Hikvision Backdoor Exploit

Author: Brian Karas, Published on Sep 03, 2017

Full disclosure to the Hikvision backdoor has been released, allowing easy exploit of vulnerable Hikvision IP cameras.

As the researcher, Monte Crypto, who disclosed the details confirmed, this is:

a backdoor that allows unauthenticated impersonation of any configured user account... the vulnerability is trivial to exploit

Key points from IPVM's analysis and testing of the exploit:

  • The details prove how simple and fundamental the backdoor is.
  • The exploit is already being repurposed as a 'tool', distributed online.
  • A clear majority of Hikvision IP cameras remain vulnerable.
  • Hikvision's heretofore disclosure significantly misled its dealer to the severity of the backdoor.
  • Hikvision, again, has been silent, failing to inform and warn its dealers of this new disclosure.

Plus, IPVM has set up a vulnerable Hikvision IP camera so members can test and better understand the exploit.

Demonstration

We produced the following video, showing just how simple it is to utilize this exploit to retrieve an image snapshot and system information from a camera. We also show using password reset tool to take over a camera:

Inside this post, we examine how the exploit works, how it is being used, how what percentage of devices are vulnerable, and Hikvision's failure to respond to the exploit's release.

**** ********** ** ************ *********** **** ********, ******** **** ******* ** ********** ********* ** cameras.

** *************, ***** ******, *** ********* *** ******* *********, **** **:

* ******** **** ****** *************** ************* ** *** ********** **** account... *** ************* ** ******* ** *******

*** ****** **** ****'* ******** *** ******* ** *** *******:

  • *** ******* ***** *** ****** *** *********** *** ******** **.
  • *** ******* ** ******* ***** ********** ** * '****', *********** online.
  • * ***** ******** ** ********* ** ******* ****** **********.
  • *********'* ********** *********************** ****** *** ****** ** *** ******** ** *** ********.
  • *********, *****, *** **** ******, ******* ** ****** *** **** its ******* ** **** *** **********.

****, **** *** *** ** * ********** ********* ** ****** so ******* *** **** *** ****** ********** *** *******.

*************

** ******** *** ********* *****, ******* **** *** ****** ** is ** ******* **** ******* ** ******** ** ***** ******** and ****** *********** **** * ******. ** **** **** ***** password ***** **** ** **** **** * ******:

****** **** ****, ** ******* *** *** ******* *****, *** it ** ***** ****, *** **** ********** ** ******* *** vulnerable, *** *********'* ******* ** ******* ** *** *******'* *******.

[***************]

Magic ****** ********

********* ******** * ***** ****** **** ******* ******* ****** ** any ******, ********** ** **** *** ***** ******** ***. *** that ****** *** ********* **** ****** ** ********* ****** ********:

?****=************

** *** ********** ********* ** *** **********:

******** * **** ** *** ***** *** ***** *****: ****://******.**/********/*****?****=************ Obtain * ****** ******** ******* **************: ****://******.**/*****-****/********?****=************ *** ***** ****** calls *** ** ************ ** *** **** ***, ********* ***** that *** *** ***** ** ***** ****** ********. ******* **** Hikvision ******* **** ******* ******** ****** ** ***********, *** *** flash ********* **** ** ****** ******** ** ********* ** ********* devices *********** ******** **** **** *** ****** **** ****. *** worst ** ***, *** *** ******** ****** *************: ****://******.**/******/*****************?****=************

*** ********** ********* ****** **** ******** ******** ** ********** ** complete ******** ** ********.********* ******** * ******** *** ** ***** ********** **** ***** **** **%+ ** ********* ******* *** ***** vulnerable (******** *****).

DHS ***** ******* - **.*

***' ******* ** **** ************* ** * **/**** **** **** ************** *** **** *** ********** ** ************ these ******* *** **** ******. **** ************* ** ************* **** critical **** ***** ****** ***** ******** ************* ** *** ******** industry (*.*.:***** ******* ****** ***** *************,***** / ***** *************,**** ****** *************** **** ****** ********** ********), *** ** *** **** ** *******, *** ****** ** impacted *******, *** *** **** **** **** ******** ******* (*.*., 'grey ******') ****** ** *********** ** ******* ********.

Hack *** ********* ******

**** *** *** * ********** ********* ****** ****** *** ******* to ********** ****. ****** ******* ***:

****://*****************.******.***[****: **** **** ***** **** **** ****** ***** ********]

*******, ***** *** ******** ******, **** **** *** ****** ** you *** ****** ****** **************, *** *******:

*** ** ************ ******** **** *** ******:****://*****************.******.***/*****-****/********?****=************

*** ************ ****** ****:****://*****************.******.***/******/**********?****=************[****: *** ****** **** *** "**** *** **** **** *** appear ** **** *** ***** ***********”, **** ** *** ****** info ******* ***** ****]

*** **** ******** ** ********* *** ********, *** ********* *********** *****,****** ***** *******. **** **** ******** *** *********** ** *** ********.

Planted, ******** ** ************?

*** **********, ***** ******, *** *** ****** **** * ******** consistently, **** ********* **** *** ****:

** *** * ***** ** ***** **** ************* **** ** one ** **********

*******, ** ******** ****:

** ** ****** ********** *** * ***** ** **** **** obvious ** *** ** ******* ** *********** ** ** *****, yet ** *** **** ******* *** *+ *****.

Vote / ****

Password ***** **** ***** ** ****

* **** ** ***** **** ********* (********* *** ***** ****) was ******** ****** **** ** *** ******* ************.********* ******** ***** ************ * **** ** ***** ** ** ******* *** * camera, ******** ** * **** ** *****, *** *********** ***** the ******** *** *** ****. ********* *** ****** **** ** this **** ***** *** "****=************" ****** ***** ******** ** ****** user *********.

Tool ***** ******** ****

**** ******** **** *** **** ** ****** *********** ****** *** takeover *****'* *******. **********, **** ** ********* *** **** ********** of *** ****, ********* *** ******** ******* **************'* ******* ******** *****.

300,000+ ********* ********* ******* ******** **********

**** ********* ***,***+ ******* *** ******** **********, ***** ** ****** scan ******* *** *** ********** ******* ** *** *************** ********.

******* **** *** ********* ************ **** **** * ******* ***** ******:

~**% ** * ****** ** ********* ** ***** ******* ****** by **** ****** **** **** **********. ***** ** ******* *** from *** **** ********** ************, ***** ********* ***** ** ********** from ******** *******, ******* ** ***** ****** ******* *********** ********* areas, *** *********, *** ***** ********* **** ***** *** ****** at **** ** ******* **** **********:

*** ****** *** *** **** ******* ** "*****" **** *** text "****** ** ******* *******" **** ********* ** *** *****:

OEMs **********

**** ******** *** **** ***** ** *** *******, ** ****** the ********* ******* *** ***** **** **********:

  • *** *********-*** ** ******** **.*.****** ******
  • ***** **** ****** - **-****** -****** ** ******** **.*.****** ******

***** ********* *** ******* *** ****** ********** ** ****, *********** increasing *** ****** ** ********** ******* ****** *************.

