Hikvision Backdoor Exploit

Author: Brian Karas, Published on Sep 03, 2017

Full disclosure to the Hikvision backdoor has been released, allowing easy exploit of vulnerable Hikvision IP cameras.

As the researcher, Monte Crypto, who disclosed the details confirmed, this is:

a backdoor that allows unauthenticated impersonation of any configured user account... the vulnerability is trivial to exploit

Key points from IPVM's analysis and testing of the exploit:

  • The details prove how simple and fundamental the backdoor is.
  • The exploit is already being repurposed as a 'tool', distributed online.
  • A clear majority of Hikvision IP cameras remain vulnerable.
  • Hikvision's heretofore disclosure significantly misled its dealer to the severity of the backdoor.
  • Hikvision, again, has been silent, failing to inform and warn its dealers of this new disclosure.

Plus, IPVM has set up a vulnerable Hikvision IP camera so members can test and better understand the exploit.

Demonstration

We produced the following video, showing just how simple it is to utilize this exploit to retrieve an image snapshot and system information from a camera. We also show using password reset tool to take over a camera:

Inside this post, we examine how the exploit works, how it is being used, how what percentage of devices are vulnerable, and Hikvision's failure to respond to the exploit's release.

**** ********** ** ************ *********** **** ********, ******** **** ******* ** ********** ********* ** cameras.

** *************, ***** ******, *** ********* *** ******* *********, **** **:

* ******** **** ****** *************** ************* ** *** ********** **** account... *** ************* ** ******* ** *******

*** ****** **** ****'* ******** *** ******* ** *** *******:

  • *** ******* ***** *** ****** *** *********** *** ******** **.
  • *** ******* ** ******* ***** ********** ** * '****', *********** online.
  • * ***** ******** ** ********* ** ******* ****** **********.
  • *********'* ********** *********************** ****** *** ****** ** *** ******** ** *** ********.
  • *********, *****, *** **** ******, ******* ** ****** *** **** its ******* ** **** *** **********.

****, **** *** *** ** * ********** ********* ** ****** so ******* *** **** *** ****** ********** *** *******.

*************

** ******** *** ********* *****, ******* **** *** ****** ** is ** ******* **** ******* ** ******** ** ***** ******** and ****** *********** **** * ******. ** **** **** ***** password ***** **** ** **** **** * ******:

****** **** ****, ** ******* *** *** ******* *****, *** it ** ***** ****, *** **** ********** ** ******* *** vulnerable, *** *********'* ******* ** ******* ** *** *******'* *******.

[***************]

Magic ****** ********

********* ******** * ***** ****** **** ******* ******* ****** ** any ******, ********** ** **** *** ***** ******** ***. *** that ****** *** ********* **** ****** ** ********* ****** ********:

?****=************

** *** ********** ********* ** *** **********:

******** * **** ** *** ***** *** ***** *****: ****://******.**/********/*****?****=************ Obtain * ****** ******** ******* **************: ****://******.**/*****-****/********?****=************ *** ***** ****** calls *** ** ************ ** *** **** ***, ********* ***** that *** *** ***** ** ***** ****** ********. ******* **** Hikvision ******* **** ******* ******** ****** ** ***********, *** *** flash ********* **** ** ****** ******** ** ********* ** ********* devices *********** ******** **** **** *** ****** **** ****. *** worst ** ***, *** *** ******** ****** *************: ****://******.**/******/*****************?****=************

*** ********** ********* ****** **** ******** ******** ** ********** ** complete ******** ** ********.********* ******** * ******** *** ** ***** ********** **** ***** **** **%+ ** ********* ******* *** ***** vulnerable (******** *****).

DHS ***** ******* - **.*

***' ******* ** **** ************* ** * **/**** **** **** ************** *** **** *** ********** ** ************ these ******* *** **** ******. **** ************* ** ************* **** critical **** ***** ****** ***** ******** ************* ** *** ******** industry (*.*.:***** ******* ****** ***** *************,***** / ***** *************,**** ****** *************** **** ****** ********** ********), *** ** *** **** ** *******, *** ****** ** impacted *******, *** *** **** **** **** ******** ******* (*.*., 'grey ******') ****** ** *********** ** ******* ********.

