IP Camera Cybersecurity Rankings - Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision, i-PRO, Uniview, Vivotek
IPVM has released brand new rankings of 9 manufacturers' camera cybersecurity across 9 categories and 50 criteria, watch the video below for an overview.
IPVM tested 9 manufacturers for this ranking, evaluating Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision, i-PRO, Uniview, and Vivotek based on the criteria explained in the IP Camera Cybersecurity Comparison Criteria.
In this report, we detail the best and worst across 9 main categories, which include 50 total criteria.
- Fundamental Built-In Security Features
- Advanced Built-In Security Features
- Attack Surface - WebUI
- Attack Surface - HTTPS / TLS / SSL
- Attack Surface - Disabled Services
- IP Camera Digital Fingerprinting
- Cloud / P2P IP Camera Connection
- Firmware Updates
- Manufacturer Cybersecurity Support
Also, see our other related reports:
- Cloud IP Camera Cybersecurity Shootout - Ava, Meraki, Rhombus, and Verkada
- Hanwha Cybersecurity Risks Tested
- Hanwha 1 High and 2 Medium Security Vulnerabilities 2023
- Verkada IP Camera Cybersecurity Tested
*** ********* ************* *** ******** ******** were ******.
- ********: *.**.*.**
- ****: **.*.**
- *****: *.**.**** (********)
- *****: **.***.*******.**.*, ***** ****: ****-**-**
- ****** *-******: *.**.**
- ****** ******* *: *.**.**
- *********: **.*.** ***** ******
- *-***: *.**
- *******: ****-*****.**.**.******
- *******: ****-*****.**.*.****** (**** *********)
- *******: *.****.**.***
*** ******** *** ********* ** * groups: **** *******, ******* *********** (* manufacturers), *** ***** (* *************).
****: **** ***** ** ****** *** and *** **** ************* ** ****.
Executive *******
**** ***** *********** *********** ******* ********* manufacturers' ** *******. ***** ** *** ranking ** *** ****** *******.
*** ***** ****** ************* ********** ************** *** ********** ** **** ******** and ********.
Best *******
**** ******* ******* *** **** ************* focus, **** ****** ******* ** * out ** * **********. **** *** the **** ************ **** **** ******* in *** * ************ ************* ******* criteria. **** *** **** ** ** Camera ******* **************, **** * *** of *, *** ** ******* **** network ********* ******** ********* **** ****** to ****** ***********.
Average **********
****** ******** *** ****** ******* ** HTTPS/TLS ******** *** *****-******* ******* ** Fundamental *****-** ******** ********. ****** ******** offers *** ******** *** ****** ***** information-gathering **********, *** ****** ***** ****** be ********.
********* *** ****** ******* ** *****/*** IP ****** **********, ****** ** **** found ******* ************* ****** ** *** Hikvision ******* *** ************* **** *** Cloud. ********* **** *** ***** *** chip ********, ****** ** *** ***** force ***** ******* *** ***** ******* by *******.
****, ***:
- ***-******* * *** / ***** ************* Tested
- ***-******* * *** / *** *************** Analyzed
- ******** *************** ** ********* ***-*******, ********* Hides **** ******
****** *-****** *** ****** ******* ** Attack ******* - *****/***/***, ******* ******* in * *** ** * **********, with *********** ******* **********. ******-**** *-****** (**** ******)**** ********* ***, *** ***** * TPM ****, ****** ****, *** ****** firmware.
** ******* ** *** ****** ******** version ********* *** ***** **** *** previously ***** *****, ***, *** **** issues **** **** ********.
***** *** ****** ******* ** *****/*** IP ****** ********** *** *****-******* ******* in ****** ******* - *****/***/***. ***** offers *** **** ********, ****** ** missing ***** ***** ***** *******, *** default ******* **** ******* *****, *** camera ***** ****** ** ********.
** ******* ** *** ****** ******** version ********* *** ***** ** ******* to *** ******** *******.
******** *** *****-******* ******* ** **** Attack ******* ********** *** *********** *****-** Security ********. ******** ****** *** ********, though ** ** ******* ******* *******, but *** ***** ******* ** *******, supports *** **.*, *** *********** ****** access ** ********* ** *** *** server ******* **************.
