Foreign hack hits govt supplier

By Liu Xin Source:Global Times Published: 2015-3-1 23:48:01

Manufacturer blames weak passwords for breach


A major Chinese supplier of video surveillance products said on Sunday that it has sent security experts to the Jiangsu provincial public security department to help reset passwords and update firmware for its products, which the department said were attacked and came under the control of hackers overseas on Friday.

The Jiangsu provincial public security department said in a Friday statement that products from Hangzhou-based Hikvision were a "serious safety risk" and ordered all local bureaus across the province to check their video surveillance devices produced by Hikvision.

Hikvision responded Friday that its products were attacked through security vulnerabilities brought on by weak passwords and outdated firmware, saying that some users had never changed the default passwords.

The Jiangsu public security department did not specify what kinds of products were attacked.

In a second statement on Sunday, the company made a formal apology and vowed to make its products safer, adding that work to address the issues were underway in all local public security bureaus across Jiangsu.

It also asked users to be more aware of cyber security, especially in checking system bugs and setting secure passwords in the wake of increasingly sophisticated methods of cyber attack.

Hikvision is China's largest listed company in the security industry. Its products are widely used in various fields including public security, transportation, justice and finance, according to Hikvision's website.

The potential hazards caused by weak passwords were reported by wooyun.org, a domestic Internet security monitoring platform, multiple times last year. Hikvision claimed that it reminded users to set more complex passwords in March 2014.

"Considering the wide use of Hikvision products, important information on the manufacture, transportation, energy and other fields may have been leaked once the surveillance devices were remotely controlled by attackers. The consequences may be severe," Wu Di, an employee with wooyun.org, told the Global Times Sunday.

"Setting a complicated password is a good way to guarantee information security but cannot stop hackers from penetrating surveillance devices using other means," Wu said.

Wu also noted that there are multiple vulnerabilities in Hikvision's servers and Intranet, and said that the company needs to do a better job on cyber security.

"The government should also learn a lesson from this incident. Officials who worked in public security departments should raise their awareness on cyber security, change their inefficient management and update their knowledge and techniques. It is also crucial to hold responsible officials accountable," said Shi Xiansheng, deputy secretary general of the Internet Society of China.



Posted in: Society

blog comments powered by Disqus