Hack *** ********* ******

**** *** *** * ********** ********* ****** ****** *** ******* to ********** ****. ****** ******* ***:

****://*****************.******.***[****: **** **** ***** **** **** ****** ***** ********]

*******, ***** *** ******** ******, **** **** *** ****** ** you *** ****** ****** **************, *** *******:

*** ** ************ ******** **** *** ******:****://*****************.******.***/*****-****/********?****=************

*** ************ ****** ****:****://*****************.******.***/******/**********?****=************[****: *** ****** **** *** "**** *** **** **** *** appear ** **** *** ***** ***********”, **** ** *** ****** info ******* ***** ****]

*** **** ******** ** ********* *** ********, *** ********* *********** *****,****** ***** *******. **** **** ******** *** *********** ** *** ********.

Planted, ******** ** ************?

*** **********, ***** ******, *** *** ****** **** * ******** consistently, **** ********* **** *** ****:

** *** * ***** ** ***** **** ************* **** ** one ** **********

*******, ** ******** ****:

** ** ****** ********** *** * ***** ** **** **** obvious ** *** ** ******* ** *********** ** ** *****, yet ** *** **** ******* *** *+ *****.

Vote / ****

Password ***** **** ***** ** ****

* **** ** ***** **** ********* (********* *** ***** ****) was ******** ****** **** ** *** ******* ************.********* ******** ***** ************ * **** ** ***** ** ** ******* *** * camera, ******** ** * **** ** *****, *** *********** ***** the ******** *** *** ****. ********* *** ****** **** ** this **** ***** *** "****=************" ****** ***** ******** ** ****** user *********.

Tool ***** ******** ****

**** ******** **** *** **** ** ****** *********** ****** *** takeover *****'* *******. **********, **** ** ********* *** **** ********** of *** ****, ********* *** ******** ******* **************'* ******* ******** *****.

300,000+ ********* ********* ******* ******** **********

**** ********* ***,***+ ******* *** ******** **********, ***** ** ****** scan ******* *** *** ********** ******* ** *** *************** ********.

******* **** *** ********* ************ **** **** * ******* ***** ******:

~**% ** * ****** ** ********* ** ***** ******* ****** by **** ****** **** **** **********. ***** ** ******* *** from *** **** ********** ************, ***** ********* ***** ** ********** from ******** *******, ******* ** ***** ****** ******* *********** ********* areas, *** *********, *** ***** ********* **** ***** *** ****** at **** ** ******* **** **********:

*** ****** *** *** **** ******* ** "*****" **** *** text "****** ** ******* *******" **** ********* ** *** *****:

OEMs **********

**** ******** *** **** ***** ** *** *******, ** ****** the ********* ******* *** ***** **** **********:

  • *** *********-*** ** ******** **.*.****** ******
  • ***** **** ****** - **-****** -****** ** ******** **.*.****** ******

***** ********* *** ******* *** ****** ********** ** ****, *********** increasing *** ****** ** ********** ******* ****** *************.

Hikvision ********** *********

*********'* **** ****** *************** ****, **** ** ***** ****, ************* ****** ***** *******:

*****, ********* ****** **** * "*********-********** *************", ******** ** ******** would **** **** ******* ********** ****** ** *** ****** ****** they ***** "********" ***** ********** ** * ****** ****. **** is *****, ** *** ******* ****** ******* ****** ****** ** any ******** ******.

******, ********* ******* ** *** **** ********** ** "****** ******** circumstances", ****** *****, *** ****** *****, **** **** **** ******* vast ******* ** *******, *** **** *********** ***** **** *** attacker *** ******* ****** ** *** ******.

*****, ********* ******* *** ******* "*** *****" ********* ** "******* or ****** **** ****** ***********". *** *****, *** ***** ******* online, **** **** ** ***% ********** ** ******** *******, *** allows *** **** *********** ** "*********" **** ****** ***********, ** allows **** ******* ** *** ******, **** ********, *** ***** configuration **** **** *** ****** ********* ***********, **** ** ***** addresses, *** *** ****** ****.

