Times Investigates Hikvision's Chinese Government Control

By John Honovich, Published Sep 16, 2016, 01:48am EDT

The Times of UK, founded in 1785 with 1.6 million daily readers, has published a 2 part investigation into Hikvision's government control:

Two key quotes from the Times reporting:

Hikvision, a company controlled by the Chinese government

Hikvision grew out of China’s military surveillance wing and several high-ranking executives continue to hold positions in the Communist Party.

This is consistent with what IPVM has reported, such as Hikvision Chinese Government Origin, Hikvision and the China Communist Party, Hikvision Exec Simultaneously Chinese Government Security Leader.

Additionally, IPVM was one of the sources and was quoted in one of the reports.

********, *** ***** ******* on ******** ** ********, including *** ********* ******:

******* *** ******** ** be *** *******’* ******* provider ** ************ *********.
** ******** ******** ********** had **** **** ** Hikvision’s ******* **********.
** *** *** ** the **** *.** ******* Hikvision ******* **** ** in *******, **** ****** a ******* **** ** monitor ****** ****** *********.

**** ******* *** *********** ****** ****** ****** that **** ************ *********'* Chinese ********** *******.

Trouble *** *********

**** ** ******* *** Hikvision. *** *****, **** have **** **** ****** their ********** ******* ** 'overseas' *******. *** **** mainstream ***** ******* **** story, ** ********* ********** of *** ******* *** spreads *** **** ** a ******* ********.

** *** ** *** midst ** * *********** rise ** ********* **** will *** ********* ** the ********* *** ******** the **** *** ********** of ***** ** ****** organizations.

Update: * **** ********** *** *******

*** **'* ***** **** has ****** ** *** story, "*** *****! ******** ***** are ****** ***** ***** is ******** ** *******'* biggest ******** ** **** cameras." *** ***** **** has **** **** ********** levels *** **** ***** even **** ********* ** this ******.
*** **'* *** *** picked ** *** *****: "*****-********** ******* ******* ** UK’s ******* **** ******** – *** *** ***** been ******** *******"
*** ********** *** *** an *******, "***** ****** *********’* **** with **** ****** *****" * ** ****** in ** (** * was *********** *** *** original ***** *****). *** error *** **** ** quoting ** ** ****** "Lots ** *********** ** the ** ***’* **** it". ********* *********** *******, not ****. * **** asked *** ********** / Times ** ******* ****.

Comments (123)

Undisclosed Manufacturer #1

09/16/16 09:32am

Brilliant

Geoff Gritton

09/16/16 10:32am

I was told about the article from a partner and came here straight away. You didn't disappoint

John Honovich

IPVM | 09/16/16 11:21am

And the BBC has picked this up:

Does it concern you that over 1 million CCTV cameras are controlled by a company owned by the Chinese state? #r2vine pic.twitter.com/xm2KM0SGU7
— BBC Radio 2 (@BBCRadio2) September 16, 2016

John Honovich

IPVM | In reply to John Honovich | 09/16/16 11:30am

BBC Radio talking about state subsidies for Hikvision cameras, allowing them to keep prices low.

The station is interviewing a series of people including UK security professionals.

Brian Karas

IPVM | In reply to John Honovich | 09/16/16 04:07pm

So has the Daily Mail:

Red alert! Security fears are raised after China is revealed as Britain's biggest provider of CCTV cameras

Craig Paisley

09/16/16 11:29am

currently talking about it now live on radio 2

Undisclosed Manufacturer #2

09/16/16 12:08pm

Wait wait wait... does this mean IPVM is no longer the National Enquirer of our industry?

Undisclosed Integrator #3

09/16/16 01:01pm

This great news prices should drop even lower

John Honovich

IPVM | In reply to Undisclosed Integrator #3 | 09/16/16 01:05pm

This great news prices should drop even lower

I am not sure if you are joking or not. Worse, I actually think you might be right ;)

Undisclosed Manufacturer #1

09/16/16 01:11pm

Showed the paper with headline to a Hikvision customer this morning and he said:

"Yeah but The Times is a very British paper though eh? There's nowt wrong with Hikvision, I've sold three systems this morning"

This will change nothing at the low to mid end, hope I'm wrong though.

Undisclosed Distributor #20

In reply to Undisclosed Manufacturer #1 | 09/19/16 04:03pm

Unfortunately people care more about price than anything. Hopefully this doesn't end poorly for the free world.

Undisclosed #8

IPVMU Certified | In reply to Undisclosed Distributor #20 | 09/19/16 04:19pm

Unfortunately people care more about price than anything. Hopefully this doesn't end poorly for the free world.

Capitalism will kill the free world? How ironic!

Undisclosed Distributor #20

In reply to Undisclosed #8 | 09/19/16 04:46pm

Haha, that is fairly ironic. However, I think it's less to do with capitalism and more to do with society's ever declining standards and desire for security & privacy. We're giving up our liberties for no good reason. Also if the free market wasn't manipulated that could help...

Undisclosed Integrator #4

09/16/16 01:11pm

So what? Support the democratic chinese citizens.

NSA is monitoring all network activities anyway. Disconnect your surveillance network from the Internet and you are free !

Undisclosed #5

In reply to Undisclosed Integrator #4 | 09/16/16 01:15pm

That seems... likely? Customers love disconnected systems they cannot access remotely.

Congrats to IPVM on breaking these stories long before anyone else.