Hikvision ********** *********

*********'* **** ****** *************** ****, **** ** ***** ****, ************* ****** ***** *******:

*****, ********* ****** **** * "*********-********** *************", ******** ** ******** would **** **** ******* ********** ****** ** *** ****** ****** they ***** "********" ***** ********** ** * ****** ****. **** is *****, ** *** ******* ****** ******* ****** ****** ** any ******** ******.

******, ********* ******* ** *** **** ********** ** "****** ******** circumstances", ****** *****, *** ****** *****, **** **** **** ******* vast ******* ** *******, *** **** *********** ***** **** *** attacker *** ******* ****** ** *** ******.

*****, ********* ******* *** ******* "*** *****" ********* ** "******* or ****** **** ****** ***********". *** *****, *** ***** ******* online, **** **** ** ***% ********** ** ******** *******, *** allows *** **** *********** ** "*********" **** ****** ***********, ** allows **** ******* ** *** ******, **** ********, *** ***** configuration **** **** *** ****** ********* ***********, **** ** ***** addresses, *** *** ****** ****.

****** *********'* **** ************* ** ****, ********* ********:

** **** [*** ****], ********* ** *** ***** ** *** reports ** ********* ******** ********** **** **** *************.

Hikvision ** ********

***** *** ********* **** ******* ****** *******, ********* *** **** no ****** ******** *** ** ******* ***** ****, ******* **** the ******* ******** ****** ******** ******* *** ** *** *** exploit ******, ******* ********* ** *********** ****. **** ********** ******* ** ********* ******* ** *********** *** ************** *********** ********* ** *** ******** ***** ** ***** ********.

Comments (107)

**** ********* *********,

*** ** *** **** ** ********* ********* ********** ** ** better. **** * ****** ******* *** **** * **** ******** clearly ***** ***** ******.

***** ** ** **** ** ***** ******, *** **********:

  • ** ********* ** ****** “#*” ** *&*, **** **,***+ ‘*********’, as **** *****, *** **** ********* **** **** ******?
  • ** ********* ** ** ****** *** ***** ** ***** ******** and *********, *** ** **** *** *********** ****** **** ** the ***** **** **** ********** ** *** *******?

******** *** ****** ** **** *****, ****** *********:

#*) *** ** **** ****** ********* **** **** ******** ****** detailing *** **** ***** *****? ** ** * ******* *********?

#*) *** ********* ***** *** ******* **** *** ****** *********?

#*) *** ** **** ****** ********* **** **** ******** ****** detailing *** **** ***** *****? ** ** * ******* *********?

** *** ******** ******, *** ******* ** *** *************, *** how ** ******* **, **** *** *****. ** **** ******, *** ****** ************* *** **** *********, *** it ** ********* ****** ** *******. *** ********** ****** ********* to *** ******** *** ** ****** ******, *** ***********, ***** with ********* ** ****** ** * ****/***** *********.

#*) *** ********* ***** *** ******* **** *** ****** *********?

*********'* ****** ******** ** *** ********** *************. ***** *********'* ******* ***** ******** ******, ** ***** ** reasonable ** ****** *** ****** ******** *** ***** ***-**-**-********** *************** in **. ************, *** **** **** ***** *** ******** ** thousands ** ********** ******* ****** ***** ***** **** ****** ********* firmware **** *** ***** ***** *** *******, *** **** ** make **** ***** ****** ** *******.

*** **** ********* (*** *** ***** ************ *** **** ******) update *** ******* **** * ******** **** ** ******? **** cloud *** **** ******* **** **** ********* *****'* * *** of **** **** ****** **'* * *** ****.

***'* *** ****** **** * *** ** *** ********* **** market ******* **** **** ****** **** ******** ******** ******* ** Hikvision's *******. *** ** **** ****** ***** *** *** **** responsible *** *****?

****** ******: **** ***'*. ********* ************* *** **** ***** (**** actually ****) ** ****-****** * ***** ** *******, *** ***** aren't ******* ** ************ ***** *** *** **** ****** ** different ****** ********* ** *** **** ** **** *****. **'* laborious ** ** ******** **** *** **** * *** ** cameras, ** ******* *** ******* **** ** **** **** ********* for **** ********. ** *** ******* *** ****** *** ******** to ******** *******... ****, * **** **** ***'*.

******* ** ** **** ******* **** **** **** *** *********** in ****** ***** ** *********, ** *** *** **** *** to ****** *** ******* *** ** **** ******* **** *** tried ** *** **. ** **** *** ***** *******.

***** ******* **** ***** ******** **** ***** ** * ***** idea ** ***** **** ******* *** **** *** ******* **. for *******, **** ******* **** **** ***** *** ** ** camera **** *** * ****** ****** "******** ****** ******"

** *** *** **** ******* **** ***. ******** ** *** an ***** **** **** *** ************ ** *** **** ****** lost ***** **** * ******** ******** *******. *** ******* *** cloud ******* ** *****. ** **** ******* * *** *** click ****** ***. **** **** ** ****. * ***’* ********** why *** ****** ************* ***’* *** **** **** **** ** work.

**** ** *************. * **** ** ***, ***** ** *** people *** ***** **** ****. ** *****.

**'* ******* ** ** **** ********* ****'* ****** ** ******** yet. **** **** ** **** ********* *** ******* *** ***** working ** ***** ********.

****** ** *** **** ** ***** * ******** *****, ******!

***** **** **** *** *** *********** ** **** ******** **** dealers **** ** *** **** ****** ** *** **** **** Hikvision *********? * **** ****** **** * ** **** ** Hikvision ********* ** *** *****-***** *** * ***** *** **** someone **** * ********* ** *** **** *** ******** **** of *********** ** ****.

#*, ** ****, ***'* *** ** ****** *** *******. ** both **** ********* ******* ** '******* ********'** ***** ****** ************ ** **** ********** (****** * ***** suspect *** ** ****** *** **** ** *********).

*** *** **** ** **** **** ******* ****** *** ******* of **** *********.

***, *** ** *** ***, **** **** ***** ****** ******** concern ***? ***?

** **** *** ******* ** **** * ****** ***. ** build *********** ******** *** **** ******* ****** ***** ******** **** 99.9% ** **** *********** **. **** ** ******* ******* ** a ******** ********, ********** ***-*** **** ****** **** ** *****, sorry *** **** ** ** **** ** *** ******* '******' that **** ** ****** **** *** ******* ************ **** **** have ********** **** *********.

