Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
China Government Security United States

Banned Chinese Security Cameras Are Almost Impossible To Remove (bloomberg.com) 89

An anonymous reader quotes a report from Bloomberg: U.S. federal agencies have five weeks to rip out Chinese-made surveillance cameras in order to comply with a ban imposed by Congress last year in an effort to thwart the threat of spying from Beijing. But thousands of the devices are still in place and chances are most won't be removed before the Aug. 13 deadline. A complex web of supply chain logistics and licensing agreements make it almost impossible to know whether a security camera is actually made in China or contains components that would violate U.S. rules. The National Defense Authorization Act, or NDAA, which outlines the budget and spending for the Defense Department each year, included an amendment for fiscal 2019 that would ensure federal agencies do not purchase Chinese-made surveillance cameras. The amendment singles out Zhejiang Dahua Technology Co. and Hangzhou Hikvision Digital Technology Co., both of which have raised security concerns with the U.S. government and surveillance industry.

Despite the looming deadline to satisfy the NDAA, at least 1,700 Hikvision and Dahua cameras are still operating in places where they've been banned, according to San Jose, California-based Forescout Technologies, which has been hired by some federal agencies to determine what systems are running on their networks. The actual number is likely much higher, said Katherine Gronberg, vice president of government affairs at Forescout, because only a small percentage of government offices actually know what cameras they're operating. The agencies that use software to track devices connected to their networks should be able to comply with the law and remove the cameras in time, Gronberg said. "The real issue is for organizations that don't have the tools in place to detect the banned devices," she added.
Also, since many of Dahua and Hikvision's cameras are sent to equipment manufacturers and sold under those brands, those cameras have completely different labels and packaging. This means it would be nearly impossible to tell if the thousands of video cameras installed across the country are actually re-labelled Chinese devices.
This discussion has been archived. No new comments can be posted.

Banned Chinese Security Cameras Are Almost Impossible To Remove

Comments Filter:
  • by iggymanz ( 596061 ) on Wednesday July 10, 2019 @07:06PM (#58905144)

    There are surveillance cameras with components NOT made in China? Who makes those?

    • by Tablizer ( 95088 )

      There are surveillance cameras with components NOT made in China? Who makes those?

      Russia

    • by Anonymous Coward

      Solve the problem.
      FCC should have not lost its ability for meaningful certification. They also need a national software firmware source code repository for cheap stuff - unless open sourced and say on GIT

      Import tax on insecure cameras
      Less tax for supported upgradable cameras
      and Return supertanker to origin for POS devices with known defects.

      It should be illegal to discriminate by country. But quality is a usable non tariff trade barrier.

      • I don't usually deal with ACs but you are right. This is something the FCC is equipped for and empowered to handle. They need to get with the times, all government branches do really.

        • wrong, the FCC has neither the means nor knowledge to determine what is "insecure" or not. They should not interfere in the market

  • Go ahead and find me one *not* made in China. Even if you do find one the chipsets will be of Chinese origin.

    • by irving47 ( 73147 )

      Depends which chipset you care about. If they care about the encoder or decoder chipsets for MPEG2/H.264 or H.265, etc, they're chasing their tails. The networking hardware and software/firmware are what we needto worry about. So, yeah, checking each one will still be a hassle, but if you're talking about a bunch of CCTV cameras made who-knows-where, at least you really only have to worry about the central "concentrator" (not sure what hte analog ones were called) DVR itself. And fortunately, that's just

  • by ToTheStars ( 4807725 ) on Wednesday July 10, 2019 @07:31PM (#58905256)
    If there's no way to know whether a camera was made in China or not, surely it's best to dispense with them all? That would handily prevent government overreach with license plate and face recognition, and if all of that space needs monitoring, then the cameras can be replaced by human guards, which means lots of hiring!
    • Even if its made in the US, you can be assured that *all* cameras will have at least a few parts made in China.

      Just like everything else. If a China ban ever turned into something complete , it'd set technology back 40 years. Well for the US it would. The rest of the world would keep on keeping on. Well at least until the current whitehouse went away and someone sane took charge of foreign policy

  • by Joe_Dragon ( 2206452 ) on Wednesday July 10, 2019 @07:38PM (#58905280)

    don't use cloud dvr systems use zone minder in an isolated network

    • by HiThere ( 15173 )

      It doesn't sound like that satisfies the legal requirements.

      • by irving47 ( 73147 )

        That's probably true, but at least it survives the intent/spirit of the regulations. I know, I know, try explaining to some investigative body that doesn't know the difference, doesn't care to learn it, or god forbid, just wants to meet quota or have an axe to grind with your face.