Undisclosed Manufacturer #2

In reply to Undisclosed #5 | 09/16/16 01:37pm

I would go so far as to say that without IPVM, these stories may have never surfaced, or would've taken far longer to see the light of day, but then, as the National Enquirers of the U.K., BBC and Times were bound to report on this eventually anyway.

Undisclosed Manufacturer #2

In reply to Undisclosed Manufacturer #2 | 09/16/16 01:38pm

</sarcasm>

Undisclosed Integrator #4

In reply to Undisclosed #5 | 09/16/16 01:52pm

depends... our enterprise customers are strictly forbidding connecting the surveillance network to even the corporate network. Only the network segment used by the Access Control system can be connected to the corporate network because of time and attendance data transfer.

however we do not sell Hikvision to enterprise customers at all.

Undisclosed #5

In reply to Undisclosed Integrator #4 | 09/16/16 02:09pm

Same. Just sounds like a hornets nest we don't want to poke. Panasonic and their Advidia line is a bit concerning. I'm sure other manufacturers are sneaking in Hikvision under the radar as well.

Rian Schermerhorn

In reply to Undisclosed #5 | 09/19/16 08:35pm

So true. They OEM for many of the "major" brands, like Interlogix and several others. I know many write the concerns of others off, but we've just decided not to risk it...for our own sake as well as our clients. Then again, most of our clients are enterprise, so it might not be as big of a deal for the smaller firms.

Undisclosed Manufacturer #6

09/16/16 01:35pm

Any chance this will be part of the 2016 Presidential debate? If anyone is attending, ask them if they are aware

Daniel McKimm

In reply to Undisclosed Manufacturer #6 | 09/16/16 02:46pm

Heck, our presidential candidates, and we may as well put ourselves in the same "basket of deniables", don't even know or care about even more serious issues.

Try on Net Neutrality for starters.

Just as we have surrendered our surveillance manufacturing to the Chinese state, so too have we surrendered our networks to global corporations with allegiances only to the highest bidders for access and control to all our data.

Ethan Ace

IPVM | In reply to Daniel McKimm | 09/16/16 02:50pm

Actually Hillary Clinton and Donald Trump have both made strong statements on either side of Net Neutrality. You can guess which one lands where and which one has an actual informed position.

Brian Karas

IPVM | In reply to Ethan Ace | 09/16/16 03:05pm

You can guess which one lands where and which one has an actual informed position.

Honestly, no, I could not imagine either of them being informed on this.

Undisclosed #8

IPVMU Certified | In reply to Ethan Ace | 09/16/16 04:05pm

Undisclosed #5

In reply to Ethan Ace | 09/16/16 09:04pm

Depends on which day it is.

Undisclosed Integrator #7

09/16/16 01:39pm

Would there be a benefit to switching to one of the rebranded versions of Hik, such as Interlogix for security purposes? Do they alter the firmware in such a way that if there was a backdoor or other security risk that it could be disrupted?

Undisclosed Manufacturer #2

In reply to Undisclosed Integrator #7 | 09/16/16 01:59pm

Sure, because certainly you buying a rebranded version of HIK won't amount to any additional profitability on the part of the communists.

No, the answer is to stop giving them more and more of your money, no matter whose name is on their stuff.

Undisclosed Manufacturer #2

In reply to Undisclosed Manufacturer #2 | 09/16/16 02:04pm

Moreover, beside the monetary viewpoint, you don't think their white label products are equally as suspect from a security standpoint as those bearing their label? As someone who used to be a white label HIK reseller and had their network hacked as a result, I can assure you that it doesn't matter whose name is on their stuff, anything HIK is going to be vulnerable.

Undisclosed Distributor #20

In reply to Undisclosed Integrator #7 | 09/19/16 05:10pm

I'm no longer in bed with them, but in my experience the answer is no. The only difference we've noticed between OEM firmware and baseline is that OEM get's less support and is not prioritized.

Undisclosed #8

IPVMU Certified | 09/16/16 01:48pm

Now all we need to do is actually find that backdoor...

Undisclosed Manufacturer #10

In reply to Undisclosed #8 | 09/16/16 03:07pm

Bad acting software would likely only be introduced when needed and would be delivered by a firmware update.

Undisclosed #8

IPVMU Certified | In reply to Undisclosed Manufacturer #10 | 09/16/16 03:32pm

As a foreign supersnooper, you don't want to wait too long before infecting, people are notoriusly lazy when it comes to firmware updates.

I would guess a shockingly high percentage of cameras go to their death with original firmware.

Maybe intentionally create a security vul. and then "patch" it and disclose it, to insure more people actually flash the new subversive version.

So thats why Hik keeps having security vulnerabilty issues, they're related. ;)

Undisclosed Manufacturer #11

In reply to Undisclosed #8 | 09/16/16 04:01pm

Research that shows that 2 manufactures had a) backdoors via their cloud system to remotely access and control cameras, including loading new software and running commands and 2) stored passwords in cleartext.

The 2nd manufacturer I can easily identify from the web browser screenshot. The 1st not sure.

Research document on the backdoors:

http://syssec.kaist.ac.kr/sub0501/articles/view/tableid/news/id/5

English document describing it:

http://english.etnews.com/20150601200002

I know that one manufacturer changed their password policy because of the publicity this created in Asian newspapers, even though it was an unrelated product. The fact that it was an IP camera and their company manufactured IP cameras caused them to make an edict that passwords need to be secured.