*-*** *** *****-******* ******* ** ****** Surface - *****/***/***. *-*** ****** *** security *** *** ***** ******** ******** updates *** * ****** ** * years ***** ***, ****** **** ** misconfigured ***** ** ** ******* ** default, ***** *-*** **** ** **** is ******* ** ** ******** ** default ** ****** ******** *******.
***** *** *****-******* ******* ** *********** Built-In ******** ********. ***** ******* **** the *** ****** ******-********* ************* *** vulnerability, ***** ******* *** *** **.*, and *** ******** ********* ********* ******* by *******.
** ******** *** ** ******* ******** version *** ***** *** ***** ****.
******* *** ******* ******* ** * out ** * **********, **** ******* being *** ********* ** *** ************* in ******** *****-** ******** ******** **** Trend *****'* *** ******** ******** ******** into ***** *******. *******, **** *** not ******** ***** ****-****** ********.
*** **** **** ************* ***** ***** ***** ******** ****** App ******
Worst *******
******* *** ******* ******* ** * out ** * **********, **** *****-******* results ****** * **********. ***** *** minimal ********** ** *** ******** *** performance ** **** *** ***-****-********* *******. Uniview *** *** ** *** ******* overall ** *****/*** ****** ******* *** has **** *********** *****-** ********.
Summary *****
***** ** *** ********** ***** ******* tested *******, *** ***** ** **** provide ******** *********** ** **** **** (click ** *******).
Differentiators ********
*** ******* ************** ******* *** **** performers *** ***** **********, ***** *** categories, *** ** ****** ****** *******. Axis, ****** *-******, *** ****** ******** offer *** ********* ******* *****/***/*** ********, with ** ******** ******* *** ***** and *** **.* ******* ** *******.
*******, ***** *** ******* *** *** HTTPS ** *******, ***** *****, *******, and ******* *** **** ******* *** v1.3 *******. ****** *******, ******* **** supports ********** *** **.*/**.*, ** **** as ******** *******. *******, ***** *********** were ******, *** ********* ****** ********* without ************** *** ******* *********.
*********** *****-** ******** **** ****** ****** varying *******, **** *** ****** ********** not ******** ***, ****** ****, *** Signed ********. *******, ********-********** ***** *** i-PRO ** *** ******* *****-***** ***** locking.
************ ************* *** ********* **** *******, with **** **** ******* ******** ** all * **********. ******** **** ** Materials (****) *** **** **** ******* (LTS) ******** *** *********** ******* ******** for **** ** ****** *************.
Fundamental *****-** ******** ********
*********** *****-** ******** ******* *********** *** based ** ********* *** ******** **** ensure ****** ****** *** ** *** device *** **** ******* ********** ******* from ******** ******.
** ******* ********* *** *** **** feature ********* ** *** *************. ******* Platform ****** ***** **** **** ******* by *********, ****, *****, ****** ******* 7, *** *-*** *** *** **** typically ***** ** ***** ******-**** ** camera *****. ****** *-******, ***** ** Ambarella ***, *** *** ***** * TPM.
***** *******, ** **** **** ** prevent ***** ***** *******, *** ****** supported, **** ***** *** *-*** *** offering **. ******'* ******* * ****** after * ******** ***** ** *******.
Advanced *****-** ******** ********
******** *****-** ******** ******* *********** *** based ** ************* ********** ** ******* devices **** ******* *** ****** ****** login:
*********, ****, *****, ******, *********, *-***, and ******* ******* *** **** ****** 802.1x ***-***, ***** ******** ***-****, *** Uniview ******** **** ***-***, ***** ** based ** ******** *******, ***** ** less ****** **** ***. ***** ******** are ******** ******** ** *********** ******* monitoring ******* *** *** *** ********** in *** ******/** ******.
