US Police, Military Bases Using Hackable Chinese Government-Owned Surveillance Cameras

Surveillance cameras used by United States law enforcement agencies, military bases and even ordinary consumers are produced by a Chinese manufacturer that is in part owned by the Chinese government, according to a report from the Wall Street Journal.

Hangzhou Hikvision Digital Technology produces the surveillance cameras that can be found hanging about streets and important infrastructure throughout the U.S. The Chinese government owns a 42 percent share of the company, raising concerns about the possibility the company’s products could be used to spy on Americans.

Among some of the places cameras from Hikvision were found, the Wall Street Journal reported the Chinese company’s products are perched atop street lights in Memphis, Tennessee to allow police to monitor criminal activity, located around a U.S. Army base in Missouri and were at one point used to watch the U.S. embassy in Kabul, Afghanistan.

<p><a href="http://www.aidataconf.com/" target="_blank">

</a></p>

Hikvision is the largest surveillance camera producer in the world, thanks in part to its role as the primary provider of cameras for China’s domestic surveillance programs. Its business has only grown with widespread adoption of Hikvision products by other nations including the U.S. Its cameras have also been used in French airports, a port in Ireland and several sites in Brazil and Iran.

The rapid rise of the company as the primary provider of surveillance equipment is now drawing questions, in part thanks to a recent cybersecurity issue identified by the U.S Department of Homeland security earlier this year.

According to the DHS, some cameras manufactured by Hikvision contained a security vulnerability that made the devices exploitable by hackers. The DHS flagged the flaw and assigned it the worst security rating available.

The existence of the vulnerability aroused suspicion for some who feared the issue might be exploited not just by hackers in the wild but by state-sponsored attackers in China who may have been aware of the bug well before the DHS issued its warning, effectively allowing Chinese intelligence agencies to spy on Americans—both private citizens and important government organizations.

Hikvision for its part has disputed any concerns over security issues with its products, noting that it follows the law in any country it does business in and took action to patch the flaws identified by the DHS. The company told the Wall Street Journal it “cannot in any way access and control the content of the video cameras.”

The company also held that it would have no interest in adding a backdoor or intentional security flaw for the purposes of exploiting it, as doing so would potentially harm the business if the backdoor was discovered.

Whether the flaw found by the DHS was intentionally placed or not, it has already harmed Hikvision’s standing with government clients in the U.S. The General Services Administration (GSA), which oversees procurement for the government, removed the Chinese manufacturer from its list of approved suppliers this year.

Prior to DHS identifying a vulnerability in Hikvision’s products, a number of experts called into question the company. Stephen Bryen, an international affairs and cyber security expert wrote last year that using a commercial product from a Chinese manufacturer is “a big mistake, and mistakes like this can cost lives.” Bryen said at the time, “There are plenty of trusted American suppliers of systems with better security that are designed.”

Edward Long, a former employee of Florida-based video surveillance equipment company IC Realtime Security Solutions, attempted to petition the U.S. government not to use Hikvision cameras, warning that the company’s products are send information back to China.

“Over the past year, [Hikvision has] ... flooded the United States with their equipment,” he wrote. “Every time one of their machines is plugged into the internet, it sends all your data to three servers in China. With that information, the Chinese government can log in to any camera system, anytime they want.”

It is of course possible that the security flaws in Hikvision’s products are not malicious attempts to spy on adversaries—though the government’s large share of ownership in the company is cause for suspicion—but rather a result of lazy and cheap production. Security cameras from manufacturers all over the world often fall short of security standards and are easily hackable.

The Insecam Project, created in 2014, allows anyone to instantly connect to live streams of hundreds of thousands of unsecured surveillance cameras from any number of manufacturers including Panasonic, Linksys, Sony, TPLink, Canon and many others.