Edward Knoch

09/16/16 03:18pm

Sooooo - wouldn't this be a BETTER time to go after Federal Contracting Officers who blatantly violate BAA and TAA and trample underfoot the Federal Regulations for Chinese Procurement. I still haven't heard back from the procurement officer on my secondary email.

I think I'll throw this article link directly at them to "open their eyes a little".

Thanks John

Undisclosed #8

IPVMU Certified | 09/16/16 03:45pm

John Honovich is the Bob Woodward of Hika-gate!

Undisclosed #5

09/16/16 09:07pm

How many Hikvision employees are being forced to cancel their accounts today?

John Honovich

IPVM | In reply to Undisclosed #5 | 09/16/16 09:23pm

How many Hikvision employees are being forced to cancel their accounts today?

At this point, now that it has hit the traditional press, I am not sure what is has to do with IPVM accounts.

We are certainly going to continue to report on this (indeed we have 2 upcoming posts queued up that gets into further details of the government control) but the challenge for Hikvision is now containing something that cannot be contained. It will be interesting to see how they handle this. Anyone with feedback from Hikvision employees, please share.

Jon Dillabaugh

Pro Focus LLC
09/16/16 10:48pm

I hope all integrators in my vicinity immediately cease selling Hikvision....

So I can be the only one busy as hell installing quality systems at a great value to my clients. I will worry about them being able to "phone home" or snoop the LAN.

Undisclosed #8

IPVMU Certified | In reply to Jon Dillabaugh | 09/16/16 10:54pm

I will worry about them being able to "phone home" or snoop the LAN.

Yes, we all will.

Jon Dillabaugh

Pro Focus LLC
In reply to Undisclosed #8 | 09/16/16 10:56pm

I guess I deserved that one lol! :D

What I MEANT was, I will prevent it.

Forgive me, I've had a few beers with dinner and my guard is down.

Undisclosed #8

IPVMU Certified | In reply to Jon Dillabaugh | 09/16/16 11:30pm

No "worries", mate.

Undisclosed #8

IPVMU Certified | In reply to Jon Dillabaugh | 09/17/16 04:50pm

Jon, can you tell me generally what steps you take currently to insure your network is safe?

Let's say in the case of 8 CH POE hik nvr with 8 hik cameras.

@john, if you prefer we can start a new discussion...

Jon Dillabaugh

Pro Focus LLC
In reply to Undisclosed #8 | 09/17/16 05:47pm

It's simple, I place the system on a VLAN and behind a professional firewall and drop all outbound packets. I only allow inbound originated connections to pass through the firewall. I can also white list these inbound connections. I can easily drop all inbound traffic that doesn't meet my whitelist. I could even create a VPN instead of having the inbound rules.

Undisclosed #8

IPVMU Certified | In reply to Jon Dillabaugh | 09/17/16 06:26pm

...drop all outbound traffic.

How does the nvr get the time?

Jon Dillabaugh

Pro Focus LLC
In reply to Undisclosed #8 | 09/17/16 06:32pm

From an internal NTP server, if you like. Put two NICs in a server, one in the camera VLAN (NIC-1), the other (NIC-2) in a less secure VLAN with Internet access. Restrict only NTP traffic from the cameras and NVR to the server NIC-1. The server NIC-2 can get updates from Internet based NTP servers.

Undisclosed #8

IPVMU Certified | In reply to Jon Dillabaugh | 09/17/16 06:37pm

From an internal NTP server, if you like.

But is this what you actually do?

Jon Dillabaugh

Pro Focus LLC
In reply to Undisclosed #8 | 09/17/16 06:41pm

No, we use a VMS server, not their NVRs. In that case, we use dual NICs in the VMS server, one in the camera VLAN, one in the less secure VLAN. Camera VLAN is completely isolated from the Internet. The less secure side of the server is Internet facing. But the result is the same.

Undisclosed #8

IPVMU Certified | In reply to Jon Dillabaugh | 09/17/16 06:46pm

I assumed you used their NVR's, sorry.

Undisclosed #8

IPVMU Certified | In reply to Jon Dillabaugh | 09/17/16 08:26pm

No, we use a VMS server, not their NVRs.

Do you use any Analog HD cameras?

Jon Dillabaugh

Pro Focus LLC
In reply to Undisclosed #8 | 09/17/16 08:28pm

Not commonly.

Marco Sanchez

In reply to Jon Dillabaugh | 09/19/16 07:36pm

So you don't care about informing your customers about potential dangers?

Jon Dillabaugh

Pro Focus LLC
In reply to Marco Sanchez | 09/19/16 08:39pm

Marco,

I assume any device is capable of having a backdoor or hack. I don't go out of my way of scaring people about "what-ifs". If that is the way you like to close sales, all the power to you. Just not my style

Marco Sanchez

In reply to Jon Dillabaugh | 09/20/16 12:00am

Jon,

I don't consider them what ifs, more so as educating the customer. I did it in my integration days and I continue to do it on the manufacturing side. Even if there is a product I do not like at my own company I will advise my customers against it as I value the working relationship more than just a sale. I was simply asking why you had the opposite attitude?

Absolutely every device can be hacked the point of John's investigative journalism has clearly pointed out that HIK is more susceptible than other manufacturers.

Jon Dillabaugh

Pro Focus LLC
In reply to Marco Sanchez | 09/20/16 12:05am

Axis has been the more suspect brand of late. How do you feel about Axis?

Undisclosed #8

IPVMU Certified | In reply to Marco Sanchez | 09/20/16 12:09am

Absolutely every device can be hacked the point of John's investigative journalism has clearly pointed out that HIK is more susceptible than other manufacturers.

