WSJ Investigates Hikvision

They are most likely thinking that now that this is an 'event' there will be more investigative information and at the end of the day someone will most assuredly look silly when it is determined that Hikvision had no 'ulterior motives' in mind and all of the cyber-security problems are no different than any other company may have that produces millions of cameras and like products across the world.

I want to know if the GSA is holding the contractor who originally listed the products on Schedule 84 accountable. They deliberately lied to the Federal Government asserting the product was Made in the USA (implying that they were refurbished is a stretch anyway you put it). To be clear, this isn't a "left/right" issue, its the "legal" standing of China. It's not considered a MFN (Most Favored Nation) and the law is clear that the use of Chinese made products (unless substantially transformed in the US) is against procurement code. 

Clearly, this is only the tip of the iceberg. As many people may not know, the GSA is an acceptable procurement mechanism for multiple state and local governmental entities. In Jurisdictions where they require "open" procurement, you cannot buy off of the schedule, however, that is not the norm. Most locales can purchase off of GSA. So, the implication in that is there may be many 1000s more of their products in SLED (State Local / Educational) locations. That's disconcerting to say the least.

IT would behoove the GSA to send out a note, pursuant to their cancellation, to all parties that have purchased or implemented this solution.

You need to turn in your license if you are buying and selling/installing this junk!

You mean to tell me IPVM is actually on to something with all of this silly HikVision bashing? (Bring on the Unhelpful votes) Honestly, IPVM should get some kind of vindication here. The Govt ownership and much worse than avg security record is a legitimate concern. Good job guys for sticking to your guns.

Note: The WSJ Hikvision article also ran in its China edition, in Chinese.

Not because of this article but a new hospital we just took over was instructed to remove all Hikvision camera from the network after an "issue" they had last week. The head of security told me today to come up with a plan to replace all the Hikvision cameras on the network which came down from IT. 

I can see how the Hikvision ownership structure can be alarming to people. That and combined with their cyber security problems they have had recently.

Their is some fear that the back door was intentional which raises some concern. But this is where good common sense should come into play. Here are my rhetorical questions that I would ask the concerned person:

- If they really wanted an intentional backdoor, why wouldn't they put it in the DVR's which would have made way more of an impact. Instead, the "backdoor" was on cameras, specifically cameras that were port forwarded that had old firmware. While not rare, this is for the most part an unlikely scenario. Nothing like the Dahua Hack-a-thon that happened recently.
- As far as the Chinese peaking in on you. Do you really think the chinese govt cares about what you are doing at your house or business. Do you think they have the time to spy in on you to see whether you are mowing your lawn or picking your boogers? What intel can they gather from your boogers? 
- If you are concerned about the chinese using the devices as botnets, I again refer back to my first question.

Admittedly, I think Hikvision makes a great product but they simply put cyber security as a very low priority in previous months/years. Matter of fact, I think alot of Chinese manufacturers think this way. Its just until recently that they have woken up to the fact that cyber security is important. However, I dont think anything is intentional. 

Nonetheless, Hikvision will definetely need to respond to this WSJ article. Silence will simply raise more concern. I can understand Hikvision calling IPVM silly, but you cant do this with the WSJ. This is where a good Americanized crisis writer/press relations comes in. I think they need to respond in a humble way, admitting their mistakes. I fear the humble tone may be a difficult move for Hikvision as they put alot of pride in their work and admitting mistakes is not their forte. Nonetheless, it needs to be done. They need to admit their mistakes then inform what has already been done to take care of the issues and what is in the works to continue to make their products secure and inform that cyber security is a much higher priority than it has been in the past. Wording all this properly is where a good press relations person comes into play. If you can word this well and let everyone know you are making the most secure product on the planet, this will blow away in no time.

Also this should go without saying, but multiple comments in reply to Sean were ad hominem attacks, which are also not going to be tolerated. 

Update (and appended to the original report):

On November 14, 2017, Hikvision emailed to dealers a 'Special Bulletin' Update on Wall Street Journal Article:

The most notable element of the response is how they lead with their government ownership, revealing that they see that as the most significant issue. Unfortunately for their dealers, Hikvision tricks them saying:

Hikvision is completely transparent about its ownership structure and as of June 30, 2017 had less than 42% of its shares owned by a state-owned enterprise (SOE), with the rest of the stockholders being venture capitalists,

They are completely misleading. If they wanted to be transparent, they would acknowledge that those 'shares owned by a SOE' are in fact their controlling shareholder, as their own financials do disclose:

I'll say one thing about these threads, it does my OCD reading no good.

What is truly amazing is how long this took to catch on. Not long ago China used to be Called Red China. Why? because they are a Communist regime. They are not our friends never have been yet we continue to buy products from a brutal totalitarian regime that has killed 40 million plus of its own people through the purges of Mao and now has become this Frankenstein due to all the money pouring in from the USA and other countries. They flex there military might in the South China sea, build artificial islands to expand there military reach, threaten neighbors such as Vietnam and the Philippines yet you buy from them....because they are cheap.

Maybe the ignorant masses need to study history a bit more and look at the current geo political atmosphere and try to comprehend what the Chinese communists are all about before sending Dollars to them.

Maybe some day people will wake from the slumber they are in but I doubt it because the either don't know or don't care where they are sending there money to. Maybe when an end user gets hacked and sensitive info is stolen and they sue the company that installed the equipment, Dealers might wake up.