**** ***.** ************* ** *************** ** navigate ** *** *** ********* *** configure:
******* ** *** ********* ** *** manufacturers ** ******** *****-** ******** ******** with ***** *****'* *** ******** ******** directly **** ***** *******:
********* **** **** *** ****** ******** details ***** *** ******** *** ********* attacks. *** **** **** ************* ***** ***** ***** ******** ****** App ******.
Device ****** *******
** *** *******, **** ** ******'* attack ******* *** ******** *** ****** based ** ** ******** ** * overall **********; *** ** *************, *****/***/***, and ******** ********.
WebUI *************
***** ************* ******* *********** *** ***** on *** ** ****** ***** ********* and *********** ********* ****** *** ************** and ************* *******.
*** ************* ******* *********/******** **********, ****** only ******** *********** ******* ****** ** resources ** ***** *** ****** ******* authentication, ************* ******** *** ***** ** exploiting ********* ********** *** ****** ********* and ******* ************ ** ********* ******** flaws ** *** ***** ******* *** in *** *** ****** ******.
******** (******* *****) *** **** *** the **** ************* **** ******* ********* WebUI:
***** *** ******** ** ************* ****** use ***** ****** **************, ** ***** in ******* **** *********** ***** ************** solutions *** **** ************* **** ** unexpected *** ********, ***** ** * potential **** ** ******.
** ******* ** * ********** *********** WebUI ************** ******** ** ******** ************** ****** **** **** ******** on ** ****.
Default **** ********
****** *******, ** ***** **** ***** has *** ******* **** ******** **** do *** **** ******* ********* ***:
******** ******** **** ************* *********** **** ********* **** ** ******** for ***** ********. **** ******** **** the '****' *** '****' ******** ****** be **** ** *** *** ********* without *** *********.
Default ********** ********
****** *******, ** ***** **** *** i-PRO **** *** ******'* ****** ****** as *** ******* ********** ******** ******* forcing ** ** ****** **** ******** data **********.
*-*** **** ** **** **** **** planning ** ***** * ******** ****** upon ********** ** *** ****-**** ******** roadmap.
Password ***********
****** *******, ** **** ********** **** i-PRO ********** *** **** ********** ********, along **** ********* *** *********, ***** adding *** *****.
**** ***** *** ****** **** *** the *********** ********/******** ** * ********** library *** ********* ** ** ****** as * *****-**-*******.
*-*** **** **** **** **** *** planning ** ******* *** ********** ** password **** ** *** ****-**** ******** roadmap.
HTTPS/TLS/ ***
*****/***/*** ******* *********** *** ***** ** whether ***** ** ******* ** *******, what *** ********* *** ****, **** ciphers *** ****, *** **** ************* issues *** *****.
********, ****, *****, ****** ********, ****** A-Series, *********, *-***, *** ******* **** HTTPS ******* ** ******* *** **** not ******* ******** ********* **** ** TLS **.* *** **.*. ******* **** have ********** *** **.*/**.* ******* ** default.
** ******** *** ** ******* ******** version *** ***** *** ******* ***-**** but ***** ****, ***** ******* ****-********* was *******, *** *** *********** ************* issues ******:
- *****
- **** *** **** ***** ******* ** default *** **** *** ******* *** v1.3,*** ******* **** *******.********* **** *** ************** ** ****** client-initiated ************* ** ********** ** ****** of ******* (***).
- *******
- **** *** **** ***** ******* ** default *** **** *** ******* *** v1.3,*** ******* **** *******.********* **** *** ****** ************* (*** 5746) ************** ** ****** *** ********* or ** **********
*******, ** ******* ****** *-****** ******** and ******** *** ********** ***** ***** port (***/***) **** ** *******, **** if ***** *** *** ******* ** the ******.
Disabled ********
******** ******** ******* *********** *** ***** on *** **** ********, **** ** which *** ** ******, *** ******* by ******* ** *** ** ******, which ********* *** ****** *******.
**** ** ******* ** ******* ** all *** ************* ******* **** ** the ******** **** ** ****** ***** in **** *******. *******, ****** *******, we ***** *** ***** ******* ** the ***** ****** **** * *********** service *** ********, *** ***** ** no ****** ** **** **** *** ONVIF ******* ** *******. ***** ***** services *** ** ********, ** ** more ****** **** **** **** *** be.
