*** **** ****** * variety ** ****** *** problems *** *********, **** of ***** **** ***** reported **, *********:
Genetec **** *** **** ****
*** *** ******* ******** a ***** **** *******'* CEO, *** ******* *********** ***** ** *********, ** *** ******* down, ****** ****:
******* **** ******* **** by “********* ***** ** controlled ** *** ******* government” *** “*******’* ********** for ********** **************” *** him ** ******* *** waiver.
********* ****** *********, "******* Hikvision **** ********* ** simply ********** *** ********** unfounded", ******, ** * step *******, ********* *** not **** ***** ***** or ********** ** *** Chinese **********.
Government *** ******** *** ** ***
********* ******* ** *********** defense **** ********** ****** the *******, *** ******* government ******* *********'* ********. Hikvision **** *** ***:
***** ****, * ********* vice *********, **** **** [Hikvision ********** **********] *** no **** ** *********’* day-to-day **********.
**** ** ********* **********. The ******* ********** ********* has ****** ******** ** the **** ** *********'* IFSEC *****, *** ** ***** of ***** **** ******* or *** **** ********* will **** ***** ****** at *** **** ****. However, ***-**-*** ********* ** far **** ********* **** the **** *** ******* government *** ** *********** Hikvision's ******** *** ******** ** the ******* **********.
Memphis ****** ******* *********
*** **** ********* ** Hikvision ** *** *** article *** ********** ****** Patty ** ** ********** ****** **********. ***** ********** *** benefits ** ***** ************ cameras, ********** ****** *******. The *** **** ***** the **** **** ** the *******, **********:
** **** *** **** started ***** *** ******* long ****** ******** ***** hacking **** **** ****. The ********** **** * decentralized ******* ***** ******* aren’t ********* ** *** police ********* ********, ** says.
“** *** *** ** the ***, **** *** the **. * ****** manufacturer ** *** *****,” says **. *****. “**** make * *** ** cameras *** **** ****** use ****, **** ** they ***’* *** ********* on *** *******.”
Negative *** *** ** *** ** ******** ********** ********
*** ******** ** *********'* government ********* ** ************* problems ** *** ********** *** Hikvision. *** **** *****, from *********'* ***********, ** for ******** ** ****** forget ***** ***** ******. To **** ***, *** WSJ *******, ********** ***** the ***'* *****, ** problematic.
** *** ***** ****, the *** **** * balanced ******** **** ******** following ********* *** ***** the *****, ********** **** taking * ****** ****** ******* the *******. *** *******, compared ** ********* ********** *** ********, *** *** *** ** *** less ************ ******* *********.
What ** ****?
**** ******** ********* ************** and *********, **** **** likely ***** ****** *** some ******** *** *********.
**** ** ******* ** what **** ******* ***** next. *** *******, **** or *** **** ***** publications **** **** **** up? *** **** *********** or ********** ********* **** learn **** **** ******* and *** **** *** future *********** ** **********? It ** ********** ** predict *** ********* ***** watching.
***, *** *********, **** need ** ****** *** what ** ** ****. Do **** ****** *** WSJ? ** ********** **** ******** *****? ********* *** **** tough ********* ** ****.
Vote / ****

UPDATE: ********* *** ********
** ******** **, ****, Hikvision ******* ** ******* a'******* ********' ****** ** **** Street ******* *******:

*** **** ******* ******* of *** ******** ** how **** **** **** their ********** *********, ********* that **** *** **** as *** **** *********** issue. ************* *** ***** dealers, ********* ****** **** saying:
********* ** ********** *********** about *** ********* ********* and ** ** **** 30, **** *** **** than **% ** *** shares ***** ** * state-owned ********** (***), **** the **** ** *** stockholders ***** ******* ***********,
**** *** ********** **********. If **** ****** ** be ***********, **** ***** acknowledge **** ***** '****** owned ** * ***' are ** **** ***** controlling ***********, ******* *** ********** ** disclose:

Comments (125)
Brian Karas
This story is on the front page of the Wall Street Journal today, just picked this up on my morning coffee run:
Create New Topic
Undisclosed Manufacturer #1
Stay vigilant, my friends...
Create New Topic
Undisclosed Distributor #2
Dont you think the onus is also on the integrator to secure the network both local & wide area to ensure that the camera or recorder is not exposed to outside threats. I keep reading about Hikvision having backdoors and other weaknesses in their software, this can or could be prevented by securing their network.
Is the an onus also on the integrator to ensure that their installations are also up to date with the latest firmware?
Hikvision's latest firmware has now turned off ONVIF connectivity to further improve their security and this also had negative exposure by IPVM due to Hikvision's lack of notice to the industry. Don't you think that reading the release notes is important when using new firmware!
