Government belated ban on Chinese CCTV

[Oldgreybeard]

A couple of years ago I replaced our old analogue CCTV system with wired networked cameras and a DVR. Not long afterwards I noticed that our home network was a bit sluggish, particularly when streaming iPlayer or any video service. We don't have very fast broadband out here, it tends to max out at between 10MB/s and 15MB/s, and we can't get anything faster (we already have FTTC).

I installed a bit of software to try and see what was going on, with the intention of complaining to PlusNet. That bit of software (Wire Shark) identified a lot of data going to two servers in China. A bit of sleuthing pinned down the Hikvision CCTV as the culprit. Unknown to me (and there is no mentions of this in the manual) the damned thing constantly communicates with its overlords in China. The fix was to rejig things so the cameras and DVR are all on their own wired LAN, with no connection to the main house LAN or the internet.

It seems that our government has very belatedly found exactly the same thing out: https://www.bbc.co.uk/news/uk-politics-63749696

Goodness only knows how their security people didn't find this out sooner. I'm a numpty when it comes to internet and networking stuff, but it didn't take me long to find out that the Hikvision CCTV system was set up by default to send loads of data back to China. I'm absolutely gobsmacked that the powers-that-be didn't do even the most cursory security checks before allowing this kit to be installed in government offices etc. Perhaps the lack of security explains how CCTV from inside a secure government building was leaked, showing Matt Hancock and his mistress.

[AGT]

Just don’t connect the NVR to the network.
Mine just sits and records, I don’t need apps, notifications, anything is wrong I will scroll back and find the incident.

Can’t be bothered with these doorbells too, getting notifications that someone is at your door every so often.

[Stinsy]

I too found my Hikvision CCTV cameras talking to the mothership without my authority. I disabled their access to the outside world and all has been good. Not that I’m too bothered, my comings/goings are hardly interesting to the Chinese state. And I’m not “politically exposed” so videos of me picking my nose or scratching my ass are unlikely to publicly embarrass me.

However Hikvision has bid aggressively for CCTV contracts in places such as schools and government buildings. This doesn’t affect the majority who (like me) aren’t particularly interesting. However they’re filming the childhood indiscretions of our future politicians, business leaders, and journalists. This could make for powerful blackmail material.

[Oldgreybeard]

Just don’t connect the NVR to the network.
Mine just sits and records, I don’t need apps, notifications, anything is wrong I will scroll back and find the incident.

Can’t be bothered with these doorbells too, getting notifications that someone is at your door every so often.

That is exactly what I did:

The fix was to rejig things so the cameras and DVR are all on their own wired LAN, with no connection to the main house LAN or the internet.

I'm still amazed that the government didn't realise this before buying thousands of the things and setting them up in sensitive locations, including inside government buildings. It simply beggars belief that they could be so incompetent.

[openspaceman]

The apparent need of my Growatt inverter to talk to the server in China and then cfor me to connect to it is what upsets me about mine.

I hope to move to a victron multi some time, except the growatt battery is not a supported one.

[Oldgreybeard]

The apparent need of my Growatt inverter to talk to the server in China and then cfor me to connect to it is what upsets me about mine.

I hope to move to a victron multi some time, except the growatt battery is not a supported one.

Much the same for me with the Sofar, all the data was going to China via the WiFi dongle and the only way to access it was to connect to the same Chinese server and get it back, either using the Solarman app (which is a bit flaky) or by getting access to the Solarman data from China. The fix I opted for was to knock up an ESP8266 and RS485 converter and connect directly to the inverter, with the data only being available over our own LAN. The unit I put together uses a variation on the code put together by Colin McGerty, here: https://github.com/cmcgerty/Sofar2mqtt

I believe this approach works with pretty much any inverter that has an RS485 Modbus port, although the code will need reworking as it seems all inverters use a different approach to making data available or allowing external control.

A way that avoids the need to build hardware is to use an Elfin RS485 to WiFi or Ethernet module. These are about £20 or so, from High Flying (sold on Aliexpress). They will interface with Home Assistant, but HA does need to be configured to access the data registers in the inverter, so there is still a bit of code that needs to be written, or edited. Not many people seem to be playing with the Elfin modules yet, which is a pity, as it means there's not much knowledge available within the HA community yet. I've just bought an Elfin EW11A (the WiFi version) and will start playing around with it soon to see how easy it is to get data from the Sofar.

[openspaceman]

Unfortunately I think doing that is beyond me

[Oldgreybeard]

Seems the US is going a bit further: https://www.bbc.co.uk/news/world-us-canada-63764450

The US has banned the sale and import of new communications equipment from five Chinese companies, including Huawei and ZTE, amid concerns over national security.

Other companies listed include Hikvision, Dahua and Hytera, which make video surveillance equipment and two-way radio systems.

It is the first time US regulators have taken such a move on security grounds.

Hikvision said that its products present no security threat to the US.

It said the decision "will do nothing to protect US national security, but will do a great deal to make it more harmful and more expensive for US small businesses, local authorities, school districts, and individual consumers to protect themselves, their homes, businesses and property."

Huawei and others have previously denied supplying data to the Chinese government.

The US Federal Communications Commission (FCC) said its members had voted unanimously on Friday to adopt the new rules.

[Swwils]

Name an equivalent UK product? I'll wait.

[Oldgreybeard]

Name an equivalent UK product? I'll wait.

That's the very crux of this issue, isn't it?

UK made CCTV kit was just far too expensive when compared to imported kit, so imported kit now dominates. The fact that some imported kit is bound by conditions placed on the manufacturers by a government that has an interest in gathering data from other countries seems not to have been considered, because we live in an age where price is more important than security.

There's also the added issue that privacy is not considered to be at all important my the vast majority of people any more. I find this disturbing, but then I grew up during the Cold War, when spying and national security was something of great concern to all. People today seem content to have any amount of personal data exploited by others as long as they can get relatively cheap widgets. The only question is really how far should this general acceptance of spying on everyone go?