Times Investigates Hikvision's Chinese Government Control

BBC Radio talking about state subsidies for Hikvision cameras, allowing them to keep prices low.

The station is interviewing a series of people including UK security professionals.

This great news prices should drop even lower

I am not sure if you are joking or not. Worse, I actually think you might be right ;)

Heck, our presidential candidates, and we may as well put ourselves in the same "basket of deniables", don't even know or care about even more serious issues.

Try on Net Neutrality for starters.

Just as we have surrendered our surveillance manufacturing to the Chinese state, so too have we surrendered our networks to global corporations with allegiances only to the highest bidders for access and control to all our data.

Sure, because certainly you buying a rebranded version of HIK won't amount to any additional profitability on the part of the communists.

No, the answer is to stop giving them more and more of your money, no matter whose name is on their stuff.

I'm no longer in bed with them, but in my experience the answer is no. The only difference we've noticed between OEM firmware and baseline is that OEM get's less support and is not prioritized.

Bad acting software would likely only be introduced when needed and would be delivered by a firmware update.

Research that shows that 2 manufactures had a) backdoors via their cloud system to remotely access and control cameras, including loading new software and running commands and 2) stored passwords in cleartext.

The 2nd manufacturer I can easily identify from the web browser screenshot. The 1st not sure.

Research document on the backdoors:

http://syssec.kaist.ac.kr/sub0501/articles/view/tableid/news/id/5

English document describing it:

http://english.etnews.com/20150601200002

I know that one manufacturer changed their password policy because of the publicity this created in Asian newspapers, even though it was an unrelated product. The fact that it was an IP camera and their company manufactured IP cameras caused them to make an edict that passwords need to be secured.

How many Hikvision employees are being forced to cancel their accounts today?

At this point, now that it has hit the traditional press, I am not sure what is has to do with IPVM accounts.

We are certainly going to continue to report on this (indeed we have 2 upcoming posts queued up that gets into further details of the government control) but the challenge for Hikvision is now containing something that cannot be contained. It will be interesting to see how they handle this. Anyone with feedback from Hikvision employees, please share.

I will worry about them being able to "phone home" or snoop the LAN.

Yes, we all will.

So you don't care about informing your customers about potential dangers?

Agreed. Why is everyone up in arms over Chinese-made IP cameras when the routers and network switches, computer motherboards, CPUs and literally every item on the planet is produced in China and shipped here. I'd say there's much more risk of network switches with hardware encoded back-doors sending info back to Chinese gov than an IP camera doing it.

Don't forget - that's how the NSA spies on each and every one of us. The NSA doesn't tap every phone on the planet - they just tap the fiber leaving the borders. Way more efficient.

What if HIKvision's success is really just old fashioned greed over profits? That seems the most logical explanation. Someone at HIK is getting paid some serious bonuses for dominating the market and in the process making these clowns from other companies re-think their entire businesses.

I think you miss the point. Hikvision NVRs, IP cameras, DVRs, and any network device present a possible ingress point into a network. Their own lack of security and easy hack ability led to the Bitcoin miner hacks a couple years ago. China has somewhat of a record with state sponsored corporate espionage. Since Hikvision is 40% owned by the government it seems like a logical step.

In the US some people worry about our healthcare system being run by the government, the NSA, and any number of other items. Imagine how you would feel if the NVR and camera manufacturers in your data center were 40% owned by the US NSA.

Whether there IS a back door or not isn't as relevant as whether there COULD be a back door. The motivation is certainly there. After all how many years did it take Axis to discover their recent vulnerability? And that was something that wasn't intentionally hidden.

There was a news story earlier this year about IP cameras that were infected with malware that allowed them to be used for distributed denial of service attacks on web sites... Often US government websites. The article stated that some of the attacks a used up to 25,000 cameras. Some times the unsecured web site is not the target - just a means to attack someone else.

The Chinese government, however, did not take well the prevarication and gave order to write to the agency Xinhua that the British are 'sinofobici ".

Sinofobici: you might think as in S.O.B., but more like China-phobic.

Very true,

Make no mistake China goal is to increase its military might. They understand that America's military might is a byproduct of its economic prowess. That is the whole point of their "economic espionage" initiative , steal trade secrets, build up the economy, build up the military. It all goes hand in hand. China wants to be the most power nation in the world, and they are using communism as its advantage.

Huawei tech is scrutinized by the UK govt - GCHQ: http://www.bbc.co.uk/news/technology-25417332

It seems that rules are applied when it comes to Huawei and other Chinese companies, which have been subject to anti-dumping investigations - the case was dropped against Huawei in return for a favourable trade agreement: http://www.theguardian.com/politics/2013/dec/02/david-cameron-china-advocate-western-world

The deal struck between UK and Huawei means they will invest £1.3bn into the UK economy: https://www.gov.uk/government/news/trade-and-investment-minister-works-towards-deeper-trading-relationship-with-hong-kong-and-china

And effectively Huawei are banned from the US market: http://www.latimes.com/business/hiltzik/la-fi-hiltzik-20141207-column.html

hence Dahua's strong denial coming out days beforehand.

From speaking with Dahua at ASIS, I did not get that impression at all. Dahua did not deny it as much as listed not being owned as one of their differentiators.

I strongly expect that now the focus has been placed here then the other brands (Dahua, UNV etc.) will get a name-check in subsequent follow-up pieces.

The case for Dahua and UNV are a lot tougher (especially UNV who is owned by American company Bain). Being a large company in China, I would expect some ties, but nothing like the depth of Hikvision, which is on its own level for video surveillance manufacturers.