AFAIK, there has been only one actual 'hack' of a Hikvision device disclosed. A buffer flow vulnerability which may or may not have been exploited in the wild.

They had a malware infected app for a couple of weeks until it was pulled with a few hundred vendors because it was built with a rogue toolkit.

Most of their bad press stems from the users not changing the default password, which was eliminated in firmware a couple of years ago.

John Honovich

IPVM | In reply to Jon Dillabaugh | 09/20/16 12:22am

Jon,

When selling to US government end users or critical infrastructure end users with US government funding, would you disclose that the Hikvision products you are selling to them are made by a manufactured controlled by the Chinese government?

Jon Dillabaugh

Pro Focus LLC
In reply to John Honovich | 09/20/16 12:28am

I haven't had that burden as of yet, so I'm unqualified in that arena. I would ask others who have had the pleasure and see if that is important to their clients.

Undisclosed Integrator #3

09/17/16 02:28am

Is any of this doom and gloom factually substantiated. I don't mean whether or not Hikvision has any connection to the Chinese government. That apparently is fact but rather has any malicious code or back doors actually been found in any Hik products. In some installations caution would be advisable but I don't really think it would stop me from installing in a supermarket or a restaurant. In the worse case scenario been pushed here I'm not particularly worried that someone in China can see how much someone is selling bananas for or whether table 5 is ready for their main course. The same installations probably have bugger all security on their own PCs and phones anyway. Personally I'd be more concerned about who is going to be the next POTUS. That is is more of a security concern for the whole world.

Undisclosed Integrator #12

In reply to Undisclosed Integrator #3 | 09/17/16 02:59am

Agreed. Why is everyone up in arms over Chinese-made IP cameras when the routers and network switches, computer motherboards, CPUs and literally every item on the planet is produced in China and shipped here. I'd say there's much more risk of network switches with hardware encoded back-doors sending info back to Chinese gov than an IP camera doing it.

Don't forget - that's how the NSA spies on each and every one of us. The NSA doesn't tap every phone on the planet - they just tap the fiber leaving the borders. Way more efficient.

What if HIKvision's success is really just old fashioned greed over profits? That seems the most logical explanation. Someone at HIK is getting paid some serious bonuses for dominating the market and in the process making these clowns from other companies re-think their entire businesses.

John Honovich

IPVM | In reply to Undisclosed Integrator #12 | 09/17/16 07:54am

Why is everyone up in arms over Chinese-made IP cameras when the routers and network switches, computer motherboards, CPUs and literally every item on the planet is produced in China and shipped here.

You raise a good point. Since the US government has banned Huawei networking equipment for just that reason, it would be consistent to ban Chinese government owned Hikvision equipment.

What if HIKvision's success is really just old fashioned greed over profits?

Except you left out that Hikvision has made huge profits inside China and gotten huge funding inside China (from the government) and are using that to fund / subsidize their global expansion.

making these clowns from other companies re-think their entire businesses.

And how will these 'clowns' re-think their entire business? Are these 'clowns' going to get their governments to 'adopt' them?

Undisclosed #8

IPVMU Certified | In reply to John Honovich | 09/17/16 08:39am

Since the US government has banned Huawei networking equipment for just that reason, it would be consistent to ban Chinese government owned Hikvision equipment.

Perhaps the US government does not know or understand that Hik uses Huawei as a major supplier for the hackable part of their cameras, the SOC, via Huawei's subsidiary HiSilicon.

The Hisilicon SOC also includes the network interfaces, so if the US is serious about "banning" Huawei networking equipment, they should have no problem banning all Hik with HiSilicon SOCs.

Undisclosed Manufacturer #22

In reply to Undisclosed Integrator #12 | 09/19/16 08:44pm

For us, it's not just about being Chinese-made. You're right in that it's near impossible to avoid these days, and some of our clients are the big firms with locations in China making these devices we all know and love.

It's the direct connection to the Chinese government, specifically their Nat'l Defense, that is concerning to us. For a local analogy, it would be the difference between buying an American product, owned by a private American company or buying a product owned by a company that's owned by the NSA, or at least highly funded by it. Even that would concern us, but since those companies don't exist (as far as we know), we don't have to worry about it.

Undisclosed #5

In reply to Undisclosed Integrator #3 | 09/17/16 09:35am

I think you miss the point. Hikvision NVRs, IP cameras, DVRs, and any network device present a possible ingress point into a network. Their own lack of security and easy hack ability led to the Bitcoin miner hacks a couple years ago. China has somewhat of a record with state sponsored corporate espionage. Since Hikvision is 40% owned by the government it seems like a logical step.

In the US some people worry about our healthcare system being run by the government, the NSA, and any number of other items. Imagine how you would feel if the NVR and camera manufacturers in your data center were 40% owned by the US NSA.

Whether there IS a back door or not isn't as relevant as whether there COULD be a back door. The motivation is certainly there. After all how many years did it take Axis to discover their recent vulnerability? And that was something that wasn't intentionally hidden.

Undisclosed #8

IPVMU Certified | In reply to Undisclosed #5 | 09/17/16 09:46am

After all how many years did it take Axis to discover their recent vulnerability?

Though that was a 'front-door' exploit, so it doesn't give any obvious signs to its existence.

A backdoor exploit would typically have to try and connect at some point to an outside server. Which you could trap for.

