In a shocking revelation, it has been discovered that child pornography is being distributed online through hacked Hikvision cameras, with culprits employing Hikvision’s current Hik-Connect app to disseminate pornographic content illicitly. This represents a grave misuse of video surveillance systems, sparking urgent discussions about online security.
During a rigorous investigation, it was found that numerous offers were made for inappropriate videos involving minors, listed under unsettling terms such as “cp” (child porn), “kids room,” and “family room”. The crime ring has been successfully operating due to the significant number of unsecured Hikvision and other similar online cameras.
This disturbing issue is the first video surveillance cameras being systematically exploited in a criminal, pornographic enterprise. Akin to the disturbing incidents of an ADT technician who abused access to customers’ surveillance systems for sexual gratification, and a British man arrested for selling photos of naked children from hacked IP cameras, this incident highlights a dangerous trend in digital crime.
Hikvision expressed their ignorance of such crimes until contacted by investigators. The company expressed profound concern over the allegations and promised to assist law enforcement in bringing the perpetrators to justice, despite admitting that it had not attempted to verify them.
Worryingly, Hikvision declined to comment on its efforts to rectify the issue concerning the vast number of still-vulnerable devices. Though the company has published various fixes, it appears to need more to publicise or reach out to impacted users to prevent these attacks.
Upon recognising the involvement of child pornography, the investigating organisation promptly contacted the US Federal Bureau of Investigation (FBI). They also facilitated further communication between Hikvision representatives and the FBI, sharing additional information to assist the Bureau in its investigation.
Content from these illicit activities is being openly sold and shared across at least seven public Telegram channels. Despite Telegram’s claim of actively moderating harmful content, the platform has faced criticism for lax content moderation. The messaging platform is now investigating these channels.
An examination of Telegram channels offers revealed this criminal operation’s chilling scale. Snapshots from hundreds of hacked Hikvision cameras were posted to entice potential buyers, with prices ranging from $3 to USD 6 per hacked ‘cam’.
It was found that these criminals used the Hik-Connect app for distribution. The sellers added hacked cameras to the Hik-Connect app, which accessed the camera directly. Then they used the app’s QR Code functionality to share or sell these on various Telegram groups.
There is a rising concern regarding cloud video surveillance providers forcing firmware updates on devices. However, Hikvision’s Hik-Connect does not force such updates, leaving many Hikvision devices significantly out of date and vulnerable.
The misuse of these surveillance systems is not limited to Hikvision. The investigating organisation also found criminals hacking or exploiting a vulnerability in Hik-Connect using a standard functionality, though it was with Hikvision cameras that had been hacked by other means.
The investigation concluded with an alert that the sale of child pornography seems to be the primary concern behind these crimes. The organisation behind the investigation reiterated the need for stronger cybersecurity measures and urged companies like Hikvision to take more stringent actions against such breaches.