Officials in the United States have become increasingly concerned about the security of Chinese-made surveillance cameras used to watch the streets of Memphis and the U.S. Army, and placed in homes and businesses throughout the country.
Hangzhou Hikvision Digital Technology, which is 42%-owned by the Chinese government, was originally started by Beijing to keep an “eye in the sky” on its 1.4 billion citizens, and since then, the company has become the world’s largest maker of surveillance cameras.
But after the Department of Homeland Security noticed a cybersecurity lapse, they’ve been concerned about the company. Hikvision’s rapid rise and its ties to the Chinese government are also adding to fears regarding their intentions.
“The fact that it’s at a U.S. military installation and was in a very sensitive U.S. embassy is stunning,” says Carolyn Bartholomew, chairwoman of the U.S.-China Economic and Security Review Commission, which was created by Congress to monitor the national-security implications of trade with China. “We shouldn’t presume that there are benign intentions in the use of information-gathering technology that is funded directly or indirectly by the Chinese government.”
Already worried that they could be used by the Chinese to spy on Americans, some security vendors in the U.S. refuse to carry Hikvision cameras, or they place restrictions on their purchase. The General Services Administration, which oversees $66 billion of procurement for the U.S. government, has even removed Hikvision from its list of approved suppliers.
In May, the Department of Homeland Security issued a cybersecurity warning saying some of Hikvision’s cameras contained a loophole which gives hackers easy access.
In response to those concerns, Chief Executive Officer Hu Yangzhong told the Wall Street Journal: “Hikvision is a business. It would be impossible for us to add a backdoor to our cameras, as that would damage our business.”
According to the report, “China has been rolling out new technologies to monitor its people in ways that would unsettle many in the U.S. and the West. Unfettered by privacy concerns or public debate, Beijing’s authoritarian leaders have introduced facial-recognition technology and other surveillance measures in a vast experiment in social engineering. Their goal is to influence behavior and identify lawbreakers.”
Nathan Brubaker, an analyst at U.S. cybersecurity firm FireEye Inc., told the WSJ that the software vulnerabilities identified by the Department of Homeland Security could make those Hikvision cameras prone to a hacking attack.
“Camera security is often poor’’ across the industry, says Marco Herbst, chief executive of Dublin-based Evercam, which develops camera software. “You’re dealing with a device that, in many cases, is sloppily installed with default passwords that are publicly available on the internet.”
Security experts say backdoors that allow outsiders to bypass security protections are often difficult to identify.
The Hikvision flaws identified by the DHS affected more than 200 camera models and potentially tens of millions of shipped devices, estimates John Honovich, editor of IPVM. According to Honovich, they made it possible for outsiders to easily hack into internet-connected Hikvision cameras. Hikvision acknowledged the flaws affected some cameras, but says Honovich’s assertions are “unfounded insinuations and hearsay.”
Hikvision says it cooperated with the DHS to fix the problem and directed customers to a software fix. “This issue did not cause a noticeable impact on Hikvision’s overseas business,” a company spokeswoman says.
For more on this story, click the "read more" button below.