Undisclosed Manufacturer #13

In reply to Undisclosed #8 | 09/17/16 01:39pm

Of course, that assumes it needs to communicate today. All those devices have clocks and typically time server connections.

Perhaps, this batch of code becomes apparent and active on a certain date in the future, like a terrorist sleeper cell?

I could write faster if my tin foil hat would stop slipping, but you never know.

Jon Dillabaugh

Pro Focus LLC
In reply to Undisclosed Manufacturer #13 | 09/17/16 01:41pm

But the code would still be present today, timer or not.

Undisclosed #8

IPVMU Certified | In reply to Jon Dillabaugh | 09/17/16 02:27pm

That's true, but UM13 is responding to my statement that backdoors give off evidence by attempting network connections.

So he is saying that the code would be on a timer. He is correct this would make detection harder, but it also limits the usefulness of the exploit.

A backdoor who waits more than a couple years before activiating stands a good chance of not ever getting activated.

Maybe thats the reason for the 5 yr warranty? ;)

Marty Calhoun

IPVMU Certified | In reply to Undisclosed #5 | 09/17/16 04:44pm

HikVision is the only NVR/DVR or Camera manufacturer that spit out spam or can be accessed for nefarious reasons.

Nevermind the 200+ other electronic systems manufacturers, they are not to be mentioned, no way they could be exploited, right? HikVision is the ONLY one that would, could, should create software for shakedown reasons and the only reason is that the Chinese government apparently has a piece of the action.

AXIS- No way/ Panasonic-never/Samsung-Nope/Pelco-NO/Sony-No way/Longsee-?

If someone (and there is plenty of takers) claim that HIKVISION is completely up to no good, investigate all of them, all of the major players, hire a cyber security outfit and prove HIKVISION is the bad guy and all other are squeaky clean.

Undisclosed #14

In reply to Marty Calhoun | 09/17/16 04:53pm

Agree,

at least HIK hired

US-based security data and analytics company, Rapid7

and got a good report

Did other manufacturers do the same?

Undisclosed Integrator #21

In reply to Undisclosed #14 | 09/19/16 04:05pm

"at least HIK hired.... US-based security data and analytics company, Rapid7.. and got a good report"

Kind of like how the sub-prime mortgage industry in mid 2000's hired the ratings industry to rate them...? (While you are rating me, remember I pay you.)

Undisclosed #14

In reply to Undisclosed Integrator #21 | 09/19/16 05:09pm

I can bet if HIK would be charging 2 or 3 times more for their product

we would not have this discussion

so the ? is

Is this about Pricing or China? :)

Undisclosed #8

IPVMU Certified | In reply to Undisclosed #14 | 09/19/16 05:16pm

I can bet if HIK was made in the USA

we would not have this discussion

so the ? is

Is this about China or Pricing? :)

Undisclosed Distributor #20

In reply to Undisclosed #8 | 09/19/16 05:42pm

It's about both. When American consumers lower their standards SO FAR that they'd rather buy disposable electronics (when they break in 9 months just buy a new one, China is cheap! Fill our landfills with their junk!) for the lowest price, they expose themselves to security risks.

The US Government allows this to happen, and allows Hikvision to operate ON OUR SOIL, and American consumers think it's just "competition" or "capitalism", well it's not- the free market is manipulated by these people (Chinese government giving Hik $3Billion, with a 'B') and the American citizens are going to pay the highest price when all is said and done (when you're speaking Chinese).

Show me one consumer electronics device that isn't made in the east? One that actually gets any use in any volume? We should all be writing our state representatives and get them up in arms about this. Who knows, maybe they'll subsidize American manufacturing the way China supports their own manufacturing. I'm pretty sure we have a lot of people who need proper jobs.

At least UNV is American owned, and has no plans to open up shop on our soil. It's as close as we can get to an American made product at this point in time.

I'm shocked that anyone still sells Hikvision to be 100% honest, but I'm even more shocked at how careless and neglectful our society is.

Jon Dillabaugh

Pro Focus LLC
In reply to Undisclosed Distributor #20 | 09/19/16 05:45pm

Except that Hik isn't junk. It's more reliable than most others I've sold. They also have longer warranties than your 90 day timeframe. In fact, up to 5 years, depending on your level of purchasing power. So they won't be in landfills either. But don't let facts get in the way of your disdain.

Undisclosed Distributor #20

In reply to Jon Dillabaugh | 09/19/16 05:54pm

Says the guy that's in bed with Hik. You have to pay a lot for those 5 year warranties. We used to sell a TON of Hikvision, but there's a reason why we don't anymore... integrity.

Undisclosed #14

In reply to Undisclosed Distributor #20 | 09/19/16 06:11pm

What do you call "a lot"?

Undisclosed #8

IPVMU Certified | In reply to Undisclosed Distributor #20 | 09/19/16 05:56pm

At least UNV is American owned, and has no plans to open up shop on our soil. It's as close as we can get to an American made product at this point in time.

UNV is owned by a US fund, but it is located in China, manufactures in China, sells in China and managed by the Chinese.

Hopefully we can get 'closer' than that.

Undisclosed #14

In reply to Undisclosed #8 | 09/19/16 05:53pm

I see,

it's about China,Pricing, and jobs in the USA :)

HIK makes cameras in the USA with Chinese firmware

Right?

Here is another wild theory

Network Printers and scanners made in China will email/transfer all documents

sound scary?

John Honovich

IPVM | In reply to Undisclosed #14 | 09/19/16 06:10pm

HIK makes cameras in the USA with Chinese firmware

Hikvision has never claimed to make / manufacturer cameras in the USA. Where are you getting this from?

