Source:
https://scmp.com/news/china/article/1727145/chinese-surveillance-camera-supplier-confirms-hacking-loophole
China

Chinese surveillance camera supplier confirms hacking loophole

Andrea Chen

Updated: 12:10pm, 16 Apr, 2015

Why you can trust SCMP
Some security products used by Jiangsu's public security arms have been controlled by devices with foreign internet protocol addresses. Photo: Reuters

A major supplier of surveillance cameras to mainland police confirmed on the weekend that vulnerabilities in its networks exposed clients to cyberattacks from overseas.

The confirmation came after public security officials in Jiangsu issued urgent security alerts to its departments.

Hikvision, based in Hangzhou, confirmed on its microblog that some of its products were at risk of attack from abroad, backing up a statement by the Jiangsu Provincial Public Security Bureau on Friday.

Listed on the Shenzhen Stock Exchange, Hikvision is the biggest supplier of surveillance products and services on the mainland by market value.

The National Business Daily reported in December that the company was preparing to list in Hong Kong to raise HK$354 million.

Hikvision has contracts with mainland public security agencies as well as international conferences such as November's Asia-Pacific Economic Cooperation meeting in Beijing and the Boao Forum in Hainan .

A copy of an announcement labelled "urgent" by the Jiangsu provincial public security bureau circulated widely online on Friday, instructing all departments to scrutinise any Hikvision products they were using.

The notice came after the provincial Internet Emergency Coordination Centre detected "severe security risks" in the products, claiming that some of them "had already been controlled by [devices with] foreign internet protocol addresses".

Multiple sources from the bureau confirmed to online news outlet Thepaper.cn on Friday that the document circulating online was authentic.

Hikvision issued a "clarification" early on Saturday confirming that the internet security watchdog had detected online attacks against their products.

Clients had exposed themselves to the attacks because they had used weak passwords or failed to reset default passwords, it said.

The company said that in theory, any devices linked to the internet were at risk of hacking attacks.

"Once hackers break the password, they can introduce a computer virus to the device and turn it into a source of infection."

The company said yesterday it would send technicians to help police in Jiangsu inspect all of its products and make any updates that were necessary.

Founded in 2001, Hikvision has branches and subsidiaries in 35 Chinese cities including Hong Kong, and more than a dozen countries including the US and Britain, its website says.