology-firms-from-government-list/2015/02/26/ebd4282c-bda1-11e4-9dfb-03366e719af8_story.html

Agree: 2
Disagree
Informative: 3
Unhelpful
Funny

The Australian has run an article, "China funded Hikvision’s CCTV with eyes across globe"

I am quoted in it (as I was interviewed for the original Times story). One error was made in quoting me as saying "Lots of consultants in the US won’t sell it". Obviously consultants specify, not sell. I have asked the Australian / Times to correct that.

Agree
Disagree
Informative: 3
Unhelpful
Funny
_
Agree
Disagree
Informative
Unhelpful
Funny

Also Corriere Della Sera in Italy has picked up the story.

Agree
Disagree
Informative: 3
Unhelpful
Funny

The Chinese government, however, did not take well the prevarication and gave order to write to the agency Xinhua that the British are 'sinofobici ".

Sinofobici: you might think as in S.O.B., but more like China-phobic.

Agree
Disagree
Informative: 1
Unhelpful
Funny

Just saw "Snowden" at the movies. As for all this paranoia about red's under the bed with Hikvision. I think that horse has already bolted with the NSA on its back. If and its only an if, the Chinese government are planning some covert hacking operation they may actually catch up to what the NSA has been doing for years.

Agree: 2
Disagree
Informative
Unhelpful
Funny

U3 Integrator.... If you enjoyed "snowden" you should really watch the Zero Days documentary. Everyone should watch this.

Agree: 7
Disagree
Informative: 4
Unhelpful
Funny

I would also recommend the CYBERWARS series recently release by Viceland.

Agree: 1
Disagree
Informative: 1
Unhelpful
Funny

I would also recommend Amazon Instant Prime's documentary series ....Mr Robot - the Chinese are up to something!

Agree
Disagree
Informative
Unhelpful
Funny

Amazing!

Agree
Disagree
Informative
Unhelpful
Funny

Maybe this is a not just about MI6, spying loop holes or a communist invasion but instead this debate comes on the back of a UK Govt agreement with China over nuclear power. Maybe this is a about economics, trade agreements and the fact that cheap products are being sold at below cost to undercut and destroy European, US and Japanese companies that employ moral business ethics and protect workers rights etc

Maybe its fair enough we support private enterprise in China without too many restrictions but when that enterprise itself 'is' the countries own government and that company 'is' directly related to 'Security' then the free market rules can no longer apply and government control and regulation is required to protect local business and commercial interests, as well as security and safety.

In any other industries the same would apply - if the Chinese government flooded the market with cheap PCs or cars and distributors, dealerships and consumers stopped buying Dell and Ford - I am certain questions would need to asked at a Federal level. In fact these regulations are probably already in place.

And as part of this debate maybe it is about time we start applying regulation to ensure security equipment meets agreed standards for certain applications - such as Police, Rail, Ports etc irrelevant of the country of manufacture. We don't really care what people put in their house or local gas stations but it seems the UK they put this equipment in areas related to their critical infrastructure.

Agree: 4
Disagree
Informative
Unhelpful
Funny

Very true,

Make no mistake China goal is to increase its military might. They understand that America's military might is a byproduct of its economic prowess. That is the whole point of their "economic espionage" initiative , steal trade secrets, build up the economy, build up the military. It all goes hand in hand. China wants to be the most power nation in the world, and they are using communism as its advantage.

Agree: 6
Disagree
Informative: 1
Unhelpful
Funny

Agree with all points except one.Have you seen a Chinese car anywhere outside China! There is no fear, they are crap and won't pass a crash test! Branded VW in China has two versions, local made, or imported, imported twice the price, twice the quality! simple maths.

Electric battery taxi in China crashed and caught on fire, killed the people inside. BYD at their best! regulations and testing is in so much as you find problem we fix it later.

Shame goverment import tax is so high, Chinese people would like western cars, they care about their children safety as much as the next person, all these great brands, US and Europe are high quality cars could sell well here, but they don't want that do they. Not the people in power anyhow.

Agree: 1
Disagree
Informative
Unhelpful
Funny

Would like to see Washington Post or NY Times, WSJ get involved in the conversation or a major network news channel.

Agree: 4
Disagree
Informative
Unhelpful
Funny

http://www.ibtimes.co.uk/chinese-supply-cctv-cameras-britain-sparks-security-concerns-1581595

Agree
Disagree
Informative
Unhelpful
Funny

Are the same checks and balances - or lack of - applied to their network equipment Companies like Hauwei are global giants as well

Agree
Disagree
Informative
Unhelpful
Funny

Huawei tech is scrutinized by the UK govt - GCHQ: http://www.bbc.co.uk/news/technology-25417332

It seems that rules are applied when it comes to Huawei and other Chinese companies, which have been subject to anti-dumping investigations - the case was dropped against Huawei in return for a favourable trade agreement: http://www.theguardian.com/politics/2013/dec/02/david-cameron-china-advocate-western-world

The deal struck between UK and Huawei means they will invest £1.3bn into the UK economy: https://www.gov.uk/government/news/trade-and-investment-minister-works-towards-deeper-trading-relationship-with-hong-kong-and-china

And effectively Huawei are banned from the US market: http://www.latimes.com/business/hiltzik/la-fi-hiltzik-20141207-column.html

Agree
Disagree
Informative: 2
Unhelpful
Funny

I would think The Times approached Dahua and other Chinese brands for comment before the release of the article on Friday morning, hence Dahua's strong denial coming out days beforehand.