Undisclosed #14

In reply to John Honovich | 09/19/16 06:14pm

I was responding to UD8 as joke

Undisclosed Distributor #20

In reply to Undisclosed #14 | 09/19/16 06:23pm

They're not branded as "Security" devices. And yes it sounds scary. We should be making things in America.

Undisclosed #14

In reply to Undisclosed Distributor #20 | 09/19/16 06:29pm

"We should be making things in America."

Please post when you start :)

John Honovich

IPVM | In reply to Marty Calhoun | 09/17/16 07:41pm

Marty,

Do you plan to disclose to your customers that the Hikvision products you sell are made by a company owned by the Chinese government?

Undisclosed #14

In reply to John Honovich | 09/17/16 08:00pm

JH, I have idea for you

Ask local integrator (decent size) to go on sales call with them

see for yourself if companies care or not about HIK situation

maybe you can help them to close a deal...seriously.

I would suggest 4-5 appointments at least

What do you think?

Undisclosed Manufacturer #2

In reply to Undisclosed #14 | 09/17/16 08:27pm

MANY integrators have no idea as to the Hikvision story, much less the end-users. To-date, my anti-HIK pitch hasn't failed me yet when delivered to any non trunk-slammer integrator with a backbone and/or common sense.

To that end, it is evident that ADI, too, has only recently come to their senses about the monster they've helped create in HIK, shifting stock levels dramatically and moving competing brands to their endcaps.

John Honovich

IPVM | In reply to Undisclosed #14 | 09/17/16 09:31pm

I think you understand that IPVM does not 'help' 'close a deal' on a 'sales call', for any manufacturer, for or against.

But 14, what I think you are getting at is this proposition:

None or almost no security end users care about Hik being owned by the Chinese government.

And I believe your implication is that the 'HIK situation' will have no impact on sales.

I think there will be a significant amount of US buyers, especially as you go to larger accounts, that will outright reject or put Hikvision under far more scrutiny once knowing the 'HIK situation'.

So far this year we have numerous reports from end users, integrators and consultants who will not use Hikvision because of their government ownership. I think it's a real factor.

The bigger questions are: How what percentage of buyers will this really matter? How much more reporting of the 'HIK situation' will occur? What will Hikvision do to counter this? How aggressive will competitors, like U2, be in using the government ownership as a counter?

John Day

In reply to Undisclosed Integrator #3 | 09/19/16 09:20pm

There was a news story earlier this year about IP cameras that were infected with malware that allowed them to be used for distributed denial of service attacks on web sites... Often US government websites. The article stated that some of the attacks a used up to 25,000 cameras. Some times the unsecured web site is not the target - just a means to attack someone else.

Jon Dillabaugh

Pro Focus LLC
In reply to John Day | 09/19/16 10:28pm

That's why you restrict the outbound traffic on the network.

Undisclosed #23

In reply to Jon Dillabaugh | 09/19/16 11:30pm

If you restrict outbound traffic on the network, how do you remotely monitor the system?

Jon Dillabaugh

Pro Focus LLC
In reply to Undisclosed #23 | 09/19/16 11:53pm

Read my posts above. You put two NICs in the server. One in the restricted VLAN and one outside. You can VPN or remote into the server thru the less restricted NIC

Undisclosed #14

In reply to Jon Dillabaugh | 09/19/16 11:58pm

I am surprised how many people do not understand concept of using 2 NIC

in the server

Undisclosed #23

In reply to Jon Dillabaugh | 09/20/16 12:30am

You put two NICs in the server.

you Always use server with dual NICs? What server manufacturer? Never single NIC embedded recorder, even for small jobs?

Jon Dillabaugh

Pro Focus LLC
In reply to Undisclosed #23 | 09/20/16 12:32am

Not EVERY single install, no. But any that are sensitive either get a separate network entirely or a multi-homed server.

Undisclosed #8

IPVMU Certified | In reply to Undisclosed #23 | 09/20/16 12:35am

Never single NIC embedded recorder, even for small jobs?

The ones with POE usually are multi-homed anyway, no?

Jon Dillabaugh

Pro Focus LLC
In reply to Undisclosed #8 | 09/20/16 02:00am

The caveat here is the NVR could be infected, just as an IP cam, if the same brand.

Undisclosed #8

IPVMU Certified | In reply to Jon Dillabaugh | 09/20/16 02:33am

Agreed.

That's how I tried to corner you, but you were too clever :)

Though I believe that as cheap as Hikua cameras are relative to the west, dvrs and nvrs are even a better value vs the west.

Undisclosed Manufacturer #13

09/17/16 04:43am

I'm not so much a conspiracy theorist but there are always possibilities.

How about 10 million devices doing a continuous storm across the known gateway address? Would that create some issues on government, banking, retail, home networks?

Let's say Black Friday? Let's face it, DMV is slow enough!

Snooping is an issue, mapping a network and sending that info is another, Denial of Service is something else and finally becoming a tool to pass malicious code can be a problem.

How many have to happen at once?

As a side note, why????

https://www.washingtonpost.com/world/china-bars-top-us-technology-firms-from-government-list/2015/02/26/ebd4282c-bda1-11e4-9dfb-03366e719af8_story.html

John Honovich

IPVM | 09/17/16 07:59am

The Australian has run an article, "China funded Hikvision’s CCTV with eyes across globe"

I am quoted in it (as I was interviewed for the original Times story). One error was made in quoting me as saying "Lots of consultants in the US won’t sell it". Obviously consultants specify, not sell. I have asked the Australian / Times to correct that.

