Short answer: Mr Secured doesn’t install Hikvision (or its OEM brand Hilook) for three reasons: (1) NDAA Section 889 lists Hikvision as a covered entity, blocking it from US federal contracts and increasingly from any organisation that does business with US-linked partners. (2) Repeated firmware-level vulnerabilities in 2017-2024 disclosed at scale by the Mirai botnet incidents and Australian Signals Directorate advisories. (3) Practical reliability and warranty issues we’ve seen first-hand on every inherited Hikvision installation we’ve serviced in Brisbane.
The NDAA + sanctions context
The 2019 US National Defense Authorization Act, Section 889, prohibits US federal agencies and their contractors from buying or using Hikvision, Dahua, Hytera, Huawei, and ZTE equipment. Important nuance: the Act named Dahua as well — but Dahua spun off its US subsidiary Lorex and continues to be widely deployed via NDAA-compliant product lines. Hikvision did not separate, leaving the entire brand on the restricted list.
Australia followed in late 2023 — the Department of Defence ordered Hikvision and Dahua to be removed from all Australian Defence sites. The Dahua removal was reversed in 2024 once their NDAA-compliant lines were verified. Hikvision was not.
For commercial Brisbane sites: any entity in defence supply chain, federal contracting, or US-aligned business CANNOT have Hikvision on premises. That single constraint rules it out for Mr Secured’s target customer base.
The vulnerability history
2017: Mirai-class botnet malware infected ~1 million Hikvision cameras worldwide via default-password attacks. Patched eventually. 2021: backdoor authentication bypass (CVE-2021-36260) discovered by Watchful_IP, allowing unauthenticated remote code execution. Patched by firmware. 2022-2023: multiple Australian Signals Directorate alerts on related families. The Hikvision response cycle has been slow vs Dahua’s; ASD historically cleared specific Dahua firmware versions but not equivalent Hikvision ones.
The reliability data Mr Secured has collected
From inherited Hikvision systems we’ve taken over service on (typically when a customer sells a property or fires a previous installer), 2022-2026 sample of ~80 sites: 28% had a camera fail within 3 years. 14% had NVR HDD failures from cheap drives. 9% had firmware that wouldn’t update without intervention from Hikvision support (which is now hard to access from outside China).
Compared to Dahua sites we’ve installed and serviced: Camera failure rate ~6%. HDD failure ~4%. Firmware updates routine via DMSS app.
What we install instead
Dahua TiOC for residential and SME, Dahua WizMind for high-end commercial. Both lines have NDAA-compliant variants and verified firmware. We pair with Ajax wireless alarms (NDAA-clean) and Akuvox intercoms (separately reviewed).
For Brisbane property owners who already have Hikvision and want it replaced: mrsecured.com.au/contact or call 0490 130 339. We can keep the cabling and recorder shell on most installs; cameras swap in 1 day per dwelling.
