Notice - Statement on Insecure API Network Traffic in hik-connect.com

 

Hikvision has been made aware of, and fixed, a configuration issue in the Hik-Connect cloud service. Remediation action was limited to the cloud environment, so no action is needed by Hik-Connect users. Hikvision is not aware of any instances where this weakness had been exploited.

 

A log API was not using HTTPS, which, theoretically, allows attackers to obtain information by sniffing the network for HTTP traffic. The issue was fixed on May 7.

 

On May 1, security researcher, bashis, contacted the Hikvision Security Response Center (HSRC) to report a security risk. Once the HSRC confirmed existence of the risk, per cybersecurity best practices, it worked directly with the researcher to reconfigure the Hik-Connect cloud environment and mitigate the risk.

 

Contact us To report any security issues or vulnerabilities in Hikvision products and solutions, please contact Hikvision Security Response Center at hsrc@hikvision.com .