[ad_1]
According to LRT research, Hikvision and Dahua cameras with security vulnerabilities are used by at least six state institutions that collect confidential information: the Departments of Administration, Security, Migration, Police, as well as the State Border Guard and the Public Security Services and the state company Oro Navigacija.
In Australia, the camera and the intelligence base.
In Australia, Hikvision and Dahua, accounting for 40%. In the global market for video surveillance systems, the camera was in the spotlight in 2018.
A Hikvision camera was detected at a highly secret Royal Australian Air Force base in Adelaide. This base is described as the center of the country’s military intelligence, surveillance and cyber warfare capabilities.
Reuters / Photo by Scanpix / Royal Australian Air Force
The Australian Department of Defense has announced an immediate recall of the camera and has promised to replace other cameras from this manufacturer if any are found.
Reporters for ABC News Australia also revealed that the Dahua camera was hung in front of the main entrance of one of Canberra’s office complexes where security-related agencies work.
The complex houses the Home Office and the Attorney General’s Office, as well as the Australian Center against Money Laundering, a branch of one of Australia’s six intelligence agencies, the National Assessment Office. The cameras, which were later removed, also covered the area of the prime minister and cabinet headquarters.
“It is completely illogical to have such cameras in security-related institutions,” Fergus Hanson of the Australian Institute for Strategic Policy told ABC News Australia.
“China is struggling to become a country of numerical veins of cyber espionage, and these cameras are a key part of this platform,” he added.
Security experts are concerned that the cameras have been intentionally installed with security vulnerabilities that could be exploited by the Chinese government for espionage purposes. These shortcomings are allegedly related to insecure passwords, and third-party data can be accessed by the camera without the owner’s permission.
The Chinese government rejects accusations of using companies for espionage. Both Hikvision and Dahua claim that they are no different from other companies that sell surveillance systems in the world.
Reuters / Scanpix Photo / Hikvision and Dahua cameras
Hikvision has never carried out or will carry out spyware-related activities with any government in the world, “said the company’s spokesman, as quoted by Australian media.
In Australia, Hikvision cameras started talking again earlier this year. It turned out that despite security warnings, the cameras are used in public hospitals and nursing homes in South Australia.
US authorities ignored the bans
Hikvision and Dahua, like many other Chinese companies, were blacklisted by the United States in 2019 for human rights abuses.
Washington says Hikvision is involved in Beijing’s crackdown on the Uighur Muslim minority in the Xinjiang region. Hikvision, which is 42 percent, is suspected. the shares are owned by the Chinese state, the cameras are installed in Uighur “re-education” camps.
ALSO READ: 15 minutes He explains: why China locked up a million Uyghurs in re-education camps?
Since last year, American companies have been banned from purchasing Hikvision and Dahua products, and have been ordered to remove existing equipment. However, in the past, the surveillance cameras of these companies have also been used in sensitive institutions in the United States.
Back in 2017, The Wall Street Journal (WSJ) wrote that Hikvision cameras were installed at the United States Embassy in Kabul. A State Department spokesman said the cameras were designed to “monitor insensitive facilities where electrical equipment is stored to prevent theft.” Finally, the cameras were removed from the embassy.
Hikvision CEO Hu Yangzhong told the WSJ that “Hikvision is a business” and that secret access to cameras would harm that business.
The WSJ writes that Hikvision has been selling cameras to the Memphis Police Department since 2007. Lt. Joseph Patty II, who is in charge of the surveillance system, said that around 100 arrests of various crimes were made each year in these cameras.
The manufacturer’s cameras were also used at the Fort Leonard Wood military base in Missouri, where military training is conducted.
Scanpix Photo / Military Training at Fort Leonard Wood
In July last year, the Financial Times reported that, despite the ban, Hikvision surveillance cameras were still in use at Peterson Air Force Base in Colorado, a naval research base in Florida. The camera was also used by the Massachusetts, Colorado, and Tennessee Police Departments.
Jacobs Baines, the first researcher to discover the vulnerability of the cameras, told Forbes last year that “basically, if this is directly connected to the Internet, it is someone’s spy device.”
The NKSC found violations
Hikvision’s name was widely heard in Lithuania this January, when the company became the general sponsor of the soccer club “Sūduva”.
Following this week’s LRT investigation, the National Cyber Security Center (NKSC) conducted a cyber security assessment of the Hikvision video cameras used in Lithuanian institutions and found four significant security breaches.
According to the NKSC, by default, remote control of cameras is enabled, but large security vulnerabilities allow outsiders to connect to these devices.
Sigismund Gedvila photo / 15min / Rytis Rainys
“The cameras are remote controlled, the passwords are transmitted through an unencrypted channel, the passwords themselves are encrypted with weak and very old algorithms. Security is such that the passwords for those cameras can be taken from the communication stream , scan, decode, connect to the cameras and anything can be done, ”RSC Rainys, Director of NKSC told BNS.
According to him, by taking over the password, it is possible to remotely turn on, turn off the camera, change settings, as well as monitor the image, or even transmit a completely different image to camera users.
A total of 61 vulnerabilities were identified in cameras released in 2018, of which, according to R. Rainis, 23 are of “high threat level”, i. it can be easily exploited for DDoS attacks, malware insertion or other malicious purposes, writes BNS.
Sigismund Gedvila photo / 15min / Andrius Dapkevičius
Andrius Dapkevičius, Hikvision’s representative in Lithuania, told BNS that he evaluated the NKSC report positively, as the specific recommendations would provide an opportunity to improve monitoring systems. According to A. Dapkevičius, after implementing all the recommendations, the cameras would be less functional and could lose their attractiveness in the market.
A Hikvision representative told BNS that the NKSC and the Ministry of National Defense had publicly stated that they had not detected any cases of cyber piracy through Hikvision cameras, and that experts hired by the company had been unable to enter the systems.
He says NKSC’s proposal to establish a software update server in Lithuania will also be considered.
[ad_2]
