Secure facilities and public areas are under surveilance using cameras developed and manufactured in China, and this has many people concerned. There is growing speculation amongst security and strategy experts that these cameras are capable of being hacked or worse, being used by the Chinese government to spy on Australian citizens and businesses.
Chinese technology companies Hikvision and Dahua have come under attack recently by the US Government, with a ban being introduced due to concerns they were creating a “surveillance network”. Republican congresswoman Vicky Hartzler stated that “video surveillance and security equipment sold by Chinese companies exposes the US Government to significant vulnerabilities”. The House of Representatives passed a defence bill in May this year carrying Hartzler’s amendment forbidding US government agencies from buying surveillance products from Hangzhou Hikvision Digital Technology, Hytera Communications Corporation and Zhejiang Dahua Technology Company.
Involvement of Beijing
Concerns have arisen for various reasons. Firstly, Hikvision has been nurtured by Beijing as part of a vast expansion of its domestic surveillance apparatus, turning the company into the world’s largest supplier of video surveillance equipment, with Dahua in second place. After its foundation in 2001, the company quickly morphed into a highly lucrative business, partly because of its close ties to the Chinese government. Indeed, three state-owned enterprises own a total of 42% of the company. It sells equipment all around the world, from France to Ireland, Brazil to Iran.
This is a major reason why many have spoken out about Hikvision cameras being used in secure facilities around Australia, with head of the International Cyber Policy Centre at the Australian Strategic Policy Institute, Fergus Hanson, calling it a “real dereliction of duty”. This is because, according to Hanson, these cameras are remotely accessible, meaning a manufacturer could log in to the cameras easily and see what they’re seeing. With global tensions rising and surveillance technology expanding, there may be nothing stopping the Chinese government from exploiting this technology and its valuable ‘insight’ into Australia.
Indeed, what has really rattled many experts is the types of places these cameras are being used. Hikvision’s cameras were located at an Australian military base, the offices of an Australian intelligence agency, two national security federal departments, and the ABC to name a few. Then there’s the cameras in homes, schools, streets, shopping centres, council offices and thousands of other areas across Australia.
However, Hikvision has called America’s security concerns and the subsequent ban “baseless”, stating that the company is “a commercial entity that operates globally and strictly conforms to business ethics and all relevant regulations”, dedicated only to the advancement of safety in all countries.
In-built Security Flaws and Hacks
Despite these promises, Hikvision has had its fair share of security breaches that has given a basis to the growing fear over their product’s safety.
In 2014, users of the cameras who had failed to change the default usernames and passwords were unknowingly live streaming their footage to a site exploiting the failure. The site, linked to insecure cameras by manufacturers including Foscam, Panasonic and Hikvision, allowed users to see into the “bedrooms of all countries of the world.” And they weren’t kidding, there were over 256 countries listed. In response, Hikvision introduced a cloud service known as Hik-Connect in January 2017, but this failed to alleviate all security flaws.
In May 2017, the Department of Homeland Security released an advisory warning about Hikvision cameras. They stated there were remotely exploitable vulnerabilities, or loopholes, in the cameras that made them easily accessible by hackers. Requiring only a “low skill level to exploit”, the department gave the vulnerability its worst security rating.
Four months later, security researcher Monte Crypto found that many Hikvision cameras contained a ‘backdoor’ allowing unauthenticated impersonation of any configured user account, a vulnerability that posed a severe risk but was trivial to exploit. Soon after, some owners were seeing the words “HACKED” across their camera displays instead of the live video feed they expected. Hikvision’s Security Response Center later came out saying the issue was a code error rather than a ‘backdoor’ flaw, guaranteeing that it “never has, does or would intentionally contribute to the placement of ‘backdoors’ in its products”.
Going Forward
These vulnerabilities and flaws have added fuel to the debate surrounding the security of these cameras and their use in Australia. It will be interesting to see whether Australia follows suit with America’s ban on the Chinese surveillance companies. Indeed, Australia may already be on its way to such measures, after effectively banning Chinese companies ZTE and Huawei from tendering for our national 5G network in August this year. This shows a growing rhetoric of concern around Chinese involvement in Australian information technology and security.
Surveillance cameras are a vital part of physical security for Australian businesses, citizens and agencies. Using the most effective and secure products available is an important part of a company’s security strategy, and efficient surveillance can drastically bolster the safety of a building or public area. To seek guidance on how you can develop and implement the best physical security strategies in your business, and utilise the most secure products, contact Agilient today.