#*, *** *** * ***** *******.

***, ** *** **** ** ******** **** ***** ****** ****** to **** *********? ** *** ***** **** **** * ***** to **** ***** **** ***** ****** ********?

*******........ :)

*******........ :)

****'* *** *******. *** *** ********* ****** *** ******** ****** today. *** * ** ********* **** **** **** ** ****** with ***** *********, **** ****** ********* ******* ** **** ***** a **** **** ******.

** **** ******** *** **** (*** *** ************'*) **** ** be ****** ** ****. * **** ** ******* *** *** hacked - *** ***** *** ** ** ******* **** **** - ****** *** *** ******. ** ** **** *** ********* take **** **** ********* **** **** **** ** *** ****. If * *** * ***** ******** ******* - **** ** the ***** * ***** ********* **** ** ***** ****!

**** **** - ***/*** ******* ** **** **** ****** ******** is *******

******* *** ***** ***** ** ** *********** **** ******* ** our *******?

******* *** ***** ***** ** ** *********** **** ******* ** our *******?

**. ******-*********** ********** *****. ** ***** ******* (**** ************) ******** ****** *** * **** ***** ** ****.

******* *** ***** ***** ** ** *********** **** ******* ** our *******?

****** * **** *** ***** ***** ************* ** *** *******, as **** ****** ***, *** *** **** *** *** "*-**** this" ****** ** *** *** ** *** ******:

** *** ********* ** * ****** **** **** *** *** full ******, ** *** **** ** ***** *** * ***** of **, (***** *****).

***** **** ** * *-* ***** **** *** ****** *******.

**** ********** ** **** *****, *** * ** **** **** Kong *** **** ** ** ******** *****. *** **** ** that **** **** *** **** ******** ******, *** **** ***** thing ** ********. *** ****** ** **** **** ****** ***, they *** *** **** **** *** *******.

****'* *** * *** ****** ** **** **** *** ******* user **** *** ***** ********** ****** ****** ** ****** ******* before.

** **** **** ******'* **** **** ******* ********** *** **** from ****** * ***?

******* ******* ** ******** ************** ** * **** *******.

******* *** ** *** *** *** **'* *********. **** *** still **** ********** ** ********** ***** **** ***, ***** **** day *** *** ****** ******.

*********** #*, **** **** **** ******* **** ** ** *****. Pro ***, ****'* *** * **** *****.

*** **.*% ** "****" *********** **** **** *** **** ****** threats **** **** ******.

** ****** ***** ******* *** **** **** ** *** *****, including **** *******, *** ******* ** ****. *** *** ** exposed ** ****? ********, *****, *** **********. *** **** ***-*** installations *** ***** ** ** *******? *** **** ** ** to ******* ******** ** *** ** ***** *******? ******** ***** that ******* **** ** *******. ***** ************* ** *********, ***********, sensitive ******... *** ***** *** ***** ** ** ********* ** not ******** ** ********* ** ******* *********** **** ******. * swear, ** ******* **** ********* ******** ** **** ****/**** *** Playstation *******... *'* ***** ** ** ******* ** *** ** you *** ******* **.

* ***'* ********** *** ****** **** ***** ** *********** ********. But *** ***** **** *** *** ******* ** *********.

**** ** ***********, ** ** *** **:

*- **** ** ****** ** *** *****.

*- ******* ** *, *** ******* *** *** ****: ******* to ******* ******** ****** ***'* ************, *** **** * ******** public ********* **** ** **** "***" ** *** **** **.

*- **** *** ** ** ********** ***** ** ******.

***** *** ** **** ******, *** * ***** ** ** fair *** ****** ** **** *** *** **** ******. ** are **** ****** **** ** ********, ****** ** **** ****** work.

**** ****** ** ***** *** ******* **, *** ********* ** the **** ******* *** ********** *** ***********.

** **** *** ******* ** **** * ****** ***. ** build *********** ******** *** **** ******* ****** ***** ******** **** 99.9% ** **** *********** **.

***...***** **** **/*** *** **** ********** ****? *** ******* **** Shodan **** * ********* ********* ****. ******...** *** *** ***** to ****, **** * ******* "****" ****** **.

****** ****

** ******** *********** **** ******, ****'* *****.

*** ** *** *** * "********" **** ****, *** **** to **** **** **** **** ********* ********-*******-****** ** ****** **** that **** ******** **** *** ***** *** *********. **'* ********** ok ** **** **** ******* ** ***** ** ***********, *** you **** ** **** **** (********* ***** **** ***** *** this) **** **** ******* **** ***** ***'* *** ** **** office.

* ***** **** ********* *** **** *** ********/******* ****** ****. Maybe *** ********** *** *** ***** **** **** *** ***** when **** *** **** **** ** *********.

***...** **** ** * ********** ** * *********, *** ****'* he *** ********* **** ** ******** **** "****", "*****", "********", "superuser"? *** ****** ***** **** ** ******* ****** ** **** it ***********, ***** * ***** **** ****** ******....

* ********** ***** **** **** **** *** ******** *** **********, because *** ****** ** *** *********** ** ** *** ******* purposes ****. ** ******, * **** ** ***** *** ****, it's **** ** ******** ******** *** ** ********** ** ******** developer **** ***** ** **** ********* ** ******* ****. * would ***** ****** **** * *********** ****** ** * **** to **** ** *******/*********** **** **** (*********** ** ******).

**** ** * *****

***...** **** ** * ********** ** * *********, *** ****'* he *** ********* **** ** ******** **** "****", "*****", "********", "superuser"? *** ****** ***** **** ** ******* ****** ** **** it ***********, ***** * ***** **** ****** ******....

*** ************ ****** ** "*****:**" ******* ** ******.

**** ** * ****** ******** ** ******** ********/******** ****** **** reversible **********.

*** *** **** **** ** ******* **** ****** **** * base64 *******/*******,**** ** **** ***.

***** *** *****, * ****** ** ***** ****.

** * **** ** ******* *** ***** ***** *** ******** :-)

** **** *** **** ************* ****** ** *** ***** *** their ******** ***** ****, *** *** **** ***** *** ***** string ** **** ******** **** *******/***********?

