Hikvision and Dahua Surveillance Cameras: Global Locations Report

Chinese firms Hikvision and Dahua have enjoyed stratospheric growth to become the world’s biggest video surveillance companies despite repeated allegations of enabling systematic human rights abuses in China.

Hikvision^[1] and Dahua^[2] are two Chinese companies among many^[3] that have been found to create technology that can be used to racially profile Uyghurs.

Both companies have also been accused of posing significant privacy and security risks to citizens around the world due to their links with the Chinese Communist Party.

Despite facing a variety of trade restrictions in the U.S.,^[4] this investigation shows that efforts to decouple the American and Chinese tech sectors have had limited success. In fact, more than one in ten camera networks identified in this report are in the U.S.

This investigation is the first to comprehensively map Hikvision and Dahua camera networks active outside China.

In doing so, we identified the countries and cities most surveilled by these controversial firms’ technology.

Note that this report identifies networks of cameras, each on a single Internet Protocol (IP) address, rather than individual cameras. As networks tend to comprise multiple devices, the total number of individual Hikvision and Dahua surveillance cameras covered by this report will likely be many times higher than six million.

See our Background Information section for additional details of the companies’ past controversies.

Hikvision and Dahua have faced a series of trade restrictions in the U.S. due to their alleged role in the repression of the Uyghur Muslims and other minority groups in Xinjiang, north western China.

In October 2019, both companies were added to the Department of Commerce’s ‘Entity List.’^[5] The Bureau of Industry and Security states that “transactions of any nature with listed entities carry a ‘red flag'” and U.S. companies must now receive a special license to sell to either Hikvision or Dahua.^[6]

The decision followed the 2019 National Defense Authorization Act which prevented either company from selling their equipment to U.S. federal agencies.^[7]

More recently, Norway’s Council on Ethics recommended excluding Hikvision from the country’s wealth fund investment portfolio because of the company’s “role in the mass surveillance of the population in the Xinjiang region of China.”^[8]

In its 2021 report, the UK Foreign Affairs Committee called for a ban on Hikvision operating in the UK among measures intended to “pressure the Chinese government to end its persecution of Uyghurs”.^[9]

According to a report by IPVM, Hikvision “is financing around $145m worth of Xinjiang police video surveillance projects” and both companies have faced accusations that their technology can be used to automatically detect Uyghurs.^[10][11][12]

Hikvision has stated that it “takes global human rights very seriously”. A spokesman told Reuters that “all our business is required to align with the company’s compliance policy” but declined to say what its compliance policy was beyond that it was in line with local laws.^[13]

Dahua have similarly claimed that the company “adheres to the business code of conduct, and follows market rules as well as international rules.”^[14]

As well as the human rights concerns, both companies have also faced accusations that their technology poses a risk to citizens’ digital security and privacy.

In 2018, a US-China Economic and Security Review Commission report warned:

“Through IoT products and services, Chinese firms may be transferring data from their U.S. consumers to China, where the government retains expansive powers to collect and exploit data with little regard for privacy or ownership concerns.”^[15]

Dahua has also been described as “terrible at cybersecurity”,^[16] and Hikvision has been subject to similar criticism.^[17]

Most recently, a critical vulnerability affecting Hikvision cameras was discovered by a security researcher in September 2021, who found dozens of models of Hikvision devices could be hijacked remotely without requiring log-in credentials.^[18]

These concerns have been exacerbated by the companies’ links to the Chinese state.

Hikvision, or Hangzhou Hikvision Digital Technology Co., Ltd. as it is formally known, is 42% owned by Chinese state investors, while Dahua Technology Company is 2.4% owned by such investors.

More broadly, the degree of autonomy provided private companies in China has repeatedly been called into question.

Despite accusations of enabling human rights abuses and their poor cybersecurity track records, Hikvision and Dahua have been free to rapidly expand around the world.

In the process, they may have compromised the digital security and privacy of millions of citizens worldwide.

In the Oct 2021 update, Dahua and Hikvision surveillance camera networks were identified via Shodan scans and compiled from all relevant searches over the course of Sep 2021, generating almost 11 million results. Camera networks were inferred from unique IP address and port combinations. Additional geolocation data was sourced via MaxMind and combined with the dataset using in-house tools, following extensive data cleansing.

This data replaces the original findings that were derived from data collected in Oct-Nov 2020. Due to changes in the way Shodan scans operated in the intervening period, it was not possible to perform a fair comparison between the two datasets.

Findings for all countries and the top 1,000 cities are available via this Google Sheet.

About Us

Since 2016 we’ve focused on testing and reviewing virtual private networks, and over the years we’ve helped our readers find secure VPNs to stay safe and private on the web.

We also inform our readers about digital rights, privacy and security matters through our expert research and investigations.

^{[1] https://ipvm.com/reports/hikvision-uyghur ↩}

^{[2] https://ipvm.com/reports/dahua-uyghur ↩}

^{[3] https://www.bbc.co.uk/news/technology-55634388 ↩}

^{[4] https://www.reuters.com/article/us-china-usa-restrictions/factbox-trump-administration-measures-against-chinese-companies-idUKKBN29C17E?edition-redirect=uk ↩}

^{[5] https://www.federalregister.gov/documents/2019/10/09/2019-22210/addition-of-certain-entities-to-the-entity-list ↩}

^{[6] https://www.bis.doc.gov/index.php/cbc-faqs/faq/281-1-what-is-the-entity-list#faq_285 ↩}

^{[7] https://www.congress.gov/115/bills/hr5515/BILLS-115hr5515enr.pdf ↩}

^{[8] https://etikkradet.no/hangzhou-hikvision-digital-technology-co-ltd-2/ ↩}

^{[9] https://committees.parliament.uk/committee/78/foreign-affairs-committee/news/156425/foreign-affairs-committee-publish-report-never-again-the-uks-responsibility-to-act-on-atrocities-in-xinjiang-and-beyond/ ↩}

^{[10] https://ipvm.com/reports/xinjiang-dahua-hikvision ↩}

^{[11] https://ipvm.com/reports/dahua-uyghur ↩}

^{[12] https://ipvm.com/reports/hikvision-uyghur ↩}

^{[13] https://uk.reuters.com/article/us-hikvision-china-insight/hikvision-a-surveillance-powerhouse-walks-u-s-china-tightrope-idUKKCN1VJ05C ↩}

^{[14] https://www.dahuasecurity.com/my/newsEvents/DahuaNotice/647 ↩}

^{[15] https://www.uscc.gov/annual-report/2018-annual-report-congress ↩}

^{[16] https://ipvm.com/reports/dahua-psa-sia ↩}

^{[17] https://www.csis.org/blogs/technology-policy-blog/hikvision-corporate-governance-and-risks-chinese-technology ↩}

^{[18] https://www.forbes.com/sites/leemathews/2021/09/22/widely-used-hikvision-security-cameras-vulnerable-to-remote-hijacking/ ↩}