Hanwha Vision Official Statement: Firmware Encryption Key Disclosure

Summary of Findings

Hanwha Vision acknowledges the existence of blog posts and YouTube videos detailing a security analysis of certain Hanwha Vision camera products. Following an investigation by the Hanwha Vision Cybersecurity Team (S-CERT), it has been confirmed that the issue pertains to specific camera models within the Wisenet5, X/T series, Q series, A series, and certain PNM multi-sensor cameras.

As of the date of this statement, Hanwha Vision has not received any reports of security breaches or significant data leakage related to these findings. The analysis of the video and blog content, along with the identified risks and mitigation strategies, are summarized below:

Published Blog/Video Content Summary

• The analysis involved a "Chip-off + Flash Memory Dump" technique to examine the camera firmware. This process was conducted independently of the network and did not involve accessing devices via the network.
• The firmware's encryption key was found to be exposed.

Risk Assessment

• There is a possibility that the firmware could be modified with malicious intent for specific older camera models identified in the video. However, all Hanwha Vision network devices are protected by password-based access control. Modified firmware cannot be installed on a device without proper authentication.
• This risk is similar to that faced by many existing IoT devices that do not support secure updates or secure boot functionalities.

Risk Mitigation Measures

• It is recommended to use firmware distributed exclusively through the official Hanwha Vision website or the Wisenet Device Manager provided by Hanwha Vision.
• To prevent unauthorized firmware installation, it is advised to apply the latest firmware updates.
• For all cameras, it is crucial to manage administrator passwords by using strong, unique passwords.

The official Hanwha Vision websites include:

• https://www.hanwhavision.com
• https://www.hanwhavisionamerica.com
• https://www.hanwhavisionsupport.com
• https://www.hanwhavision.eu

Security Enhancement Measures

• For affected legacy camera models, Hanwha Vision is updating the exposed encryption keys and implementing firmware signature verification to ensure that cameras reject unauthorized firmware files.
• Note: Newer models already incorporate firmware signature verification, rendering them unaffected by this issue.

Hanwha Vision is committed to resolving security issues and maintaining customer trust. Firmware patches and additional updates will be distributed solely through the official Hanwha Vision website. All users are strongly advised to download and install the latest firmware exclusively from the official Hanwha Vision website.