*** ******** ***** **** ** *** *********'*, ** ** ** independent ********** ****, ***** ** *** ** **** *******.

****** - **** *** ******

** *** *** ** *** ********* *** ******* ****** ** anyone ***** ** **** ******* **.

*** ****** ** ********** **:

****://*****************.****.***

******* ****:

*** * ******** **** *** ******:****://*****************.****.***/*****-****/********?****=************

*** ****** ****:****://*****************.****.***/******/**********?****=************[****: *** ****** **** *** "**** *** **** **** *** appear ** **** *** ***** ***********”, **** ** *** ****** info ******* ***** ****]

******* *****:

****, ***** ** ****** **** **** *** ** ******* *******, the **** ** **** *** ** ***** ****** ** *** out **** ********, *** *** *** **** **** ******* ** to ***********. ****** *** ** ******* **** ******* ******** **** would ******* **.

**** ** *** ****** ******** ******* *** ** ** ** HTTP ***, *** **** ** *** ****. ***** *** ******* ways ** ** ****, *** **** ** *** ****** ******* using **** **** * ******* ****:

*) **** * **** ****** "*********" *** *** *** ********* text ** **:

*** *******="*.*" ********="***-*"?> ***********> ********************> *********>

*) *** **** ** *** *** ****, ***** **** *** HikCGI *** ** **** *** ********* ********:

**** -* ********* ****://*****************.****.***/*****/********/*/*********?****=************

**** ****** ** ********* ** ** * *** ***** ******* by *******, *** *** ************ ** **** ****.

**** ** **** ******** ********* **********, *** ******** ** ******* **.

**, * **** **** **** **** ***** *** ******* *** not ***'*/***'*, *******?

* ***** *** **** ** * *** ********* *** *** got ** *******.

***, **** ** ******** ** ********* *******.

***** * ***** **** ** ******** **** ********* *** **** issue, * ***** **'* ******** ********* **** *** **** **** this **** ******* ******* *** *** **** *** **** ********* already ****** * ***** ** *** **** ******* ****** ** the *******.

********* *** ***** **** ** *** ******:

**** ********** ** ************ *********** **** ********, ******** **** ******* ** ********** ********* ** cameras.

*** **** ** *** ***** ******* ****** ** *** ******:

*** ********** ********* ****** **** ******** ******** ** ********** ** complete ******** ** ********.********* ******** * ******** *** ** ***** ********** **** ***** **** **%+ ** ********* ******* *** ***** vulnerable (******** *****).

******** ****** **** *** *****:

**** **, ********* ** **** ****** *********** **** *****...

**** ** *********** *** * **** *** ***** ** *** image. ** ******* ******** ** *** ***** ****** **** ***** cameras ******** ********** *** * ****** ** ** * **** forward ******** ** *** ******? **** ** *** ***** ****** network ****, *** ***** **** ****** ** ******** ****** *** WAN? * ********** *** ********** ** ********, *** * ***'* trust *** ****** ** ****** *** ***** *** ****** ** be ******** ******** ** *** ***. * ********** ** ***** is ** ******* ** **** ** **** ******* ***** *** more ***** ********** ** ** ******** **********.

* ***** ** **** *****, ***** ************ ***** ** **** sure * *********** **** ** ***** ****** ***** ** ** allocated ** ***** ***** ******** ******* ** ******** ** **** aren't ***** ** *******. * ******* ***** *** ******** ******** in ***** ******** *** ******* **** ** ****** ******* **** large ****** *****.

* ******* ***** *** ******** ******** ** ***** ******** *** hackers **** ** ****** ******* **** ***** ****** *****.

***** * **** ** ***** **** **** *******, ** ** worth ******** *** **** *** ******** ** *** ***** ******** vulnerabilities ********* *** ******** **** **** **** **** ********** ** nature.

*** ************* ****, *** *******, ** **** *** **** ** thing *** ***** ****** **** ** ***** *****, *********** ******* that *** *** **** *** ********* ** ******** ******* ***** security.

********* ** ******** ******* **** ** ***** ** ***** ********. They **** ********** ***** ***** ******** ***********, *** *** ** downplay ***** ********* ********, *** **** ***** **** *** *********, there ** ** ****** *** ****** **** ****-***** ************** ****** mechanisms ** ******** ********.

* ********** *****. ***** *** *** **** ******. **** *** patched *** ***** ******* *** **** **** **** ******* *** other ***** *******, *** ***** ******* ********** *** * ***** has *** **** ***** ** ** ***** ** ***** ************** is ****** **, *** ****** ** ****** ***** ** ** Spectrum.

*** ******* **** ********* ** **** **** ***** * ********* strategy **** *** ***** ******. *******, *** ******* **** **** so ***.

** ************ ***** ***** ****'* ****** ******* ***** **** *** of ***** *******. *** ***** ******* ** ******** ****** *** engineering *** ** **** ** ****** ******** ********. **'* ***** years **** * ****** *** ** ***** ***** ************* *** to ******** ****** ***** ******* ** ***** ***** ********. **** pro ***** ********* **** ***** ********* *********** *** **** ***'* write ******** ***** *** **** *** *** ***** *****, **** often ***'* ****. *** ********** ****** ***** ** **** *** pray **** **** *** ****** ** ********, **** **'* * quiet ******. ** ***, **** *** ********** **** ***** **** troubleshooting ** **** ******* *****.

* ***** *** **** ****** **** *** *** **** ******* and *** ** **** ***** ***** *** ** ******* **** are ******** ** ** **** *** ******** ** *** ******* to *** ******** ******** *** *** ** ******** ********** *** secure.

***.

******** *** *** ***** ** ********** *** *****. **** *** support.

* ***'* **** ** ***** *** * "***** ******" ******** though. **** ** * *** **** *******.

**** ****** *** **** ******* *** ******* **** ** ** so ******* ** ****** **** ****** ****** ** *** ****** after *** ****. (** - ****** ******** ** *** ******)

* *** **** *** **** ********** ******* **** ****** ** the ******** **** ******** * *** ** ****** ***'* **** realize ***** ******* *** ** *** ********.

* ********* ** ****** ** ***** *** *** **** ******** to ***** ******, ******* *** ****** **, *** *** ****. I **** ** **** ******* ** *** ** *** ******* forwarded ******* **** (************* *** **) ******** ** ** ** my ******.

* ******* **'* *** **** *** **** ** ***** *********** folks, *** ***** **********/***********, ** **** *****, ***'* **** *** better. ****'* *** ***** *** ***** ********* ******** ***** *** mostly **** *** *** ** ******* **** **** ********.

***** *. *** * **** * ****-**** ***** **** *****?

** **** ** ** **** *** *** ** ***** ** a **** ** **** ** ************. ** *** ***** ** will, ***** ** ** ** *** * *** *** ** on * ********* ******.

**** **** *** **** *******. ****** ** **** *** ***** 1 ******.

********** **** ** ******? ** ***** **** *** ***-*** ** back *** ** **** ****.

***** ****.

*** *** **** *** **** *** **** ** **** ****?

*'** **** **** *** **** *******. **** ** ****** **** just ***** *********'* *** **** *** ****. ** **** ***'* work *** **** ******* * **** * ***** ***.