  • by Applehu Akbar ( 2968043 ) on Wednesday July 10, 2019 @07:44PM (#58905298)

    If the US has anything, it's the world's greatest effects experts. Wait until the Chinese are trawling through their spycam footage and come to the Pentagon testing a mind control ray, a gooey blob alien intern in the White House, a time portal in the Nevada Test Site control center opened to the Song dynasty in an attempt to manipulate Chinese history...

    • The gooey blob in the White House is just the president.
  • Seems like the NSA should be able to scan all Internet exit points from the US (or have the UK do it if they are squeamish about posse comitus) and provide the GAO and DOD a list of all nodes communicating with the camera makers' collection points.

    • by yakatz ( 1176317 )
      The NSA has some interesting capabilities, but I am pretty sure scanning all that traffic is a stretch. If it is encrypted (properly), even less chance.
      • by HiThere ( 15173 )

        For understanding the data, yes. For knowing the routing instructions...that should be doable without too much problem.

        (Yes, there are fancy ways around that, but these are cameras, not heavy duty processors.)

    • by AHuxley ( 892839 )
      looking around the world for online CCTV networks to support the CIA?
      ie they are busy globally collecting and supporting other agency work.
      Looking around Russia/China for all and any CCTV networks.
    • Of course they can. But why in the world would the NSA tell anyone about exploits it has found and can use to spy on others?
  • If they installed them, they can just climb a ladder and uninstall them.
  • Not a federal agency, but a company who happened to have just installed 9 cheap ~$50 hikvision wired ip cameras. There are 2 concerns.

    1. default password is weak/predictable - it's up to you to setup it well.
    2. The cameras may send the videos to unwanted entity. - setup the cameras into separate, unreachable network.

    Don't mix cameras into normal office network. give it separate network which the camera can only see itself, and recorder. Then make sure only recorder itself is connected to outside network. Ah

    • by Bert64 ( 520050 )

      You also have to consider camera placement...

      If the cameras are outside, they could potentially be stolen or an attacker could disconnect their network cable and connect a malicious device in its place. This attack actually becomes slightly harder with wifi, as you'd need to physically steal the device and take it away for analysis in order to extract the wireless key from it (often held in a plaintext configuration file).

      Ofcourse wireless has other weaknesses, denial of service is trivially performed remot

  • What are they going to do with all of those? Maybe us residential folks can pick some up for a bargain home security system.

    President Xi isn't interested in watching cats poo on my shrubs.

  • Combine this with a growing, disturbing trend on Europe on blocking all access to the router and many ports, forcing owners of security cameras to use foreign proxy servers to be able to remotely view their cameras and trashing innovative development. Despite the introduction of the toothless net neutrality law Scarlet ISP in Belgium as just once example block all access to port forwarding facilities on their routers. The only way to remotely view many of the Chinese security cameras is by making use of the

    • The reason these cameras use external proxies like this is because of the shortage of ipv4 and slow deployment of ipv6... Most users simply don't have enough addresses to make cameras directly reachable (many users now are behind nat themselves provided by the isp and don't even have a single directly reachable ipv4 address), and don't have the technical skills to set up a vpn in order to access them (and cant setup such a vpn in the isp operated nat situation).

  • Once you install cameras, you introduce a problem in controlling where the images from them are delivered to. That is the problem, and possibly too many cameras have been installed.

    The solution is egress control. These cameras should not be on the global Internet. They should be strictly cordoned off to the places they are being used. Local security camera should only be connected to local networks and only accessible at local endpoints.

  • by PeeAitchPee ( 712652 ) on Thursday July 11, 2019 @07:36AM (#58907076)

    Two things that immediately make these cameras more secure:

    • Block China and other select countries at the firewall (e.g., Russia, Nigeria). Implementing GeoIP / GeoIP2 block lists with pfsense provides a simple way to do this, for example. Sure it won't stop people using VPNs, but you're likely not special enough that hackers won't attack someone else first with a less secure network. They'll usually move on to someone a lot easier.
    • Use Pi-Hole [pi-hole.net] or similar DNS sinkhole technology. Pi-Hole blocks a bunch of undesirable stuff right out of the box, including a lot of the Hikvision cams' "phone home" messages as well as Microsoft's telemetry stuff. Again, not a silver bullet for every attack vector, but using it gives you a much more secure environment than *not* using it.

    Oh yeah, and change the defualt cam logins to something other than admin / admin. That's the #1 way people get "hacked." Duh.

Avoid strange women and temporary variables.

Working...