****** *********'* **** ************* ** ****, ********* ********:

** **** [*** ****], ********* ** *** ***** ** *** reports ** ********* ******** ********** **** **** *************.

Hikvision ** ********

***** *** ********* **** ******* ****** *******, ********* *** **** no ****** ******** *** ** ******* ***** ****, ******* **** the ******* ******** ****** ******** ******* *** ** *** *** exploit ******, ******* ********* ** *********** ****. **** ********** ******* ** ********* ******* ** *********** *** ************** *********** ********* ** *** ******** ***** ** ***** ********.

Comments (109)

**** ********* *********,

*** ** *** **** to ********* ********* ********** to ** ******. **** a ****** ******* *** such * **** ******** clearly ***** ***** ******.

***** ** ** **** to ***** ******, *** management:

  • ** ********* ** ****** “#1” ** *&*, **** 10,000+ ‘*********’, ** **** claim, *** **** ********* like **** ******?
  • ** ********* ** ** regain *** ***** ** their ******** *** *********, how ** **** *** proactively ****** **** ** the ***** **** **** disclosure ** *** *******?

******** *** ****** ** take *****, ****** *********:

#*) *** ** **** report ********* **** **** previous ****** ********* *** same ***** *****? ** am * ******* *********?

#*) *** ********* ***** the ******* **** *** latest *********?

#*) *** ** **** report ********* **** **** previous ****** ********* *** same ***** *****? ** am * ******* *********?

** *** ******** ******, the ******* ** *** vulnerability, *** *** ** exploit **, **** *** known. ** **** ******, *** actual ************* *** **** disclosed, *** ** ** extremely ****** ** *******. Any ********** ****** ********* to *** ******** *** be ****** ******, *** manipulated, ***** **** ********* as ****** ** * copy/paste *********.

#*) *** ********* ***** the ******* **** *** latest *********?

*********'* ****** ******** ** not ********** *************. ***** *********'* ******* cyber ******** ******, ** would ** ********** ** assume *** ****** ******** has ***** ***-**-**-********** *************** in **. ************, *** fact **** ***** *** hundreds ** ********* ** vulnerable ******* ****** ***** shows **** ****** ********* firmware **** *** ***** solve *** *******, *** need ** **** **** every ****** ** *******.

*** **** ********* (*** all ***** ************ *** that ******) ****** *** cameras **** * ******** flaw ** ******? **** cloud *** **** ******* have **** ********* *****'* a *** ** **** back ****** **'* * bad ****.

***'* *** ****** **** a *** ** *** hikvision **** ****** ******* have **** ****** **** modified ******** ******* ** Hikvision's *******. *** ** they ****** ***** *** are **** *********** *** those?

****** ******: **** ***'*. Reputable ************* *** **** tools (**** ******** ****) to ****-****** * ***** of *******, *** ***** aren't ******* ** ************ where *** *** **** dozens ** ********* ****** purchased ** *** **** of **** *****. **'* laborious ** ** ******** when *** **** * lot ** *******, ** updates *** ******* **** if **** **** ********* for **** ********. ** the ******* *** ****** the ******** ** ******** updates... ****, * **** they ***'*.

******* ** ** **** ancient **** **** **** was *********** ** ****** Basic ** *********, ** was *** **** *** to ****** *** ******* and ** **** ******* when *** ***** ** use **. ** **** for ***** *******.

***** ******* **** ***** actually **** ***** ** a ***** **** ** solve **** ******* *** that *** ******* **. for *******, **** ******* logs **** ***** *** or ** ****** **** get * ****** ****** "critical ****** ******"

** *** *** **** updates **** ***. ******** we *** ** ***** with **** *** ************ if *** **** ****** lost ***** **** * specific ******** *******. *** already *** ***** ******* in *****. ** **** release * *** *** click ****** ***. **** nice ** ****. * don’t ********** *** *** camera ************* ***’* *** this **** **** ** work.

* **** ** ** environment ***** ** ******** have **** ***+ ********* cameras, *** ** * total ** **** *,*** cameras ** *** *******.