**** -* *** ****://**.***.**.***/******/******/?****=************

**** -* *** ****://**.***.**.***/******/******/?****=************

* ***** ** ***** *** **** *** ** *** ******** with

**** -* ****** *****************.****.***

***** *** **** **** ****** ******** *** ******** *** *******

*** *** *** ********* ******:

% ***** % ******** % ***** ******* ***** **** **** Time *******
***** ****** ***** ***** **** *****
* *** * * * * * * --:--:-- *:**:** --:--:-- *
******** *****: ****** *** ************>****>
****** *****: *** -- ****** *** *********>
****** *** *** ********* ** **** ******* ** **** ********
****>
****>
*** *** *** *** *** *** *** *** *:**:** *:**:** --:--:-- ***

* **** ***** * **** ******* ****

**** --******* **** -* @****** *****************.****.***

*** *** *** ********* ******:

���


*****>





****>

****>

******.********.**** = "/***/****/*****.***?*" + (*** ****()).*******();
******>

**, * ***'* **** ****** ******* *** *** ...

*** **** *******, **** **** ********** ****** *** *** ****** out. *** *********, *** *** ** ****** ** ******* *** text *** **** ** *******, ** * *** * *** for *** ****, *** *** ** *** *** **** (*..* , ********* *..*, ********* ** ****** *****):

*** *********** {
** ($*******, $****, $****, $**) =@*;
***** "******* **** $******* ** ******...\*";

$***********='*** *******="*.*" ********="***-*"?>

'.$**.'**>
***********>
'.$****.'****>
'.$****.'****>
'.$*******.'*******>
***********>';

** $******** = $**->*******(*** '****://'.$********.'/*****/******/********/*/********/****/'.$**.'?****=************',
************ => '****/***',
******* => $***********);

}

**** **** ****** *** ******** (***** ** ** ********* ****** to ****** ********** ******** ** ** ** ****):

*** ********** {
***** "******** ******* ****\*";
** $******** = $**->******('****://'.$********.'/*****/******/********/*/********/****/*??****=************');

}

***** *** *** ***** **********, **** ** *****.

*** **/*++ **** ** ***** **** ***.

******** *** ******* ** ********** ******* *** **** ** (***.**.**).

****** * *** ******* *** *** "** += *******" ** your .*** ****.
****** ** ******** ** ********************* ("**********" ** ** *******) *** connect *** "********" ****** *** ****** ********** ** ******.

.* ***********
*******:
********************** **********;

.*** ***********
****->********** = *** *********************(****);
*******(****->**********, ******(********(**************)), ****, ****(*************(**************)));

**** *.*. *** **** ******* ** **** ** *** **** the ********...

*** (********)

*************** *******;
*******.******(****("****://*****************.****.***/*****-****/********?****=************"));
****->**********->***(*******);

*** (*** ******* *)

*************** *******; *******.******(****("****://*****************.****.***/*****/******/********/*/********/****/*?****=************")); *******.*********(***************::*****************, "****/***");
********** **** = "*** *******=\"*.*\" ********=\"***-*\"?>***>***********>******>*******>****** **** *** this **** **** ****!*******>***********>";
****->**********->***(*******,****);

*** *** *** *** "*************"-**** ** *****/******* ******* (*.*. **** snapshots **** ***** ** **** ****** *** *********).

** ******, ***** * ***** ** **** **** ** *** showed *****, *** * **** *++ **** :-)

** ******, ***** * ***** ** **** **** ** *** showed *****, *** * **** *++ **** :-)

* ***** ******* * ** *++. ***** ********* * ****** have ****, *** * *** **** ******** ****** ** **. The *** ***** * **** *** ** **** * * program, * *** **** ** ****** *** **** ** ** just ****** ** *** ** *** ****.

** *** ***** **** ** *** *** *** *** *** requests ******* ** **/*++, *** * ****** ** **** ** make * **** ****** ************* ****...

** ******* ******** **** **** (** #*'* ****** *******) **** IP-Lists ** ****** ** ******* *********, ** ***** ** **** to ****** (** *******) **** ********* ** ******* *********. **** customers ***** ****** ***** ******* ******* **** *** "******" ** stuck ** ****** *****.

**** ***** ***** *** ********* ************ *** ********* ** **** thousand ********* **** **** ***** ******* ** **** ********* ******* simultaneously.

***** ***** *** ********* ** **-******** **** ***** ****** :)

** ******* ******** **** **** (** #*'* ****** *******) **** IP-Lists ** ****** ** ******* *********, ** ***** ** **** to ****** (** *******) **** ********* ** ******* *********.

******. * ***** * ***** ****** ** *** ******* * shodan ****** *** **** *** *****-**** ***. ******** **** **** intentions ***** ****** ******* * ******** ** ********* *******, ***** would ****** ***** * **** ** ******* *****, * **** of ***/*********** *****, ** ***** ****?

****** **** *** ********* ***** ** **...

**** ***** ***** *** ********* ************ *** ********* ** **** thousand ********* **** **** ***** ******* ** **** ********* ******* simultaneously.

**** ****** *** ******** - *** **** ** ***** ******* are **** ****** / ******* ********? * ***'* **** *** answer *** *****'* ********* **** *** ***** ***** **** ********.

*** ****** ****** ***** ** ******* *** ************* ****. ** it ***** ** ******** ** ****** **** ******* **** *** in- ** *** ** ******** ** ******* ***** ** **** Hikvision ** ******* **** *** *******. ** ****** **** **** not **** *** **** ****** *******.

** ********* ***** *** **** ****** ** **** ******* **** are *** ** ********, **** ***** ** * **** **** to ***** ***** **** *********** *****.

********** ***** *** **** **** ** ******* ********* ******* ** their ****** (** *** **) ** ******* ******* *****.

***** **** ******* ** * ****** ***** ****? :)

* ***** ****** ****** *** ** ***** **** ***** ** brainstorm **** ** ****, **** ** ********* ***** ************* ** Hikvision *** ***** *********. ** *** *** *** ****** *** have ***** ******* ********* *** **** ****** ****** *** **** on *** ******* ** **** ***** ******** ******, ***** ***** children ** *** ***** ****** *******. ** ******* **** *** advice ***** **** ** ***** ***** * **** ************* *** possible ********* **** ** ********* ** ************ *** ***** *** are ********** ********

*** *********** ** **** **** ***** ****** **** ****** *** tools **** **** ** ***** **** ******** *** *********. * think *** *** **** ***** *** ** ****** ********* ******* to ***** **** *********** ** ********* ****** ** *******. ************ other ******* ** ******* **** **** ** ******** ****** *** to ***** * ****** ** ***** * ****** **** ****** be *******.