**** *** ******* ******* ****-********* ********, our ******** ******* ** *** ****** Name ****** (***) ******* *** ********* on ***/** ***** **** *** ******* Hanwha *-****** ********, ***** *** ******** finding **** **** ******* ** *******, even ****** **** *** *** ******* in *** ****** *** ********.
** ******** *** ** ******* ******** version *** ******* ***-**** *** ***** none, ***** ***** *** *******, *** additional ******** ******** ******* ****** ***** remain:
- ******* ***-****
- *** ******* ********* ** ***/** *** TCP/85
- *****
- **** *** *** ***** ***/**** ******** enabled ** *******
*** *-*** *** ******* ***-**** **** the **** ** ******* **** **** enabled ** *******, ******* ******* ***-**** could *** ** ********.
IP ****** ******* **************
** ****** ******* ************** *********** *** based ** *** ** ******'* ********** for ******** *********** ********* ***** *** camera, ********* ** *******, *****, ******** version, ***.
** ***** **** ****/**** ********* ******** is *** ********* ** ******** ** most *************, ****** *** ****, *****, Hikvision, *** *******, ***** **** ** enabled ** *******. ******* **** *** discovery ******** *** *** *** *** traversal.
****, *****, *** ********* **** ******* enabled ** *******, ***** **** *** the **** ************ **** **** *** enabled ** *******.
*** *** ******* ******, ***** ******* by ******* ***** ** *** ******** to *** *** ***** ********* ******** with * ******** ** ******* ***** with *****/*****/****** *** ********* *********** ********* protocol.
************, *** ***** *** *********, ** recommend ******* *** ******* ** ****** ***** *** ********* Devices ****** ************ **** ******** ** ** ******** 2022.
** **** ****** *********** ***** *** tested ******* ***** ***** ********* ******** which ******** **** **** *** ********.
*** ********* ******** ** ******** *** local ***. **** **, ** *********** sends *** * ******* ** * multicast ******* (*.*., ***.***.***.***) ** ********* address (*.*., ***.***.***.***), ***** *** ********* will ** **** **** ** *** sender. *******, **** **** ** ******* can **** ** ******** ** ******** IP ********* ** ****** ********* *** multicast/broadcast ******* **** *** ******** ** address, ***** ***** **** *** *** packet *** ****** ******* *** ***** network, *** *********** *** ** ********* remotely.
***** *** * ******** ** ** camera *********** ********* ******* ***** ************** that ******** **** *********** ***** *** targets.
********
** ********** *** ************, *** *******, Model, *** ******** ******* *** ** ONVIF *******:
****
** ********** *** ************, *****, *** Firmware ******* *** ***** ********:
*******
** ********** *** ****** ***** *** an **** *******:
Cloud / *** ** ****** **********
***** *** *** ********** *********** *** based ** **** ********** *** ******* services ***** ** ******* **** ****** cloud ** *** ****** ************ ** be ********** ** ******.
*****/*** ***** ******* **** ** ****, Bosch, *****, *********, *** ******* *** disabled ** ******* **** ** ******** connectivity, *.*., "***** ****". ** **** as ***-*****/*** ***** ******* **** ** Avigilon, ******, *-***, *** ******* **** also ***** ** **** ** ******** connectivity, *.*., "**** ****".
*****, *****, *** ********* **** ***** with ****** ************, ***** **** ******* devices **** **** *** **** *** not ******* *** *************.
****** ************ *** * ******** ********* set ** ************* ** ***** **** authorized ************ ******* *** ****** *** Cloud/P2P, ****** *** ** *** ****** (MiTM) ********* **********.
Uniview ******* ***********
**** ********** **** ******* **** *** use ***** *** ***** ***** ***********, making **** *** **** ********** ** MiTM ******* *** ******* ** *** from ***** ***** *** **** ** sniffed ** ************ *******, ** *** below ******* *****:
Firmware *******
******** ****** ******* *********** *** ***** on *** ************ ** ***-********* ******** for ************ *** **** ** ******** updates.