** ********* (***** * months) ***** *** *** firmware *** *** *** cameras, *** *** ****** control *******, ** **** - *** ********** ** have ** *** ** network.

** ******, ** **** monitor ***** **** ** this *** **** ** new *************** *** **** we ******* *** ************ for ** ********* ***** (if **** **** ***), or ** ****** **** develop *** (** **** don't).

** ****** - ** also ******** **** **** of ***** ** *********** our ****** ******** ******* on **'* *** ****, using ******* ******** *******, behind * *** *** we ***** **** ***** 'default *****' ** *** equipment.

**** ** *************. * have ** ***, ***** to *** ****** *** built **** ****. ** works.

**'* ******* ** ** that ********* ****'* ****** it ******** ***. **** need ** **** ********* new ******* *** ***** working ** ***** ********.

****** ** *** **** ** ***** * ******** *****, ******!

***** **** **** *** its *********** ** **** dealings **** ******* **** or *** **** ****** do *** **** **** Hikvision *********? * **** report **** * ** told ** ********* ********* to *** *****-***** *** I ***** *** **** someone **** * ********* is *** **** *** accusing **** ** *********** of ****.

#*, ** ****, ***'* try ** ****** *** subject. ** **** **** Hikvision ******* ** '******* ********'** ***** ****** ************ on **** ********** (****** I ***** ******* *** is ****** *** **** we *********).

*** *** **** ** have **** ******* ****** and ******* ** **** companies.

***, *** ** *** you, **** **** ***** string ******** ******* ***? Why?

** **** *** ******* me **** * ****** bit. ** ***** *********** networks *** **** ******* BEHIND ***** ******** **** 99.9% ** **** *********** do. **** ** ******* example ** * ******** grabbing, ********** ***-*** **** really **** ** *****, sorry *** **** ** my **** ** *** ongoing '******' **** **** is ****** **** *** limited ************ **** **** have ********** **** *********.

#*, *** *** * loyal *******.

***, ** *** **** to ******** **** ***** string ****** ** **** customers? ** *** ***** they **** * ***** to **** ***** **** magic ****** ********?

*******........ :)

*******........ :)

****'* *** *******. *** the ********* ****** *** publicly ****** *****. *** I ** ********* **** most **** ** ****** with ***** *********, **** though ********* ******* ** know ***** * **** this ******.

** **** ******** *** they (*** *** ************'*) need ** ** ****** at ****. * **** if ******* *** *** hacked - *** ***** job ** ** ******* your **** - ****** can *** ******. ** is **** *** ********* take **** **** ********* than **** **** ** the ****. ** * had * ***** ******** college - **** ** the ***** * ***** encourage **** ** ***** asap!

**** **** - ***/*** silence ** **** **** direct ******** ** *******

******* *** ***** ***** us ** *********** **** article ** *** *******?

******* *** ***** ***** us ** *********** **** article ** *** *******?

**. ******-*********** ********** *****. ** ***** members (**** ************) ******** ****** *** * free ***** ** ****.

******* *** ***** ***** us ** *********** **** article ** *** *******?

****** * **** *** paste ***** ************* ** not *******, ** **** points ***, *** *** also *** *** "*-**** this" ****** ** *** top ** *** ******:

** *** ********* ** a ****** **** **** see *** **** ******, if *** **** ** least *** * ***** of **, (***** *****).

***** **** ** * 1-2 ***** **** *** invite *******.

**** ********** ** **** CHINA, *** * ** from **** **** *** part ** ** ******** China. *** **** ** that **** **** *** make ******** ******, *** that ***** ***** ** Security. *** ****** ** Hong **** ****** ***, they *** *** **** door *** *******.

****'* *** * *** easily ** **** **** the ******* **** **** are ***** ********** ****** change ** ****** ******* before.

** **** **** ******'* **** **** ******* ********** *** **** from ****** * ***?

******* ******* ** ******** ************** ** * **** *******.

******* *** ** *** *** *** **'* *********. **** *** still **** ********** ** ********** ***** **** ***, ***** **** day *** *** ****** ******.

***, ** **** **** definitely **** **** ****** the ***.

** **** ******* *** on * ********, ********** or ***-****** **** ** physical ***, ***'** ****. Larger ***** **** ** install **** ***.