******* * ******* **** ** **** ** ******* ****** ***** the ******** ** *** **** ******** *** *** **** ** a ***** ***** ****** *** ***** *** ** **** *** cause ****.

* ** *** **** *** ** *** ********* *** **** zero ******* ** ****, * **** ***** **** ** ********* here ** ***** *** ***** ****** ** ******* ** **** people.

* ***** *** *** **** ***** *** ** ****** ********* scripts ** ***** **** *********** ** ********* ****** ** *******

** **** *** ****** *** *** ** **** *** *******. Anyone ********* *** ******** *** **** ** **** **** ******** before * ****** ****** ** ****** ****** ***** **, *** often **'* **** ***** *** ** ****** ******** *** **** sure ***** *********** ** **** **** **** *****.

* ***** **** ** ***** ** ***** ******** (*****://***.********.***/******/********/****/**/********************.****):

"******* ******** ****** **** ********** ********* ***** *** ****. ******* precludes ****** ****** ***** ********, *** ******** ******** ********* **** leads ** ************. ******* *****'* ******* ********; ** ******* **."

** ** ******* **-******** ** ** ***** **** ** ********* too **** ** *** ********. *** ** **** *****, ****** really ***** *****. **** ******** *** * ******** **** *** everyone.

***** ******** *** **** ***** ***** ** ******** ** *** guys!

***** *****/******** **** *** **** ***** ***** ** ******* ** bad **** ** ******* ** ** ****!

**** *** *** ** ******* "********" ******** ***** * *** additional **** ** *** ***** ** *** ********. **** ***** products, *** **** ** ****** **** ******* *** ******** *********.

* ********** **** *****, *** * ******* **'* **** ****** for *** ***** ******** ** ******** *** ********* ** **-******** to ***** * ***** ***** ** *** **** ****** ********.

** *** *** * *** ***** **** ***** ******** ** have *** **********, *** - ** * **** - ****** that ** **** ********** **** ******* ******* ********. *** ******** exploits ** *** ****** ***** **** **** ** *** *** truth. *** ****** ** ********** ** **** ** ********** ** the ***** **** ***** ********** *** ***** ** **** **** in **** *********.

* **** **** **** ******* ********** ***** **** **** *********** financially, *** * ******* **** ******* **** ****** ** ** do *** *** ** ****** *** **** **** *** ******** and **** *** ***-*********.

***** *** **** **** *** ** ******* **** ******. ***** are **** **** *** ******** *** *****. ***** *** ******* that **** *** *******/******* *****-**, **** ******* *** ** ********* secure *********** ** *** ********, ** ****** **** ****** ***'** using ** ****** *** *******. *** ******** ***** ** ***** to ***** **-********, **** ***** **** ** *** ****** ******** cause * ********* ****.

**** ** * *****

#*, ****** *** *** ******** *** * ********** *** *******.

*****, **** ** ******* ******** ******'* *********. **** ** *** we *** *********** *********** *** *** ******(*) *** *** ****.

*******, ** ***** ** **** ** ***********, ****'********** ** *** ****** ********** **** ***** ******. **** ** *** *** *******:

******* **** ********* ******* **** ******* ******** ****** ** ***********, one *** ***** ********* **** ** ****** ******** ** ********* of ********* ******* *********** ******** **** **** *** ****** **** call.

** *** '***********' ** ****** ******* ***** *** *** *** Hikvision ******** **.

** ***** ** *********, *** ******* ** ** **** ****** in **** ******** ****** ************* **********. *** ***** '*** ****** could **** ** ***** ** *** *****!'

*** **** ** **** **** **** ** ** **** ****** this ***** *** *** **** ****** **** ***** *************.

*** ******** ** ****** *** ****** ** ******** ** **** their ***. **** ************* **** ** **** ***** *** ***** to ***** ***** ** ******* ** ***. *** *** **** are *** ***** *** ***********.

** ** ***'* **** **, ****** **** **** ** *** other *****. **** ************* ******** **** ***** ***.

********* **** ********** *** * ***** *****, ** *** *** to **** ******* * ****** *** ****** *******, ***********, ***. End ** *****. *** *** **** *** *** *** ** that *** *******, *** ***** ***. ** **** *** ** app ** **** *** ****** *** ** **** *****.

*** ******** ***** ** ** ** *** ******.

****** *** **** **** **** *** ****** ***** ******* **** firewalls **** ** ** *** ********** ** ** *** ******** is ******* * * *** **** ** ******** ** ****** and ******* ** ***** **********.

*** *** ********** ** **** **** ********* ** ********* ** the ********? **** *** ****** ******* **** **** ***** ********.

*** *** ********** ** **** **** ********* ** ********* ** the ********? **** *** ****** ******* **** **** ***** ********.

**** ** ** ********* ******* ** *** *** ****** **** an ******** ****** ****** ****** ** ******* ************ *****. *** can ******** *** ****, *** *** ********* **.

**** ******-** ** **** '************' **** *** ********* *** *** other ***...

*** ** **** ******* ******** **?

* **** ****** ** ******* ** *** ******** ****.
****** *** ******* ** **** *** *** *** ********* ** the ******** **** ***
**** ******* ***'* *** **. ** ** ******** *** ******* itself, ** ** *********
***** ****** ** **** **** ********* ******. ***** **** ** be ***** ****** ***
***** ***** ***********. **** ** ***** ********* ***** **** **** to ***** *********.
*************, ******** ** ***** ****** **** **** *** ****** (***/**** combined)
***** ****** *** ******, ******* *** ********* ****. ********* **** have
******* *** ******* ******** ** *** ******. *** ** ** extremmly **** *** * ******
** *** *****, *** *** **** ******* *** ******* *** cameras *********** **** ************.

* ***** **** ** ******* ** ******** *** **** **'* very **** ** ******** * ***** *********
****** ***** * ********* **, **** ** ** ** *** wireless *** **** ** ****** *** *******
********* ** *** ********. *** *** ****** *** ********** *********** to *** *** *****.
********, * **** **** **** ****** ***** *** ****** ******** records *** **** ** ***
**** *** **** ***** ** ***** ** ****** *********.

******, ** *** **** ******** *** *******!!!
***** ** ****** * *** **, **'* **** * ****** of *** ********* *** **** ** *** *** *******.
**** ******* **** *** **, ****** ********** ****, ******, ****** (and ****** ***********). *** **** *******, *** ****** ******* ** the *****, ******* **** *********, **** **** * ***** ***.

*** *** *** ********* ** ********* **** *** ******* ******** on? **** ******* *** **** *******. ****** ***** ***** ** people ****** ** ********* *** ******** **** ***** ****.

