NSA Director Keynoting Dahua and Hikvision Sponsored Cybersecurity Conference

[handinpalm]

Note that Hikvision is ~42% owned by Chinese Gov't. Wonder what is in their firmware?

NSA Director Keynoting Dahua and Hikvision Sponsored Cybersecurity Conference

CETC = Chinese Gov't

 

[alastairstevenson]

Wonder what is in their firmware?

Even in the modest size of the core app of a camera, at under 10MB, there are maybe several hundred thousand lines of code.
A huge task for a human to analyse, and big even for automated analysis, for that small chunk that might do something unwanted.
Then move on to something like a Deep-In-Mind device with a couple of orders of magnitude more scale and sophistication - and it would be so easy to hide or obfuscate lots of things.

 

[mat200]

.. Wonder what is in their firmware?
..

Also note, it could be something simple that just allows a buffer overflow attack.

Heck how many developers / software engineers have overlooked buffer overflow issues? Countless.

Code examples even included buffer overflow vulnerabilities - and many developers just cut and pasted those examples.

 

[Demoniker]

It's no secret that Hikvision has ties to the Chinese government, and that raises some serious questions about the security of their firmware. I mean, anything could be lurking in there.
As someone who's always been cautious about digital security, hearing about these potential risks definitely makes me think. For example, not enough people know about the importance of thorough cyber security risk assessments audits. But it is important!
Besides, we need to really understand the security protocols and vulnerabilities of these devices so we can know about the risks we're facing.

 

[bigredfish]

It's no secret that Microsoft and Google have deep ties to the US government Intelligence agencies, and that raises some serious questions about the security of their . I mean, what could be lurking in there, right?

Fixed it for ya

 

[Teken]

Fixed it for ya

Sadly, this is so true of almost any government today.

Canada for example has been on a steady death spiral of corruption, insane weak laws, pathetic military, and weak borders.

As it relates to Hikvision / Dahua everyone in this thread already knows about best practices with respect to security.

It’s always going to be trust but verify.

Assume everything is a threat and be proactive in layered security as it relates to the network infrastructure. Too many people and companies rely on technology when the KISS principle should be the cornerstone of the above!

I’ve yet to see first hand a closed loop isolated video security system be hacked / breached -remotely.