I work for a distributor that sells Hikvision and I'm not going to sit here defending them, but do some investigating on other products and you will find numerous firmware updates that fix security flaws.
Hikvision make a very good product at a price where everyone has to sell even more to make a profit. I feel that there is a campaign by non Chinese entities to protect their market share. This would be charging extra for camera licensing for Hikvision cameras or continual negative releases by media.
Create New Topic
Sean Nelson
11/13/17 03:06pm
The best way to respond to this is to invest heavily into cyber security with the ultimate goal of making the most secure product on the market. Public disclosure of steps taken to achieve this need to happen swiftly and often.
Create New Topic
Undisclosed Manufacturer #4
Of the 5% who voted postive: Can anybody detail in the comment sections how the impact of this article by WSJ is positive for Hikvision?
I imagine the response will be something along the lines of "any publicity is good publicity"...
Create New Topic
Brian Karas
The Daily Caller has also picked up the WSJ coverage of Hikvision.
Create New Topic
Undisclosed Integrator #5
They are most likely thinking that now that this is an 'event' there will be more investigative information and at the end of the day someone will most assuredly look silly when it is determined that Hikvision had no 'ulterior motives' in mind and all of the cyber-security problems are no different than any other company may have that produces millions of cameras and like products across the world.
Create New Topic
Edward Knoch
I want to know if the GSA is holding the contractor who originally listed the products on Schedule 84 accountable. They deliberately lied to the Federal Government asserting the product was Made in the USA (implying that they were refurbished is a stretch anyway you put it). To be clear, this isn't a "left/right" issue, its the "legal" standing of China. It's not considered a MFN (Most Favored Nation) and the law is clear that the use of Chinese made products (unless substantially transformed in the US) is against procurement code.
Clearly, this is only the tip of the iceberg. As many people may not know, the GSA is an acceptable procurement mechanism for multiple state and local governmental entities. In Jurisdictions where they require "open" procurement, you cannot buy off of the schedule, however, that is not the norm. Most locales can purchase off of GSA. So, the implication in that is there may be many 1000s more of their products in SLED (State Local / Educational) locations. That's disconcerting to say the least.
IT would behoove the GSA to send out a note, pursuant to their cancellation, to all parties that have purchased or implemented this solution.
Create New Topic
Undisclosed Integrator #7
I was contacted by a WSJ intern in Hong Kong about this story a few months ago and I decided not to follow up with them due to a concern for the legitimacy of the call as well as potential negative after effects of being named in an article like this. I still think it was the right choice for my company, but I wish I hadnt in some respects because I havent shied away from criticizing Hik in other publications.
Create New Topic
Undisclosed Integrator #8
Do we have a comprehensive list of cameras with vulnerabilities?
Create New Topic
Undisclosed Integrator #9
You need to turn in your license if you are buying and selling/installing this junk!
Create New Topic
Undisclosed Integrator #12
You mean to tell me IPVM is actually on to something with all of this silly HikVision bashing? (Bring on the Unhelpful votes) Honestly, IPVM should get some kind of vindication here. The Govt ownership and much worse than avg security record is a legitimate concern. Good job guys for sticking to your guns.
Create New Topic
John Honovich
Note: The WSJ Hikvision article also ran in its China edition, in Chinese.
Create New Topic
Michael Miller
Not because of this article but a new hospital we just took over was instructed to remove all Hikvision camera from the network after an "issue" they had last week. The head of security told me today to come up with a plan to replace all the Hikvision cameras on the network which came down from IT.
Create New Topic
Undisclosed Integrator #18
I worked for a company that installed mostly HikVision, across multiple states.
I sold numerous systems as did many other salesmen over the past 3-5 years.
I read a post on LinkedIn that lead me to IPVM, over the summer. One of my customers
asked me to add another camera to a 32 camera NVR. So we installed it on Oct.28th.
The same day IPVM posted an article about the firmware update, he called back with an
issue of not being able to view the new camera on the IVMS. On Halloween we spent
hours reinstalling the software and reloading all user accounts and passwords. It is my
belief that this company will become very concerned about the systems' vulnerabilities.
I read the WSJ last year, every day, from Sep to Nov. I especially read letters to the editor with regards to editorials and story content. Many, many powerful and well connected people care about what is written in that paper. This story will have legs.
Create New Topic
Sean Nelson
11/14/17 04:43pm
I can see how the Hikvision ownership structure can be alarming to people. That and combined with their cyber security problems they have had recently.
Their is some fear that the back door was intentional which raises some concern. But this is where good common sense should come into play. Here are my rhetorical questions that I would ask the concerned person:
- If they really wanted an intentional backdoor, why wouldn't they put it in the DVR's which would have made way more of an impact. Instead, the "backdoor" was on cameras, specifically cameras that were port forwarded that had old firmware. While not rare, this is for the most part an unlikely scenario. Nothing like the Dahua Hack-a-thon that happened recently.