**** **** ** *** **** ** ** ******* ** *** patched ********.

*** ******** ******** ******* *** **** **** ***** *** * vulnerability, *** *** ******* *** *** **** ******** *********. ***** this ******* * ****** ** **** *** ********* *****, ***** was ** ***** *** ******* **** ********* **** *** ******** known.

***, *** ********** ****** *** ******* *** ******** **** *******, which *** ************* ********* *** **** ** ********* ****** ******. This ** *** ** ******** *** *** ****** (*** *** Hikvision ****** **** *********** ******** *********).

***, *** ******** *** ******* **** *******, ******* *** ***** show ******** ** ********* ** ******* **** ****** ************* *** still **********. ******* ******* ****** **** ** ***** ** *******, as **** *** ********** ** ****** ******* ** *** ******** connected ** *** ********.

**** **** ** *** **** ** ** ******* ** *** patched ********.

***** *********'* ***** ****** ** *************** *** ********, ** *** be **** * ****** ** **** ****** **** ** ****. I **** *** ** *** ***** **** *** ******* ******** is ******* *** *** **** *** ******* *** ********, *********, and ***** **** **** ********** *** ******** ** ********* *******, as **** ***** ** **** ********.

** **'* ********** ************** ** **** **** ********* *** ********* their ********? ** *** *** **, ******** * ******** ** a **** ***** ******.

**, ** ** ***** ************** ** **** **** ***** ******** does *** **** ****** *********** ********* ** *** ***** *****.

******** ******** ** * **** ***** ****** ** *** *** fixing ******* ****, ****-**** *********, *** ********* *************. ******** ******** to ***** ***** ********* ** **** ****** * **** ****** has * **** ***** ****** ** ********* ***** ** *** occasions ** ** ******.

******* ****** **** **** ** ********* ** **** ****** *** making "******** ******** *********" *** ******* **** ** *** ********. Thus, **** ******* ** *** ***** *** *****. ** ** important *** * *** ****** *** *** **** ** **** about **** *** ******* ******* **. **********, ** *** * vulnerability ** ******, *** *** ***** ******* **, *** *** had ** **** ***'* **** ** ** ** ** **** it ***, *** *** ** ***, ***.

*** ***** ** ***** **** ** ***'* **** * "********* escalation" ** **** ***** ** **** **, ** ********* ******* pages, ***. ** ** * **** ****.

** ****** *** ***'*/***'* ****** *** ******** ** ********* *******, but **** ***** **** *********, *** ***** ***** ** ****** firmware. **** *** ****** ***** *****, *** *** ***** ****** their ***** ******** (***** ***/*** ******* & *****), *** **** clearly ****** ****** (***** ***) ** **** *** *******.

**** ** **** * ***** *******. ** ********* ************ ** code ** *******, ***. **** ** **** ***** **** *** Sony ******** ******** ***** **** **** ****.

****** **** ****** **** **** **** *** **** *** ***** that ***** **/** ** ********, ***. *** ******* **** **** than * *** *********** *** *** *** *** ***** *** of ****** ***** ***** ***** **** **. ***** *** ** many ***** *********** **** ** **** ****. ** **** ***** about ********, **** ***** **** ***** **** ** **** ** their *** *** ****** ** **** ** * "******** ***********" and ** ** **** **** *** ** *** ******** **** brush ** *** ** * *********** ***** **** *** ***** care **.

*******, ********** **** ** **** **** ** ***** *** *** present ** ** **** *********** ** ****** ** ** ***** them ** *** **.

** *** *** **** ****** *****, ** ** ***** ***** responsibility. **** ** *** ******** *** ******** *** *** ******* market, ** ***** ** ** *****. ** ** ***** * camera ************ ** ****, ** ***** ***** ********. *** ** story.

********* *** ***** **** ** ***** ******** ******** **** ***** adopt *** *****/*******/******* ****** ***** *** **** ******* ** ******* devices. ******* ** ****'* **** ** **** * ****** ** years **** **** **** ****** *** ***** ******* ********** ****** app ****** ******** ******* ************. ** **** ***** **** ****** QA.

*** ******* ***** ** ***'* ********* *** ******** ***? ** this *******, **** ***** ******* ******** *** ****** ** ********** devices ***** ***** ******. *** *** ******* ******** *** ****** in *** ******* ********* *****?

***, **** ***** * ******* ********** ************* ** *** *******:

OEMs **********

**** ******** *** **** ***** ** *** *******, ** ****** the ********* ******* *** ***** **** **********:

  • *** *********-*** ** ******** **.*.****** ******
  • ***** **** ****** - **-****** -****** ** ******** **.*.****** ******

***** ********* *** ******* *** ****** ********** ** ****, *********** increasing *** ****** ** ********** ******* ****** *************.

****** *****, ** ***** ** **** *********** ** *** ***** update *** ******* ** ********** ******* ***** ** ****** ********* OEMs ** *** *** **** *********/****** ** **** *******. *** I ***** ********** ** **** ** *** **** **** ☺️

*'** **** ******* *** ** ***** *** ** ****. **** risks *** ***** ** **?

** ******** ***** *** *** ****** ********* ***. *** ** my *****, **** **** ***** * ******** ** ******* **** me *** ** ** ****** ** *** ** ** ********?

**** *** ****** ** ** *** **** *** ** *** devices **** *** **** ******* ****** *********, ****** *****, *** return ****, ****** ******** *******, ***.?

********* ***** *** *** ******* **** *** ********, *** **** of ************************* ** ****.

**** ********* *************** ***** ***** **** ********** **** ** ********** and ********* ** ********** ** *****. ** ***** **** ** trust ** *** ********.

* ******* ** ******. **** ** **** ****, ***** ***.

** **** ****** **. **** ***** ** *** ** **/**** SV:V5.4.5_170124

****----- ***** ****** **** *** ******* *** ******* *** ****, this ****** ****** ** ****.

******** *** ****** ** *** ****** ******** (********* **'* ***** for *** *****) ** *** ***** ****, *** *** ****** probably ** ***** ***** **** **** ****** *****'* **** **** enabled ****** *** ******* *** ******. **** ****** ******* ** least *** ****** ** *** ******** ** ********, **** ** the ******* *** ******* ******* **** ****** *** **** *** camera ** *******. ** *** **** ****** ****** ** *** camera, *** * *** *** *******.

********* *********, **'* ***** ***********. ******* *** *** ****** ** the ****** ******* ******** **** **** ** **** **** ***'** not ****, *** ** *** ****** ** ** **** ***** network **** *** *** ***** ****, ** ***** ** *****. If ** **** ***** *** ****** ******* ********** ** *** internet, **'* **** * ****** ** **** ****** ******* ****** your **** *** ******* **, ******* **** ** ***** *** or *** ** **** ******** **** **** *** ***** ** not ******.

