FYI: Hikvision and Dahua cameras banned in Japan and potentially soon US/Canada/UK for gov't contracts

As part of the crack down on Huawei and other Chinese based electronic companies who have been involved in espionage claims we just received noticed of 5 electronic manufactures who have been banned from import into Japan. Of interest is Hikvision and Dahua who I’ve seen mentioned here are both on that list. It is not clear what the allegations are; just that they are banned from import.

We’ve also been informed the US, Canada, and possibly the UK will be setting up similar import bans shortly.

Any link or source?

I expect it’s mis-reporting this story: which bans those products in government contracts. As far as I can see, it doesn’t ban them from import.

Yes, I stand corrected. It is only for use on government projects.

I’m always wary of using things on my network from China with the stock firmware, I probably wouldn’t use Sonoff switches if it wasn’t for 3rd party firmware such as Tasmota.

Who cares?

I have a mix of Dahua and Hikvision cameras that I keep on a separate physical subnet and run through Blue Iris for access (which only occurs via VPN from outside my LAN). The cameras are blocked by the router and subnet rules from receiving or sending to the internet. It’s possible that’s not enough but I think that makes for a pretty secure system regardless of the security issues in the camera firmware.

I work in the CCTV industry here in the UK, there as been no clamp down as yet, however i do know a large national/international company here have been hammering the Hikvisions on their network for testing, and the results arent good.

It was found with all access platforms turned off (Hik Connect and the likes) the camera in question (a PTZ model) was still streaming video/data to chinese servers.

No offense, but I find that hard to believe without any evidence. Hikvision cameras have been tested multiple times by lots of independent people on the net - they aren’t all streaming to Chinese servers. It’s trivial to detect that on a network - I’m not aware of any report of these cameras streaming video to remote sites. Their login security is worthless but that’s different. So sure - someone can take over your badly configured camera if it’s accessible on the net and look at it which will stream video somewhere but that’s different than the camera doing it by itself. Block access to the camera at the network level == problem solved.

1 Like

I cant see a problem as long as the cameras has no internet access. Mine is connected locally to my xeoma cctv and have no access out.

I agree with blocking net access etc. However I can’t disclose the company that have discovered this flaw.

We’re talking serious expert network analysts here, I have seen it for my own eyes, their findings.

Do you think you could do a guide (even at a high level) of these different steps? Setting up a subnet? Blocking at the router for that subnet so it can’t send/receive? Sounds like a really good way of restricting the ‘potential backdoors’.

Not really. It’s completely dependent on the physical wiring layout you have and what hardware and software you use for your router and access points. My cameras are all hard wired and separate from my normal home network. I’m using a pfSense software router with multiple interfaces and have it set up to have one LAN for my regular network and one LAN for my cameras with rules controlling traffic. If you have a regular commercial router, you should assign static IP addresses to the cameras and then put firewall rules in to block those from accessing the internet. But you’ll need to search google or your instructions to figure out how to do that.