RE: Press concerning Hikvision CyberSecurity

May 15, 2017 Views:267

15th May 2017


Dear Valued Customers,


RE:  Press concerning Hikvision CyberSecurity


In view of recent press concerning Hikvision Cybersecurity we wish to advise as follows:
Hikvision continues to pursue best practices in protecting our products with respect to cybersecurity.


We’re pleased to announce that Hikvision’s successful progress on a privilege-escalating vulnerability has been acknowledged by CERT Australia.  Specifically CERT Australia has recognized that Hikvision released the new firmware to address the user priviliege-escalating vulnerability on the affected camera models.


•    Please review the published notice, Security Notification: Privilege-Escalating Vulnerability in Certain Hikvision IP Cameras, which outlines potential cybersecurity concerns that could arise with specific cameras under certain, fairly uncommon circumstances.  To date, Hikvision is not aware of any reports of malicious activity associated with this vulnerability.

•    Hikvision always recommends a systematic, multi-step approach to enhance cybersecurity protection. To assist customers and partners, Hikvision offers a number of industry-leading cybersecurity resources. Please visit the Hikvision Security Center for more information.

•    We have published “The Hikvision Network Security Hardening Guide”,  a new resource for installers.

•    Hikvision also encourages customers to take CERT Australia’s advice (https://www.cert.gov.au/advice)




Did CERT Australia recommend further enhancements in future firmware upgrades?

•    CERT Australia specifically identified the area of potential concern with regards to the “configuration file”


Under what circumstances is there a concern with the configuration file? How will Hikvision address this concern?


•    The configuration file is encrypted and is therefore not readable, and protects users’ credentials. Also, the configuration file can only be exported by the admin account. Hikvision appreciates CERT Australia’s comment, and will enhance the private key decryption storage method in the upcoming firmware release.


 
Hikvision is proud to be at the forefront of the move to improve cybersecurity best practices in our industry. Cybersecurity must be top-of-mind throughout the product lifecycle, from R&D and manufacturing to installation and maintenance.  Hikvision’s in-house cybersecurity experts are dedicated to constantly assessing and improving our products and our processes, and the Hikvision team provides market-leading cybersecurity education and support to our valued customers. We’re also actively engaged with our competitors and partners on collaborative cybersecurity efforts that benefit our entire industry.



Interoperability is key to the success of IP video technology. While it’s exciting to watch the ecosystem of video surveillance devices multiply, this also increases our cybersecurity challenges. Establishing interoperability standards for video surveillance should be a top priority and one that everyone in the surveillance industry needs to share.



If you have any questions or concerns about Hikvision products, please contact Hikvision in Australia on Tel. 02 8599 4233 or email us at salesau@hikvision.com.   For technical concerns, you may contact techsupportau@hikvision.com