Since your post here is being picked up by various blogs/media outlets, we feel it is important to post a Hikvision Corporate Response:



Actions Taken Against Third Party Virus Causing Network Cameras Scanning Attacks

April 9th, 2014 – On November 26, 2013 Hikvision became aware of an alert regarding a continuous scanning attack that can potentially be launched by a limited number of our network cameras. Since then, we worked diligently to resolve the issue and address the users’ concerns. We investigated the IP address provided, as well as the devices involved, including network cameras and network DVRs. Upon thorough analysis, we determined that the reason for the scanning attack was a worm virus called Linux Darlloz.

Reasons

The investigation discovered that all the network cameras infected with the virus were connected to the public internet without changing the default user name and password. The virus attempted to discover the password according to the password dictionary until cracking it. Upon implanting the script file, the network camera becomes a source of virus to attack the other network devices. After restarting the network camera, the script file will be eliminated, however the risk of being attacked is still there if no fix is adopted. The risk of virus attack is caused by the connection of devices to the public network directly without changing the default user name and password.

Problem Process and Tracking

Our company took immediate and decisive action after Symantec has detected the virus on Nov. 26, 2013. Since December 2013, firmware of all the network cameras and DVRs has been updated, and all the inventory products have been upgraded to protect them from being attacked by Linux Darlloz worm virus.

We took the following actions to enhance the security awareness of users to avoid the possibility of being attacked by such virus.

1. Device on Public Network Security Notice was added to the bulletin board of our global website to notify users of the possible risks of using their devices on public network. We also asked the users to change the default password to avoid risks as the network attack and privacy leaking.

2. Users can now download the firmware from our website to upgrade their devices to avoid the attack.

3. Public network security awareness campaign targeting our partners and distributors was conducted through our partners and distributors. Distributor Monthly magazine, on-site communication, training, and other available communication channels.

With decades of experiences on the surveillance industry, Hikvision attaches great importance to network and information security. With the establishment of Hikvision Security Response Center, effective communications protocol and cooperation with National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC), the China National Vulnerability Database (CNVD) and other industry recognized critical infrastructure platforms we were able to increase the investment into internet applications security. Hikvision is dedicated to continuously improving the security of our products and solutions, and is committed to complete security assurance for the users. We thank you for your continuous support.



Hangzhou Hikvision Digital Technology Co., Ltd.

April, 2014



Appendix 1?Introduction of the Hikvision Security Response Center

Organization

The Hikvision Security Response Center is a platform which is dedicated to take feedback, handle and disclose the security flaws of the Hikvision products and solutions. Hikvision pays great importance on its own security, and has taken the user security as its responsibility since the day it is found.

Principles

1. Hikvision pays great importance on security of the products and business. We promise that any feedback on the security flaw will be heard, analyzed and processed in time.

2. Hikvision supports any responsible disclosure and process of the security flaw. We promise that we will protect the users’ interests and we will reward and be grateful for those who help us to improve the security quality.

3. Hikvision objects and condemns the hacking action which damages the user’s interests taking flaw test as its excuse, including but not limited to the stealing of the user privacy and virtual property, hacking the business system, and maliciously spread the security flaws.

4. Hikvision believes that the handling and process of every security flaw and the improvement of the whole surveillance industry cannot be separated with the cooperation of each party. Hikvision hopes to promote the cooperation with other enterprises of the industry, the Security Company and investigators to maintain the information security of the industry.



Progress

The Hikvision Security Response Center is built, and the related Chinese and international webpage is created to take feedbacks, handle and disclose the security flaws of the Hikvision products and solutions.

Build connection with the dark cloud website, National Internet emergency coordination center, the National Information Security Flaw Share Platform.

Workflow

1. Reporting Security Flaw

Please send email to HSRC@hikvision.com to report the security flaw.

2. Reviewing Security Flaw

1) Hikvision Security Response Center of Hikvision will confirm and review the security flaw in one work day.

2) In three work day, the staff of Hikvision Security Response Center will handle the problem and get conclusion. If necessary, the staff may contact the reporter for assistance.

3. Fixing Security Flaw

The time of fixing will be determined by the severity of the flaw and the difficulty of handling it. High risk flaw should be fixed in 24 hours, medium risk should be fixed within 3 work days, and low risk should be fixed in 7 work days. In case the security flaw is affected by the new version delivery, the fixing time will be determined according to real situation. Emergent security announcement will be published for severe security flaw.

moksha53

1 Posts