While I'm really glad it's happened - I do think it was unfairly focused on Hikvision. If The US government can approach Apple and request them to undertake underhand things then I can only imagine what is going on in China between these other brands and the government there with the human rights record they have, and the threat of 'escalation'.

I strongly expect that now the focus has been placed here then the other brands (Dahua, UNV etc.) will get a name-check in subsequent follow-up pieces.

Agree
Disagree
Informative
Unhelpful
Funny

hence Dahua's strong denial coming out days beforehand.

From speaking with Dahua at ASIS, I did not get that impression at all. Dahua did not deny it as much as listed not being owned as one of their differentiators.

I strongly expect that now the focus has been placed here then the other brands (Dahua, UNV etc.) will get a name-check in subsequent follow-up pieces.

The case for Dahua and UNV are a lot tougher (especially UNV who is owned by American company Bain). Being a large company in China, I would expect some ties, but nothing like the depth of Hikvision, which is on its own level for video surveillance manufacturers.

Agree: 1
Disagree
Informative
Unhelpful
Funny

Difference between Dahua and UNV is that Dahua was started by Mr. Fu as a private company that went public on a Chinese exchange(I believe this was the decline of DH's quality control).

UNV was also a private company, a division of Huawei/3COM that went independent and was purchased, over 90%, by Bain Capital- an American company.

So I don't think the comparison is unfair at all. Hikvision is actually controlled by the government, they own the largest stake in the company. They don't own Dahua and UNV.

Agree
Disagree
Informative: 1
Unhelpful
Funny

For those of you (like Jon) who think their understanding of networking protocols and security can actually protect against interested governments from snooping on their stuff, please read the excerpt below.... it refers to the work of Tsutomo Shimomura (whom you might remember was the one who helped the feds track down Kevin Mitnick in 1995 after Mitnick hacked into his personal machine). His work has been funded by both the US Air Force and the NSA.

This archived post (excerpted below) was dated 1996 - 20 years ago.
Tsutomu's stealth version of the Berkeley packet filter did a lot more
than modload into the kernel.  He was paid by the Air Force to design one
that could patch itself into SunOS kernels invisibly, even into kernels
with no modload support at all.  It had special code that would search
through the kernel binary for references to the address of the Ethernet
chip, and patch itself in during the very low level interrupt handling.
It was highly optimized so it wouldn't show up by loading down the
machine, and it did things like decrement the interrupt counter so that
even the extra interrupts caused by running the Ethernet chip in 'receive
every packet on the wire' mode wouldn't be visible.  He talked about
enhancements that would automatically forward packets of interest back
out onto the Internet, so the whole shebang would hide in kernel memory,
never visible to users, never running any processes or altering any files.
Think of it as Digital Telephony wiretap technology for the Internet.

The idea was to design something that you could run on a machine without
the owner ever finding out about it.  To break into that person's network.
It's a tool customized for crackers.  It's one of the tools that Mitnick
was after when he broke into Tsutomu's machine.
Agree
Disagree
Informative: 2
Unhelpful
Funny

25,

Jon has a firewall, so

  1. You can't get in to install the stealth bpf
  2. You can't get the data out from the stealth bpf, even if it was installed.

Btw, the stealth bpf isn't really that stealthy, although it may hide its activities from the kernel, it can't hide the packets it puts on the network, so is easily discoverable.

Agree: 1
Disagree
Informative
Unhelpful
Funny

Of course, you are correct.

My point is not that Shimomura's piece of work can not be discovered and blocked by firewalls... It is that governments have long been interested in being able to surreptitiously enter protected devices and networks - and that 1996 was most certainly not the end of those efforts.

Agree: 2
Disagree
Informative
Unhelpful
Funny

You are making my point for me. Your assertion proves that it is more likely that ALL devices, not just Hikvision or Chinese in general, are to be assumed to have some sort of nefarious code built in. If we start with that assumption, and you create your networks around that working assumption, then any exploits found afterwards aren't likely to be as damaging. You had thought ahead and kept the offending equipment at bay all along.

Therfore, the brand you buy matters very little, in as much as it performs as needed. You don't have to be overly concerned each time an Axis exploit is dangled over the heads of every IT dept like blackmail.

Now, that said, there is one place where people are truly at risk. That is at the viewing stations or mobile devices. The apps ran there ARE more likely to be targeted and much more difficult to harden. If you really want to nail Hikvision on SOMETHING, go after the software apps. The whole China Xcode exploit fiasco is MUCH more problematic than a camera trying to mine bitcoins.

Agree
Disagree
Informative
Unhelpful
Funny

Genuine Question

If the others - UNV & Dahua - are 'clean' ...how are they managing to match keep pace and match Hikvision's pricing levels?

Depending on the answer; 2nd question - are they sustainable long-term businesses if they don't have access to the same government funding?

NOTICE: This comment has been moved to its own discussion: How Are Dahua And UNV Managing To Match Keep Pace And Match Hikvision's Pricing Levels?

Agree
Disagree
Informative
Unhelpful
Funny

Hikvision UK GM has conducted an interview with a UK trade magazine denying control by the Chinese government.

We will do a full post in a few days but wanted to reference it here for those interested right away.

Agree
Disagree
Informative
Unhelpful
Funny
Read this IPVM report for free.

This article is part of IPVM's 7,199 reports and 959 tests and is only available to subscribers. To get a one-time preview of our work, enter your work email to access the full article.

Already a subscriber? Login here | Join now
Loading Related Reports