Relay Addresses the Recent Cybersecurity Vulnerability in Surveillance and Security Cameras market; 100 Million Connected Devices Susceptible to Remote Hijacking

Relay Medical Corp. addresses a recent revelation about the widely-used Hikvision, a Chinese state-owned surveillance and connected security camera manufacturer, whereby a critical vulnerability was discovered in more than 100 million connected devices currently operational in the market.

The Hikvision vulnerability affects dozens of IoT device companies, including devices affiliated with brands such as Toshiba, Honeywell, Panasonic, Hyundai and Hitachi. Hikvision owns approximately 40% of the global surveillance and security camera market. Hikvision has admitted a 9.8 vulnerability score which is “the highest level of critical vulnerability” and is estimated to impact more than 100 million connected devices operating in the market.

Recommended AI News: Knoa Software Releases Tools for Quantifying ROI in the Context of Digital Transformation

“Recent Hikvision news demonstrates a widespread problem of software weaknesses and vulnerabilities that are hidden in the software components of connected products this is meant to be addressed by NTIA (National Telecommunications and Information Administration) and its SBoM software transparency initiative. It’s another example of why software and hardware companies need to have internal product security hygiene and processes in place that provide a singular, transparent view into all their products. Cybeats offers holistic supply chain security starting from the design phase, while also continuously assessing, monitoring and eliminating threats in real-time of critical operating devices,” said Dmitry Raidman, CTO and Co-founder of Cybeats.

Malwarebytes identified that Original Equipment Manufacturers (OEMs) rebrand Hikvision cameras and sell them as their own. It could take quite some time before all of these other potentially vulnerable devices are identified. Hikvision is PRC government-owned⁶ but banned by the US-government. It is the world’s largest video surveillance manufacturer and a generally hidden supply chain to many Western companies. Given the deployment of these cameras at sensitive sites, critical infrastructure is potentially at risk.

Recommended AI News: Perforce Software Invests in the Future of Filmmaking with New Virtual Production Initiatives

Cybeats Provides Active Defense Solutions

Having the Cybeats agent integrated into a connected device, such as those affected by this Hikvision vulnerability, would have provided real-time actionable protection to affected brands that were identified by ipvm, such as Toshiba, Honeywell, Panasonic, Hyundai and Hitachi. Cybeats supports manufacturers (such as surveillance and security camera companies) to build connected devices with security in mind, beginning in the design phase throughout the product life-cycle. Lastly, Cybeats IoT RASP capabilities can provide actionable data about the device’s operating state, and allow for threat elimination in real-time as new attacks emerge. Once a device vulnerability is found, Cybeats’s SBOM Studio can provide insight into which devices are affected, and which to recall or which to provide a firmware update. This provides manufacturers with fleet management tools along with efficient and accurate firmware updates to the affected devices.

Other Recent Cyber Attacks

IoT cyber attacks have escalated in 2021, according to Kaspersky. IoT cyberattacks more than doubled with roughly 1.5 Billion IoT attacks occurring from January to June 2021. The study was conducted using software honeypots, which emulate IoT devices as a proxy for vulnerable hardware endpoints. The findings also confirm that the pandemic has exacerbated IoT vulnerabilities by prolonging device usage in household settings.  Many of these devices – whether intended for enterprise or personal use – lack adequate security protocols.

This Hikvision vulnerability news also follows the breach of Tesla security cameras, which came along with the hacking of jails and hospitals. The live feeds and data of 150,000 surveillance cameras, collected by Silicon Valley startup Verkada Inc., were breached in March 2021.Vulnerabilities like these can result in significant service disruptions, as exemplified in the Mirai botnet attack¹⁵ from 2016 whereby the hackers used a botnet of IoT devices including webcams, routers, and DVRs to ‘take down’ the internet in North America for multiple days. Many prominent corporations, including CNBC, Amazon, Twitter, Netflix, Spotify, and Paypal, experienced outages of their website and client server issues, causing shutdowns and service delays lasting several hours.

Recommended AI News: Salesforce Achieves Net Zero Across Its Value Chain and 100% Renewable Energy

[To share your insights with us, please write to sghosh@martechseries.com]