Hacker News posted a story on Mastodon which Brian Krebs boosted. The article comes from a site caled IPVM and is titled Child Pornography On Sale From Hacked Hikvision Cameras Using Current Hik-Connect App.
There are of course some things in this article that I want to highlight to you.
First, HikVision has denied knowing anything about any potential crimes using their own devices. While they’ve put out patches for several vulnerabilities from 2017-2021, it is the users’s responsibility to update their devices.
With this aspect of the article, I disagree. I know that my thermostat checks for updates and so does my doorlock. The provider of both release application updates through the respective app stores.
The other thing I want to mention is the fact that the sale of the supposed porn and other related discussion which includes using their app to get QR codes to connect to devices are done through the messaging application Telegram. In this article, we learn that Telegram is in the UAE in Dubai. While 17 people were arrested according to linked articles, Telegram is known for letting criminal discussion go on within their platform. Just within this article alone, 7 public channels are used for this type of discussion.
The public channels also post links to private channels of children and adults. These may include, but may not be limited to:
- “family home, sometimes a young daughter comes, archive 70 days, [motion] detection”
- “family, bedroom of a young girl, [sexual act described – redacted by IPVM] every day, archive 18 days”
- “big house, young family, beautiful mom, wardrobe, archive from November 9”
- “big family, cameras around the house, rooms of parents, brothers and sisters, detection, archive 4 days”
- “room of two sisters, archive of 20 days, detection”
- “2 cameras in an Asian girl’s room, sound, detection, archive 2 days”
- “women’s section, gynecological office, archive 23 days”
- “wardrobe in a big house , archive 10 months, [motion] detection”
- “single nursing mother, [motion] detection, archive 1 month”
- “cosmetic procedures, sometimes depilation [waxing] and massage, archive 28 days”
- “beauty salon, various procedures, archive 1 month”
- “men’s locker room in the gym, [motion] detection, archive 2 weeks”
- “women’s locker room in the fitness center, sound, archive 17 days”
- “VIP booths in a strip club (8 pieces), some have motion sensor, archive for 5 months [emphasis added]
IPVM is based in the United States, and alerted U.S. FBI and other authorities. Languages within these forums include English, Spanish and Russian but more may be listed.
Hikvision blames IPVM for this type of news, although IPVM also noted that HikVision alerted authorities as well.
If you use this camera, please make sure you update it. Contact Hikvision for instructions. You don’t want to be caught with pornogrophy coming from your cameras. It won’t look good for you if you’re not involved.
Again, the full read comes from IPVM and is titled Child Pornography On Sale From Hacked Hikvision Cameras Using Current Hik-Connect App.
There are images from around the country pointing to what is going on as part of this investigation the publication has done.
Stay safe. Update your device, and thanks for reading!
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.