Potential Risks With Chinese Surveillance Cameras

Recently, the Wall Street Journal published an article about Hikvision and the underlying risks that face the US Government and other organizations when purchasing cameras from them.  As quick background, Hikvision is a Chinese company which is 42% owned by the Chinese government and that's where most of the concern comes from.  To be clear, there are no known exploits or incidents where Hikvision cameras have been used to spy on other countries or entities.

The recent article was prompted by a vulnerability that the US Department of Homeland Security issued a warning about.  This particular vulnerability, that IPVM detailed, exposes a back-door in numerous models of their cameras that can be exploited to gain full access to the camera.  With full-access, anyone can view the feeds of those cameras.  While these vulnerabilities are almost always unknown to the vendor and accidental, it obviously has brought up concerns among government entities and other organizations with sensitive IP.  Some US entities including the General Services Administration (they oversee $66B of procurement for the US government) have removed Hikvision as an approved vendor.

Without even considering potential nefarious activities, the article underscores the importance of camera vendors to use all means possible to ensure the security of their cameras and related hardware.  Given our teams' long history of working for cybersecurity companies (Sophos, Cenzic, and Mojave Networks), we have gone to great lengths to ensure the security of our devices which we have previously written about.

Another question that often comes up from our enterprise customers is where our cameras are made.  All software design and development (cloud, mobile, camera firmware and QA) occurs in the United States.  The hardware is manufactured in Taiwan, but as discussed in this article, we sign all the firmware that goes onto our cameras. This ensures that our firmware alone is running on the cameras, nothing else - eliminating any backdoors.

Cybersecurity is a huge concern for all organizations these days and that's why you'll continue to see numerous updates from us on how we're continually improving our infrastructure to best defend against the latest cybersecurity attacks.