** *** ****** ** *** ********** *** ******** *** ****** access *** ********, **'* ****** *** ***** *** ***'** ********* your ***** ******* ***'* **** ***** ******* ** **** ******, it's ******** ****** **** ** *** **. **'* *** **** where ******* ******* **** ***** *** **** ** **** ***** it * **** **** ***** ***** ** ***** *********.

...

****** -

** ******** *** ********* *****, ******* **** *** ****** ** is ** ******* **** ******* ** ******** ** ***** ******** and ****** *********** **** * ******. ** **** **** *** password ***** **** ** ***:

*****,

**** ** ***** "********" ***** **** *.*.* ********

**** ** ********, ** ** *** ***** ** ******* *.*.* (released ** ***** ****) *** **** ******.

**** *********'* "*********-********** ************* ******":

********* ******** ** **** *** ** ************* ************ *** **** ****:

** == **** ********??!

** == **** ********??!

***, ***** *** *** ********** ****.

**, ** **** *******, ** "******* **, ********* ** ********* *** ***. *** ********* ****** Inc"

******, ******.

*** ******* ** ***** ****** ********* ***** *******. * **** ***** **** *** ******** ** "********* ********* rhetoric ***** ***** *** *** ******* ******."

* ******* ** ** ******* ** "*****" = ******* ********** and "******* ******" = ********* *********.

*** **** ********* ******** ** ****** *** *******? **** ****** focus ** ********** ************** *** ******* ***********.

****** **** ******* ** ********* ***** **** ************* ** * problem *** ******** ******* ** ****** * ***** *** **** at ***** (*** ** ************* ****** *** ******) ** *** acted ** * ************ ******, *** ***** ***** *** **** threats. ** ***** ** ********** ***** ************ *** ****** ******** is ***** ** **** ** ************* ******* ** ** ** ongoing ****** ** *** *********.

** ***** ***** *** ****** ** ** *****, *** ******** when *** ***** *** ****** ** ** *** *** ******** three ** ********!

****** **** ******* ** ********* ***** **** ************* ** * problem *** ********

***** ****** ** ** **** ************* * ***-***** ** ******* that ******** *** *** **** ***** ******** ********. *** *********'* track ****** ** *** **** **** (**** * ***** ****** backdoor, * *********** ****** *******, ******** ********* ** ***** ****, cracked ******** *****, ***.) **** *********.

* *** ********* ********** *** ***** ***** ****** ** ** this *** *** ********** ******* ** ********* *****.

“***** ***** **** * ****, ********* *** *** ** **** to **** *** **********.”
― **** *****

**, *** ****** **** *** *****?

****, * ****’* ** ** *** * ** **** ** funny!

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Exacq M Series Low Cost NVR Tested on Oct 12, 2017
With recent cyber security issues hitting NVRs and cameras from low cost leaders Dahua and Hikvision, users are increasingly seeking alternatives...
Bosch Divar NVR Tested vs Dahua on Oct 05, 2017
Bosch has a partnership with Dahua. But what type of partnership is it? How much is Bosch's own vs taken from embattled mega-OEM Dahua? We bought...
Last Chance October Camera Course Registration on Oct 05, 2017
This is the last chance to register for the October Camera Course. Register now. Learn video surveillance and get certified. IPVM provides live...
Dahua Trying, Struggling To Respond To Hacking Attacks on Oct 04, 2017
Now, 2 weeks since large-scale hacking attacks commenced against Dahua vulnerable devices, we analyze Dahua's response. On the positive side,...
Hikvision USA Misleads Dealers On Backdoor on Oct 03, 2017
Hikvision USA emailed their dealers overnight with their 5th cyber security 'special bulletin' of the year. Misleading Unfortunately, they...
FLIR Thermal Camera Multiple Vulnerabilities, Patch Released on Oct 03, 2017
Multiple cyber security vulnerabilities exist in FLIR thermal cameras, which have not been fixed, despite being reported months ago. In this note,...
Hackers Globally Attacking Dahua Recorders on Sep 25, 2017
Dahua recorders are being hacked and vandalized around the world, as confirmed by dozens of reports to IPVM since the attacks surged 5 days...
September IP Networking Course on Sep 14, 2017
LAST Chance - Registration is ending. Register now. This is the only networking course designed specifically for video surveillance professionals...
Geovision Doorstation Tested (CS1320) on Sep 12, 2017
Geovision has released the GV-CS1320 door station, priced at a fraction of others, with additional bells and whistles like a built in card reader,...
Dahua and Hikvision Entering Access Control on Sep 05, 2017
Until now, Chinese video giants Hikvision and Dahua have held back releasing access internationally. Both companies have now pulled the trigger,...

Most Recent Industry Reports

Hikvision Access Control Tested on Oct 19, 2017
Hikvision aggressive pricing and marketing combined with generally reliable hardware and free software has made them a major player in video...
Verkada, Silicon Valley VSaaS Startup, Targets Enterprise on Oct 19, 2017
Verkada says they are building an enterprise-class VSaaS offering, calling it "The new platform for video security". This is a departure from the...
Exacq Unbreaks Avigilon Integration on Oct 18, 2017
For nearly 4 years, Exacq had broken and effectively blocked use with Avigilon cameras, as IPVM reported in January 2014. Now, Exacq has...
Search More Important Than Live Monitoring - Statistics on Oct 18, 2017
Search is overall more important than live monitoring to integrators, according to new IPVM statistics.  The key themes found in integrator...
Axis 'Sold Out' P3707-PVE Multi-Imager Tested on Oct 18, 2017
Axis faced significant product shortages over the summer. Perhaps the most notorious and significantly sold out model was the Axis P3707-PE 8MP...
Dahua Removes Auto Rebooting on Oct 17, 2017
For years, Dahua has automatically programmed its IP cameras to reboot weekly, a highly atypical and questionable practice. Following IPVM...
Deep Learning Tutorial For Video Surveillance on Oct 17, 2017
Deep learning is a growing buzzword within physical security and video surveillance. But what is 'deep learning'? In this tutorial, we explain...
Multipoint Lock Access Control Tutorial on Oct 17, 2017
Doors are notoriously weak at stopping entry, and money can be misspent on wrong locks that leave doors quite vulnerable. While closed and locked...
Buy From B&H, Ship Direct From ADI on Oct 16, 2017
B&H, one of the largest online sellers of video surveillance equipment to end users, regularly purchases their video surveillance equipment...
Competing Against Siemens on Oct 16, 2017
Siemens entered the integration business with 15,000+ customers, through their acquisition of Security Technologies Group in 2001. Since that time,...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact