Are you concerned about Hikvision's trustworthiness?

[LittleBrother]

Full disclosure: I've had a few hikvisions going for years. And I just bought another a week back. I like their feature set and price point. And I plan on buying another most likely, in the near future.

Evidently a chunk of the company is owned by the Chinese government, and they also would fail to qualify to be installed in federal government premises (though this is likely the case with many or all chinese cameras).

Presently I have my cameras on the same network as everything else, and not cordoned off. I have no port forwarding, and have also blocked the cameras from internet access entirely so that they cannot call out to anything (including that server to get back the time).

Given this it seems to me my two vulnerabilities would be the cameras themselves either dumping stuff on other network devices OR any machine I've installed their viewing plug in on would possibly have something on it. I've not reason at all to think I've been compromised (even after many years of running these with port forwarding--yikes), but I didn't see any other threads here talking specifically about the reasonableness of using these in general-if this is all covered in another thread please let me know and lock this one

 

[spuls]

simple solution - put these untrusted vendors into a dedicated network. do not allow them internet access, do not use any of the provided cloud services.

and from my point of view - there is no difference between US or chinese based vendors.

 

[watchful_ip]

I like Hikvision products, but I don't blindly trust any embedded device manufacturer wherever they are based.

Do not allow public internet access to or from their devices. This especially includes hik-connect which could potentially be used to access your LAN.

Use a VPN or other secure and controlled method if you need remote access.

I don't even trust the router my ISP provides. Therefore the only thing it connects to is my own linux router which is firewalled so even my ISP can't get on my local network.

For NTP you might wish to run a local NTPD server and point your cameras at that so they keep the right time.

Keeping the cameras on the same network as your other devices/PC is likely fine especially if their in/outbound public Internet traffic is blocked. If you are running a nuclear reactor connected to your LAN then I'd put them in a DMZ.