Just how secure are Hikvision cameras?

With Alarming cybersecurity stories now an alarmingly common feature in our newspapers, it’s more important than ever to make sure that your security systems are robust. The advent of always-connected IP cameras means that CCTV is no longer a standalone device cut off from the outside world, and can now be used as a potential vector for hacking and cyber attacks. Ironically, this means that any equipment with vulnerabilities can turn your security system into a security risk. All of this isn’t to say that you should avoid all of the potential benefits of IP systems, it just means that you should take care to make sure your equipment is from a responsible manufacturer that follows best practices.

So how secure are Hikvision cameras?

As the largest manufacturer of surveillance equipment on the planet, Hikvision’s security credentials have justifiably come under a lot of scrutiny. Some of the stories being posted, however – unsurprisingly by blogs linked to their American competitors – seem to be just be unjustified paranoia. The fact is, despite their huge slice of the CCTV market, Hikvision have one of the best records in the industry for preventing security vulnerabilities, and publicising them transparently when they do occur.  This can easily be checked by referencing the CVE list, and international register of all known cybersecurity vulnerabilities – searching for results from Hikvision compared to their competitors is quite illuminating.

Trusted by the industry

As something of a vote of confidence from security authorities, last month Hikvision was designated as a CVE Numbering Authority (CNA). This status, also held by internationally recognised brands such as Adobe, Apple and Google, allows Hikvision to add potential vulnerabilities found in their equipment to the CVE list without needing them to be cross checked by a third party. This designation is only provided to companies who have a proven track record of transparently and effectively resolving issues.

 

Bin Wang, Chief Officer for Hikvision’s Network Security Department, explained – “We are honoured to become a CNA and will keep collaborating with MITRE, to deal with potential security vulnerabilities in a timely and efficient manner. The CNA appointment will help iron out the creases in the information exchanges between security researchers and security solution providers. This will result in end users enjoying meaningful and timely assistance with tackling cyber security issues.“

Keeping things up to date

There is another really important aspect to IP security. When vulnerabilities are found, Hikvision need to be able to identify them and issue firmware patches to quickly fix them. This becomes a problem when installers are using grey market Hikvision cameras and recorders sourced cheaply from sellers based in China. These devices only ship with Chinese language menus and settings, so buyers usually have to resort to installing unauthorised third-party firmware to use them in the UK, which prevents them from being able to use these important security updates. Even if the cameras are returned to factory defaults, Hikvision will often then detect they are being used in the wrong region, and remotely brick them, making them unusable.  This is yet another reason why it’s so important to make sure you only source cameras from an authorised UK Distributor, like SpyCameraCCTV.