As part of the crack down on Huawei and other Chinese based electronic companies who have been involved in espionage claims we just received noticed of 5 electronic manufactures who have been banned from import into Japan. Of interest is Hikvision and Dahua who I’ve seen mentioned here are both on that list. It is not clear what the allegations are; just that they are banned from import.
We’ve also been informed the US, Canada, and possibly the UK will be setting up similar import bans shortly.
I’m always wary of using things on my network from China with the stock firmware, I probably wouldn’t use Sonoff switches if it wasn’t for 3rd party firmware such as Tasmota.
I have a mix of Dahua and Hikvision cameras that I keep on a separate physical subnet and run through Blue Iris for access (which only occurs via VPN from outside my LAN). The cameras are blocked by the router and subnet rules from receiving or sending to the internet. It’s possible that’s not enough but I think that makes for a pretty secure system regardless of the security issues in the camera firmware.
I work in the CCTV industry here in the UK, there as been no clamp down as yet, however i do know a large national/international company here have been hammering the Hikvisions on their network for testing, and the results arent good.
It was found with all access platforms turned off (Hik Connect and the likes) the camera in question (a PTZ model) was still streaming video/data to chinese servers.
No offense, but I find that hard to believe without any evidence. Hikvision cameras have been tested multiple times by lots of independent people on the net - they aren’t all streaming to Chinese servers. It’s trivial to detect that on a network - I’m not aware of any report of these cameras streaming video to remote sites. Their login security is worthless but that’s different. So sure - someone can take over your badly configured camera if it’s accessible on the net and look at it which will stream video somewhere but that’s different than the camera doing it by itself. Block access to the camera at the network level == problem solved.
Do you think you could do a guide (even at a high level) of these different steps? Setting up a subnet? Blocking at the router for that subnet so it can’t send/receive? Sounds like a really good way of restricting the ‘potential backdoors’.
Not really. It’s completely dependent on the physical wiring layout you have and what hardware and software you use for your router and access points. My cameras are all hard wired and separate from my normal home network. I’m using a pfSense software router with multiple interfaces and have it set up to have one LAN for my regular network and one LAN for my cameras with rules controlling traffic. If you have a regular commercial router, you should assign static IP addresses to the cameras and then put firewall rules in to block those from accessing the internet. But you’ll need to search google or your instructions to figure out how to do that.