Hikvision Canada Inc Advisory

Published: Wed 02 July 2025

Prepared by: Brandon Sawyer, Associate Vulnerability Analyst

Purpose

The Triskele Labs team has been made aware on 30th June, 2025, that Hikvision Canada Inc. has been ordered to cease all operations in Canada following a national security review. The purpose of this alert is for strictly informational purposes only.  

Details

Hikvision Canada Inc. is a Canadian subsidiary of Hangzhou Hikvision Digital Technology Co., LTD., the worlds largest manufacture of video surveillance equipment. Canada's minister of industry Mélanie Joly announced that following a national security review under the Investment Canada act, the Canadian government has ordered that Hikvision Canada Inc. to cease all operations and close its Canadian business.

The Canadian government has determined that Hikvision Canada Inc's continued operations in Canada "would be injurious to Canada's national security". This determination was a result of a multi-step review that assessed information and evidence provided by Canada's security and intelligence community. They did state, the scope of this national security review did not extend to Hikvision's affiliates outside of Canada.

In addition to this action, the Canadian government has prohibited the purchase or use of Hikvision products in government departments, agencies, or Crown corporations. Similar actions had already been introduced by other governments across the world, including the United States in November 2022 and the Australian government in February 2023, following global concerns regarding national security.

The United Kingdom (UK) also followed the US in November 2022, initially banning Hikvision from government departments and agencies. However, in October 2023, the UK recommitted to using Hikvision in certain government facilities. Those excluded from using Hikvision in the UK were facilities considered “sensitive sites”. While these sites were never publicly disclosed for security reasons, it was reportedly applied to areas “where security considerations are paramount – for example, defence and intelligence facilities”.       

Impact

At the time of writing there is no known vulnerabilities or exploitations associated with the above release. Triskele Labs clients are urged to keep updated with any new and relevant information regarding Hikvision Digital Technology Co., LTD., and its affiliates, to help inform decisions around their cyber security posture.    

General Security Recommendations

• Ensure services are not exposed to the internet, especially relating to admin panels and disable any services not in use eg. UPnP, remote access.
• Change any default credentials and apply unique and strong passwords.
• Ensure these devices are segregated away from the corporate network with use of VLANs. If compromised, this would avoid any lateral movement.
• Perform network-level monitoring on the segregated zone hosting the camera/s.
• Use firewalls. Restrict all IPs that should not be communicating with these devices.
• Limit who has access. Implement role-based access to these devices.
• Keep firmware up to date and ensure the source is coming from the official manufacture.  
  
  

References

• https://www.bleepingcomputer.com/news/security/hikvision-canada-ordered-to-cease-operations-over-security-risks/#comments
• https://www.securityweek.com/canada-gives-hikvision-the-boot-on-national-security-grounds/
• https://www.bleepingcomputer.com/news/security/us-bans-sales-of-huawei-hikvision-zte-and-dahua-equipment/
• https://www.theguardian.com/australia-news/2023/feb/09/chinese-made-security-cameras-to-be-removed-from-australia-government-buildings
• https://www.theguardian.com/uk-news/2023/oct/23/chinese-surveillance-firm-hikvision-recommits-to-uk-after-new-guidance