7.21.23 – SIW
A published report says hackers gained access to Hikvision cameras and used the company’s mobile app to distribute pornography on social media. An investigation by IPVM found several sales offers for nude videos on the platform Telegram.
The offerings included cameras labeled for family homes, medical offices, salons, locker rooms, a strip club and other places. IPVM said it contacted the FBI once it learned about the alleged hacking.
Telegram has since eliminated 7 channels that were flagged by IPVM for the illicit activity.
“This is the first case we have found of video surveillance cameras being exploited systematically in a criminal pornographic commercial enterprise, raising grave concerns about what to do about the vast number of vulnerable Hikvision and other cameras on the Internet,” IPVM said in its report.
The use of Hikvision’s current Hik-Connect app to distribute adds “even graver concern,” IPVM said, because the app is cloud controlled by Hikvision itself.
In a statement to SecurityInfoWatch.com, Hikvision said it received an email from IPVM alleging that criminals had used its cameras to record “unconscionable things.”
“Our lawyers immediately reported the allegations to the U.S. Department of Justice, multiple offices of the FBI and the National Center for Missing and Exploited Children,” the company said. “We are doing everything we can to help. Additionally, we regularly upgrade our software as part of our ongoing commitment to delivering the safest and most reliable products.”
In an additional response published in IPVM’s story, Hikvision said it didn’t know anything about the potential crimes and the email was the first they had heard of the matter.
As it has in the past, Hikvision accused IPVM of trying to damage its business and criticized the media outlet for seeking comment on the story before alerting authorities to what was allegedly found.
It’s the latest in a string of bad publicity for the China-based company.
Last November, the FCC voted to ban equipment authorizations for five entities, which included Hikvision and Dahua, for national security reasons. This effectively banned the sale of future products in the U.S.
The FCC, in its order, rejected many of Hikvision’s objections, saying the Commission has clear legal authority under the Secure Equipment Act to modify equipment authorizations and its actions were not unconstitutional.
In February, Hikvision USA sued the FCC and U.S. government, seeking to overturn the FCC’s security ban on future equipment authorizations.
Hikvision argues the FCC’s order – published in the U.S. Federal Registry on Feb. 6 – is unconstitutional and exceeds the agency’s jurisdiction and statutory authority.
Hikvision also alleges the order violates the “Equal Protection and “Bill of Attainder” clauses of the Constitution, as well as the Communications Act and Administrative Procedure Act.