They probably were alerted by this.<p><a href="https://www.fortinet.com/blog/threat-research/mirai-based-botnet-moobot-targets-hikvision-vulnerability" rel="nofollow">https://www.fortinet.com/blog/threat-research/mirai-based-bo...</a><p>However, going after just a brand solves nothing; the problem is that nobody can properly audit these devices due to their closed nature.
A huge number of IP cameras and DVR/NVR devices have been either compromised for botnet installation or caught phoning home (usually somewhere in China) in the past. Unless one can purchase a fully Open Source one (including hardware and firmware), there are no guarantees that a device won't be doing nasty things, or silently waiting for remote triggers to do so, which is something that only source code inspection could guarantee against. In the meantime the solution has always been to put them behind a firewall that doesn't let them initiate connections to the outside and also filters out incoming connections from untrusted parties; this should apply to all closed connected device, not just Hikvision cameras.<p><a href="https://www.wsj.com/articles/hackers-infect-army-of-cameras-dvrs-for-massive-internet-attacks-1475179428" rel="nofollow">https://www.wsj.com/articles/hackers-infect-army-of-cameras-...</a><p><a href="https://hacked.camera/" rel="nofollow">https://hacked.camera/</a>
The behavior of the United Kingdom looks incoherent: it wants to become a surveillance state [1], but without using cameras manufactured in China, on the grounds that China is a surveillance state.<p>[1] <<a href="https://www.cctv.co.uk/how-many-cctv-cameras-are-there-in-the-united-kingdom/" rel="nofollow">https://www.cctv.co.uk/how-many-cctv-cameras-are-there-in-th...</a>>
Possibly stupid/overly paranoid question: if most products are being made in China anyway, how do we know they’re not putting backdoors in everything including goods branded for non Chinese companies? Cables, power adapter etc all house chips nowadays. In theory couldn’t they have some kind of silent zero day virus on them, keylogger etc?<p>Does every product on sale get periodic testing to check for this kind of thing? It seems like they could manufacture clean devices to send to a test centre and then back door ones they release in the wild. In the case of non-brand goods such as cables it wouldn’t even really matter if they got caught because they could just spin up another drop ship company under a different name and keep selling.
My cameras are on their own vlan, with outbound internet access disabled - so in theory they aren't sending anything anywhere else.<p>So is this less about the actual cameras, and more that they have been installed insecurely and not kept up to date with firmware? Or the hardware used to record the data is acutally in the cloud somewhere and that is the issue?
I had to hunt down all of the banned devices when the 2019 ban took place on Dahua, Hikvision, and Huawei. I've never seen worse quality feeling looking software. Random cameras requiring Chrome Apps to manage, or some obscure Windows software package.<p>I'll take an RTSP feed from AXIS over those any day.
This reminds me of the whole Huawei thing: no actual evidence of any problem, no economic reason, no real political gain, but "feelings". I wonder if a US CCTV provider is about to get a multi billion pound contract having recently "donated" to the groups making this "necessary" "security" decision...
Why is the response to this kind of major security risk always a barely there, bit of useless security theatre?<p>"We wont ban TikTok because the CCP has given a commitment not to look at the massive trove of data they are continually harvesting..."
Hikvision is leading cctv manufacturer. They make Swann CCTV systems as well.<p>I'm sure anyone the UK Gov replaces it with will be from the same factory unless they want to start manufacturing their own.
Love the utterly irrelevant denial from Hikvision:<p>"Hikvision cannot transmit data from end-users to third parties, we do not manage end-user databases, nor do we sell cloud storage in the UK."
Why just HikVision? And why only certain models?<p>I'm pretty sure almost every Chinese made CCTV camera is riddled with backdoors and vulnerabilities. And almost all upload their video streams to some server in China.
>Professor Sampson asks: "Do you want untrusted companies screening at airports, watching school playgrounds or on hospital wards?" He gave the example of one such company that has won awards for work monitoring children on school buses in Scotland that is now on the new ban list.<p>is this an actual "professor" speaking sense? what do you mean untrusted companies? either hikvision exfiltrates data from the UK to china servers and there are logs to verify that or hikvision could remotely access any device even if it was not online or was online with security but they have a bypass, both could be verified but other than these two cases, what is this pre-emptive ban that could cost the public exchequer millions or billions for what? a hunch that, as they put it,
>"We are no longer asking whether certain security companies can be trusted, we now accept they can't, but we need to work out how to verify those we can trust."<p>so they will first ban hikvision, remove all their cameras from UK, replace that with a competitor, THEN authenticate the trustworthiness of hikvision and THEN maybe let them back in the market.<p>WTF thinks like that unless you have malicious intent?