this post was submitted on 11 Sep 2023
31 points (87.8% liked)

United Kingdom

4114 readers
248 users here now

General community for news/discussion in the UK.

Less serious posts should go in [email protected] or [email protected]
More serious politics should go in [email protected].

Try not to spam the same link to multiple feddit.uk communities.
Pick the most appropriate, and put it there.

Posts should be related to UK-centric news, and should be either a link to a reputable source, or a text post on this community.

Opinion pieces are also allowed, provided they are not misleading/misrepresented/drivel, and have proper sources.

If you think "reputable news source" needs some definition, by all means start a meta thread.

Posts should be manually submitted, not by bot. Link titles should not be editorialised.

Disappointing comments will generally be left to fester in ratio, outright horrible comments will be removed.
Message the mods if you feel something really should be removed, or if a user seems to have a pattern of awful comments.

founded 2 years ago
MODERATORS
 

The Co-op is to ban the use of Chinese CCTV in its supermarkets after warnings over ethical concerns and security risks. The company – the fifth-biggest food retailer in the UK, with 2,500 stores nationwide – is to phase out all CCTV cameras from the Chinese firm Hikvision.

top 12 comments
sorted by: hot top controversial new old
[–] [email protected] 10 points 1 year ago (3 children)

Correct me if I’m wrong, but can’t most Hikvision cameras work completely offline? Block them from reaching out to the internet, and just connect locally. You could still do remote access through other means, so functionality shouldn’t take a huge hit.

[–] [email protected] 3 points 1 year ago (1 children)

It still allows them access to the rest of your LAN, potentially. Even if you've got them on their own subnet, vlan escape is a thing and mistakes happen.

[–] [email protected] 1 points 1 year ago (1 children)

I’m not talking VLANs, although that is an option. I’m talking about completely blocking WAN access. You could also detect the IPs it’s connecting to, and block them across all your devices.

[–] [email protected] 1 points 1 year ago (1 children)

It's really hard to block WAN access from only a couple devices without putting them on their own physical network that nobody, not even authorized personnel, can access. A determined enough attacker can and will find a way to make a connection through all the hops and firewalls you add, and if there's even a single circuitous route from the cameras to the internet, they have a chance of finding it.

That's also ignoring the potential for there to be a wireless transmitter like Lora built in.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

Let’s be honest here, no system is perfect. Whether it’s devices from China, USA, or here in the UK. Even if it’s properly secure today, it might not be tomorrow. You just need to mitigate risk. There is always something. As for easy/hard to do something… that’s relatively simple in even prosumer software (nevermind Enterprise). 5 minutes in Unifi, or Pf/OpenSense, is all it takes.

[–] [email protected] -1 points 1 year ago

"Really hard" is my polite way of saying "100% impossible."

[–] HeneryHawk 1 points 1 year ago

You're correct. I have had Hikvision cameras for quite some time. I didn't trust them from the start so they can't go online. I can't watch remotely but I don't care about that. Not everyone will be in this position though

[–] [email protected] -2 points 1 year ago

Yeah, but you can't use that to push sinophobia.

[–] [email protected] 5 points 1 year ago (1 children)

I wonder if others will follow suit - Hikvision (not the best of monikers - I always think the installer will be called Cletus) are in a fair few government sites.

[–] [email protected] 3 points 1 year ago (1 children)
[–] [email protected] 4 points 1 year ago

Right, thanks for that. My offices are full of them. Wonder if there's a plan to replace them? I shall ask our security team.

[–] [email protected] 4 points 1 year ago