Undisclosed Manufacturer #2

09/17/16 08:15pm

Undisclosed Manufacturer #15

09/18/16 06:49am

Also Corriere Della Sera in Italy has picked up the story.

Undisclosed #8

IPVMU Certified | In reply to Undisclosed Manufacturer #15 | 09/18/16 07:21am

The Chinese government, however, did not take well the prevarication and gave order to write to the agency Xinhua that the British are 'sinofobici ".

Sinofobici: you might think as in S.O.B., but more like China-phobic.

Undisclosed Integrator #3

09/18/16 11:56am

Just saw "Snowden" at the movies. As for all this paranoia about red's under the bed with Hikvision. I think that horse has already bolted with the NSA on its back. If and its only an if, the Chinese government are planning some covert hacking operation they may actually catch up to what the NSA has been doing for years.

Michael Miller

In reply to Undisclosed Integrator #3 | 09/18/16 01:35pm

U3 Integrator.... If you enjoyed "snowden" you should really watch the Zero Days documentary. Everyone should watch this.

Ricardo Souza

IndigoVision Ltd
IPVMU Certified | In reply to Michael Miller | 09/22/16 09:00pm

I would also recommend the CYBERWARS series recently release by Viceland.

Undisclosed Manufacturer #1

In reply to Ricardo Souza | 09/23/16 08:21am

I would also recommend Amazon Instant Prime's documentary series ....Mr Robot - the Chinese are up to something!

Samantha Bamford

09/18/16 09:46pm

Amazing!

Undisclosed Manufacturer #16

09/19/16 10:54am

Maybe this is a not just about MI6, spying loop holes or a communist invasion but instead this debate comes on the back of a UK Govt agreement with China over nuclear power. Maybe this is a about economics, trade agreements and the fact that cheap products are being sold at below cost to undercut and destroy European, US and Japanese companies that employ moral business ethics and protect workers rights etc

Maybe its fair enough we support private enterprise in China without too many restrictions but when that enterprise itself 'is' the countries own government and that company 'is' directly related to 'Security' then the free market rules can no longer apply and government control and regulation is required to protect local business and commercial interests, as well as security and safety.

In any other industries the same would apply - if the Chinese government flooded the market with cheap PCs or cars and distributors, dealerships and consumers stopped buying Dell and Ford - I am certain questions would need to asked at a Federal level. In fact these regulations are probably already in place.

And as part of this debate maybe it is about time we start applying regulation to ensure security equipment meets agreed standards for certain applications - such as Police, Rail, Ports etc irrelevant of the country of manufacture. We don't really care what people put in their house or local gas stations but it seems the UK they put this equipment in areas related to their critical infrastructure.

Thomas Marino

In reply to Undisclosed Manufacturer #16 | 09/19/16 12:43pm

Very true,

Make no mistake China goal is to increase its military might. They understand that America's military might is a byproduct of its economic prowess. That is the whole point of their "economic espionage" initiative , steal trade secrets, build up the economy, build up the military. It all goes hand in hand. China wants to be the most power nation in the world, and they are using communism as its advantage.

Undisclosed Manufacturer #24

In reply to Undisclosed Manufacturer #16 | 09/20/16 03:49am

Agree with all points except one.Have you seen a Chinese car anywhere outside China! There is no fear, they are crap and won't pass a crash test! Branded VW in China has two versions, local made, or imported, imported twice the price, twice the quality! simple maths.

Electric battery taxi in China crashed and caught on fire, killed the people inside. BYD at their best! regulations and testing is in so much as you find problem we fix it later.

Shame goverment import tax is so high, Chinese people would like western cars, they care about their children safety as much as the next person, all these great brands, US and Europe are high quality cars could sell well here, but they don't want that do they. Not the people in power anyhow.

Undisclosed Manufacturer #17

09/19/16 12:44pm

Would like to see Washington Post or NY Times, WSJ get involved in the conversation or a major network news channel.

Undisclosed Manufacturer #1

09/19/16 01:29pm

http://www.ibtimes.co.uk/chinese-supply-cctv-cameras-britain-sparks-security-concerns-1581595

Undisclosed End User #18

09/19/16 02:18pm

Are the same checks and balances - or lack of - applied to their network equipment Companies like Hauwei are global giants as well

Undisclosed Manufacturer #16

In reply to Undisclosed End User #18 | 09/19/16 03:03pm

Huawei tech is scrutinized by the UK govt - GCHQ: http://www.bbc.co.uk/news/technology-25417332

It seems that rules are applied when it comes to Huawei and other Chinese companies, which have been subject to anti-dumping investigations - the case was dropped against Huawei in return for a favourable trade agreement: http://www.theguardian.com/politics/2013/dec/02/david-cameron-china-advocate-western-world

The deal struck between UK and Huawei means they will invest £1.3bn into the UK economy: https://www.gov.uk/government/news/trade-and-investment-minister-works-towards-deeper-trading-relationship-with-hong-kong-and-china

And effectively Huawei are banned from the US market: http://www.latimes.com/business/hiltzik/la-fi-hiltzik-20141207-column.html

Undisclosed Manufacturer #1

09/19/16 03:09pm

I would think The Times approached Dahua and other Chinese brands for comment before the release of the article on Friday morning, hence Dahua's strong denial coming out days beforehand.