- As far as the Chinese peaking in on you. Do you really think the chinese govt cares about what you are doing at your house or business. Do you think they have the time to spy in on you to see whether you are mowing your lawn or picking your boogers? What intel can they gather from your boogers?
- If you are concerned about the chinese using the devices as botnets, I again refer back to my first question.
Admittedly, I think Hikvision makes a great product but they simply put cyber security as a very low priority in previous months/years. Matter of fact, I think alot of Chinese manufacturers think this way. Its just until recently that they have woken up to the fact that cyber security is important. However, I dont think anything is intentional.
Nonetheless, Hikvision will definetely need to respond to this WSJ article. Silence will simply raise more concern. I can understand Hikvision calling IPVM silly, but you cant do this with the WSJ. This is where a good Americanized crisis writer/press relations comes in. I think they need to respond in a humble way, admitting their mistakes. I fear the humble tone may be a difficult move for Hikvision as they put alot of pride in their work and admitting mistakes is not their forte. Nonetheless, it needs to be done. They need to admit their mistakes then inform what has already been done to take care of the issues and what is in the works to continue to make their products secure and inform that cyber security is a much higher priority than it has been in the past. Wording all this properly is where a good press relations person comes into play. If you can word this well and let everyone know you are making the most secure product on the planet, this will blow away in no time.
Create New Topic
Undisclosed #20
"Paging Chuck Davis.... Chuck. Davis. White courtesy telephone, please."
Where is Chuck?
[IPVM Note: Related: Hikvision Admits Backdoor 'PR Issue']
Create New Topic
Ethan Ace
Also this should go without saying, but multiple comments in reply to Sean were ad hominem attacks, which are also not going to be tolerated.
Create New Topic
Undisclosed #14
One thing I think everyone, on all sides, can agree on here is that this story would not have made front page news if it weren’t for John’s incessant reporting. The article is at least 50% recycled IPVM content with redone graphics.
Only a minor mention to IPVM at the very end of the article seems remiss...
Create New Topic
John Honovich
Update (and appended to the original report):
On November 14, 2017, Hikvision emailed to dealers a 'Special Bulletin' Update on Wall Street Journal Article:
The most notable element of the response is how they lead with their government ownership, revealing that they see that as the most significant issue. Unfortunately for their dealers, Hikvision tricks them saying:
They are completely misleading. If they wanted to be transparent, they would acknowledge that those 'shares owned by a SOE' are in fact their controlling shareholder, as their own financials do disclose:
Create New Topic
Undisclosed Integrator #5
Please offer disclosure of just how many ADDITIONAL companies in CHINA are owned this way so we have a more clear understanding that HIKVISION is by far not the only one 'semi- OWNED by the government.
Capishe?
Create New Topic
Undisclosed Integrator #15
I'll say one thing about these threads, it does my OCD reading no good.
Create New Topic
Michael Miller
More coverage in the press: https://www-washingtonpost-com.cdn.ampproject.org/c/s/www.washingtonpost.com/amphtml/business/economy/years-after-regulatory-crackdown-some-security-cameras-still-open-to-hackers/2017/11/14/b15f8428-c980-11e7-8321-481fd63f174d_story.html
Create New Topic
Undisclosed Manufacturer #22
Wow. This 12 digit string sounds just like the Hik magic string backdoor LINK. Very interesting that Hik and Dahua and TrendNet all have similar backdoors.
Create New Topic
Undisclosed #23
What is truly amazing is how long this took to catch on. Not long ago China used to be Called Red China. Why? because they are a Communist regime. They are not our friends never have been yet we continue to buy products from a brutal totalitarian regime that has killed 40 million plus of its own people through the purges of Mao and now has become this Frankenstein due to all the money pouring in from the USA and other countries. They flex there military might in the South China sea, build artificial islands to expand there military reach, threaten neighbors such as Vietnam and the Philippines yet you buy from them....because they are cheap.
Maybe the ignorant masses need to study history a bit more and look at the current geo political atmosphere and try to comprehend what the Chinese communists are all about before sending Dollars to them.
Maybe some day people will wake from the slumber they are in but I doubt it because the either don't know or don't care where they are sending there money to. Maybe when an end user gets hacked and sensitive info is stolen and they sue the company that installed the equipment, Dealers might wake up.
Create New Topic
Undisclosed Integrator #24
WSJ released a video report on XinJiang, China. WSJ report On 4'39", the video showed the name of the face recognition camera Link to Camera Manufacturer (DeepGlint FoveaCam)
Create New Topic