Hikvision Europe Warns Of "A Wave of Cyberattacks"
Following on from our email release on 17 March 2017, please take note of the following Hikvision Security Advisory update. These only effect cameras manufactured before 17 March 2017.
Originally published by John Honovich from IPVM - Published September 28, 2017
Hikvision Europe has issued a "Hikvision Security Advisory" press release and emailed an e-newsletter with the advisory at the very top:
Early in March, Hikvision was made aware of a vulnerability in certain IP cameras. We released a firmware update that resolves the issue. Please see the following release for detailed information on which cameras are affected and the links to the firmware update for each.
Recently, there has been a wave of cyberattacks. Updating all systems is an effective way to prevent your equipment from being vulnerable to cyberattacks. We have provided the solution and we urge all our partners and users to ensure that the firmware update is being applied to all the products. Thereby you can be sure that you are not affected.
Hikvision takes cybersecurity concerns with the utmost seriousness and takes action everyday to ensure that our products are not only innovative, but they meet the highest standards of cybersecurity best practices.
Please check the above link and make sure that all cameras are running on the latest firmware. More information on the vulnerability and our resolution efforts can be found here.
Hikvision Europe also urged users to upgrade their IP camera firmware to remove the Hikvision backdoor.
Wave Certainly
They are certainly correct to refer to it as a 'wave of cyberattacks' as the hacks on video surveillance products this month have been far more broad and severe than ever before.
Dahua Mostly Hit
Ironically, this wave has overwhelmingly hit Dahua recorders (see Hackers Globally Attacking Dahua Recorders), not Hikvision devices, as Dahua has numerous cybersecurity vulnerabilities (e.g., Dahua's backdoor) of their own, including issues with their recorders that are more commonly made publicly accessible than IP cameras.
Hikvision IP Cameras Certainly At Risk
At the same time, Hikvision IP cameras (and their numerous OEMs who we have verified), face risk as well. In September 2017, full disclosure was made to Hikvision backdoor, showing how easy it was for hackers to attack vulnerable Hikvision IP cameras.
Right Thing To Do
To that end, Hikvision Europe is certainly doing the right thing to make it clear to their customers and partners that this is a real risk and real attacks are occurring. Moreover, Hikvision Europe deserves respect for prominently sending out notice, rather than obscuring it.
Hikvision Better Response Than Dahua
Hikvision Europe's response to the Dahua driven wave of cyber attacks has been better than Dahua's own. Dahua's only public communication to date was a press release that buried the hacks in spin about launching latest cybersecurity initiatives. This is a positive for Hikvision but only reinforces how poor Dahua's response has been.
Communicating Risks Clearly Is Critical
Manufacturers not only have a responsibility to clearly and prominently communicate risks but they also will benefit by rebuilding trust by being more forthright.