While I'm really glad it's happened - I do think it was unfairly focused on Hikvision. If The US government can approach Apple and request them to undertake underhand things then I can only imagine what is going on in China between these other brands and the government there with the human rights record they have, and the threat of 'escalation'.

I strongly expect that now the focus has been placed here then the other brands (Dahua, UNV etc.) will get a name-check in subsequent follow-up pieces.

John Honovich

IPVM | In reply to Undisclosed Manufacturer #1 | 09/19/16 03:37pm

hence Dahua's strong denial coming out days beforehand.

From speaking with Dahua at ASIS, I did not get that impression at all. Dahua did not deny it as much as listed not being owned as one of their differentiators.

I strongly expect that now the focus has been placed here then the other brands (Dahua, UNV etc.) will get a name-check in subsequent follow-up pieces.

The case for Dahua and UNV are a lot tougher (especially UNV who is owned by American company Bain). Being a large company in China, I would expect some ties, but nothing like the depth of Hikvision, which is on its own level for video surveillance manufacturers.

Undisclosed Distributor #20

In reply to Undisclosed Manufacturer #1 | 09/19/16 05:08pm

Difference between Dahua and UNV is that Dahua was started by Mr. Fu as a private company that went public on a Chinese exchange(I believe this was the decline of DH's quality control).

UNV was also a private company, a division of Huawei/3COM that went independent and was purchased, over 90%, by Bain Capital- an American company.

So I don't think the comparison is unfair at all. Hikvision is actually controlled by the government, they own the largest stake in the company. They don't own Dahua and UNV.

Undisclosed #25

09/20/16 04:58am

For those of you (like Jon) who think their understanding of networking protocols and security can actually protect against interested governments from snooping on their stuff, please read the excerpt below.... it refers to the work of Tsutomo Shimomura (whom you might remember was the one who helped the feds track down Kevin Mitnick in 1995 after Mitnick hacked into his personal machine). His work has been funded by both the US Air Force and the NSA.

This archived post (excerpted below) was dated 1996 - 20 years ago.

Tsutomu's stealth version of the Berkeley packet filter did a lot more
than modload into the kernel.  He was paid by the Air Force to design one
that could patch itself into SunOS kernels invisibly, even into kernels
with no modload support at all.  It had special code that would search
through the kernel binary for references to the address of the Ethernet
chip, and patch itself in during the very low level interrupt handling.
It was highly optimized so it wouldn't show up by loading down the
machine, and it did things like decrement the interrupt counter so that
even the extra interrupts caused by running the Ethernet chip in 'receive
every packet on the wire' mode wouldn't be visible.  He talked about
enhancements that would automatically forward packets of interest back
out onto the Internet, so the whole shebang would hide in kernel memory,
never visible to users, never running any processes or altering any files.
Think of it as Digital Telephony wiretap technology for the Internet.

The idea was to design something that you could run on a machine without
the owner ever finding out about it.  To break into that person's network.
It's a tool customized for crackers.  It's one of the tools that Mitnick
was after when he broke into Tsutomu's machine.

Undisclosed #8

IPVMU Certified | In reply to Undisclosed #25 | 09/20/16 05:24am

25,

Jon has a firewall, so

You can't get in to install the stealth bpf
You can't get the data out from the stealth bpf, even if it was installed.

Btw, the stealth bpf isn't really that stealthy, although it may hide its activities from the kernel, it can't hide the packets it puts on the network, so is easily discoverable.

Undisclosed #25

In reply to Undisclosed #8 | 09/20/16 05:33am

Of course, you are correct.

My point is not that Shimomura's piece of work can not be discovered and blocked by firewalls... It is that governments have long been interested in being able to surreptitiously enter protected devices and networks - and that 1996 was most certainly not the end of those efforts.

Jon Dillabaugh

Pro Focus LLC
In reply to Undisclosed #25 | 09/20/16 10:21am

You are making my point for me. Your assertion proves that it is more likely that ALL devices, not just Hikvision or Chinese in general, are to be assumed to have some sort of nefarious code built in. If we start with that assumption, and you create your networks around that working assumption, then any exploits found afterwards aren't likely to be as damaging. You had thought ahead and kept the offending equipment at bay all along.

Therfore, the brand you buy matters very little, in as much as it performs as needed. You don't have to be overly concerned each time an Axis exploit is dangled over the heads of every IT dept like blackmail.

Now, that said, there is one place where people are truly at risk. That is at the viewing stations or mobile devices. The apps ran there ARE more likely to be targeted and much more difficult to harden. If you really want to nail Hikvision on SOMETHING, go after the software apps. The whole China Xcode exploit fiasco is MUCH more problematic than a camera trying to mine bitcoins.

Undisclosed Manufacturer #1

09/20/16 06:04pm

Genuine Question

If the others - UNV & Dahua - are 'clean' ...how are they managing to match keep pace and match Hikvision's pricing levels?

Depending on the answer; 2nd question - are they sustainable long-term businesses if they don't have access to the same government funding?

NOTICE: This comment has been moved to its own discussion: How Are Dahua And UNV Managing To Match Keep Pace And Match Hikvision's Pricing Levels?

Undisclosed #23

10/05/16 12:03pm

Hikvision UK GM has conducted an interview with a UK trade magazine denying control by the Chinese government.

We will do a full post in a few days but wanted to reference it here for those interested right away.

Read this IPVM report for free.

This article is part of IPVM's 6,730 reports, 908 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.