*** ************* ***** ***** ******** ** firmware, **** ******* **** ** ******* the ***** ***** *** *******, ***** Axis *** *** ******* ** **** the ***** ***** *** ********* ******** via ***** *******.
****, ***** **** ******* ** ***** IP ******* *** ***** *****-** ********, we ****'* ******** ********* ******** ******* or ******** *** ******** *******.
***** ** ** ******* ** ***** for **** ***** *** ***** ******** checks.
**** *** ******* ***-**** ******** **** not ********* *** ***********, ***** ******* NDAA ********* *** *** ***** *************' firmware **** *********.
Manufacturer ************* *******
************ ************* ******* *********** *** ***** on *** ************'* ******* ************* ******* and *****, ********* ******** *** ******** transparency *** ****-**** ******** *******.
***** *** ************* ******* ***** ******** guides *** ******** ******** ***** ****-****** licenses, ******* ***** *** ** *** disclosing ***** ****-****** ********, **** *** good ******* ** * **********, *** only ************ **** ******** * ******** bill ** ********* *** * *** bounty *******. ****, ******, *** *-*** offer *** ******** *** *********** *********** management.
Centralized *********** **********
**** ****** ************* *** *********** ******** Certificates ** *** ****** ******* ****, with ****** ********* ******** *** ********** of ******** *****. **** *** **** integrators/users ** ****** **** ************** *** secure **** ****:
** ****** *** *********** ********** ** setting *** "****** ** ****" ***** to * *** ********** *** *********** was *******/*******.
Cybersecurity *****
************* ****** *** ******* ******* ** IP ****** *************, *** ** ***** that *** ****** **** *** ** camera ******** ********* **** ******** *** helpful ***********.
SSH ********
****, *****, *** ********* ***** ************** to ****** *** ******* ***** ******, with **** ********* * ***** **** shell. ***** *** ********* **** ***** respective ********* ******.
****** *** ************* ** *******, **** discovered **** ** ** ******** ** an ************* ** ****** *** ****** to * ********* *****:
* ********* ***** ***** **** *****, Hikvision, *** ******* **** ** ******** to *** ** ** ** *** shell **** *** ********** ********* *********, for *******, **** ******** ************ *******, troubleshooting, *** ****. **** *** ** SSH ***** **** ** ********** *********, providing * **** **** *****.
*****, *********, *** ******* **** ***** own ********* ****** ** ******* **** shells **** ***** ********* *****, *** how ** ***** ** ****** *** scope ** **** *******.
*******, ***'** *****, ** ****'* *** enough *****. ******** *** **** *** corrected.
***************, *** ****** ** ** *** my ***** ******** ******.
*** ** **** ******* ** ***** in *** **** ****** **** "**** 140-2"?
** ** **** **** ** ****** cameras **** *** "***** ******" ******* being ** ** ********** ****.
** ***** *** **** ** ***** for **** ******* ** ****** *****? Like ***, ***, ***, ***, ***. with ******* ****** ** **** ***.
**,
**** ** *** ******** *** **** ranking *** **** ******* **** ******, and ** ***** **** ** ** difficult ** *** ** ********** *** have ** ******* ** **** ******* about ********, ****** ******* ************* ** not ***** *********** ***** ********* ******** and ********* *** ********* ************ *** the **** ******. *************, ***** *** no **** *******, ***** *** ** try ** **** ** ****** **** these ***** ** ******* ***** ** go ****** *** *********, ** ********** test, *******, ***** ********* ******** *** what's **** *** ***.
***** *****. ********* *********!
******: *** ****** *-****** ******** *** text ** *** ****** **** **** updated ** ******* *** ******* *****, TLS, *** ****** ******* ********. **** factory ***** ***** ***** ******* ** default, **** *** *.* *** *.*, and **** ******** *******.
**** * *** ** *** **** an ******** ****** **** *** ***** password ***** ******* ***** * *** this. ***** *** **** ****** *** firmware *** ******.