** **** ******* *** visible ** ******** ****** your ***, ** *** can **** ****, **** any *** ****, ******** or ******** ******* *** can *** **** *******. Smaller ***** **** ** install **** ***.

***** *** **** ** exploit, ******** ****** ** moving ***** ******* **** firewalled ****'*. **** *** be **** **** **** layer-3 ******* ********, ***/** a **** ******** **** OPNSense ** ****.

****, ***** **** **** backdoor *** **********, ** malicious, *** ****** ******** block ******** ******* **** the ******* ** ****. This **** ***** *** "phone ****" ********.

*********** #*, **** **** rate ******* **** ** on *****. *** ***, that's *** * **** thing.

*** **.*% ** "****" *********** **** **** *** **** ****** threats **** **** ******.

** ****** ***** ******* you **** **** ** the *****, ********* **** country, *** ******* ** this. *** *** ** exposed ** ****? ********, greed, *** **********. *** many ***-*** ************* *** going ** ** *******? How **** ** ** to ******* ******** ** all ** ***** *******? Everyone ***** **** ******* will ** *******. ***** installations ** *********, ***********, sensitive ******... *** ***** are ***** ** ** thousands ** *** ******** of ********* ** ******* compromised **** ******. * swear, ** ******* **** Hikvision ******** ** **** down/DDoS *** *********** *******... I'm ***** ** ** furious ** *** ** you *** ******* **.

* ***'* ********** *** people **** ***** ** undisclosed ********. *** *** seems **** *** *** working ** *********.

**** ** ***********, ** is *** **:

*- **** ** ****** in *** *****.

*- ******* ** *, but ******* *** *** same: ******* ** ******* instance ****** ***'* ************, but **** * ******** public ********* **** ** whom "***" ** *** part **.

*- **** *** ** an ********** ***** ** choice.

***** *** ** **** others, *** * ***** it ** **** *** normal ** **** *** use **** ******. ** are **** ****** **** an ********, ****** ** make ****** ****.

**** ****** ** ***** one ******* **, *** specially ** *** **** testing *** ********** *** information.

** **** *** ******* me **** * ****** bit. ** ***** *********** networks *** **** ******* BEHIND ***** ******** **** 99.9% ** **** *********** do.

***...***** **** **/*** *** that ********** ****? *** numbers **** ****** **** a ********* ********* ****. Please...if *** *** ***** to ****, **** * factual "****" ****** **.

****** ****

** ******** *********** **** happen, ****'* *****.

*** ** *** *** a "********" **** ****, you **** ** **** sure **** **** ********* blackbox-testing-system ** ****** **** that **** ******** **** not ***** *** *********. It's ********** ** ** have **** ******* ** speed ** ***********, *** you **** ** **** sure (********* ***** **** great *** ****) **** your ******* **** ***** get's *** ** **** office.

* ***** **** ********* has **** *** ********/******* issues ****. ***** *** developers *** *** ***** what **** *** ***** when **** *** **** kind ** *********.

***...** **** ** * workaroung ** * *********, why ****'* ** *** something **** ** ******** like "****", "*****", "********", "superuser"? *** ****** ***** like ** ******* ****** to **** ** ***********, using * ***** **** random ******....

* ********** ***** **** this **** *** ******** for **********, ******* *** string ** *** *********** to ** *** ******* purposes ****. ** ******, I **** ** ***** for ****, **'* **** my ******** ******** *** my ********** ** ******** developer **** ***** ** that ********* ** ******* here. * ***** ***** choose **** * *********** string ** * **** to **** ** *******/*********** more **** (*********** ** course).

**** ** * *****

***...** **** ** * workaroung ** * *********, why ****'* ** *** something **** ** ******** like "****", "*****", "********", "superuser"? *** ****** ***** like ** ******* ****** to **** ** ***********, using * ***** **** random ******....

*** ************ ****** ** "admin:11" ******* ** ******.

**** ** * ****** approach ** ******** ********/******** combos **** ********** **********.

*** *** **** **** by ******* **** ****** into * ****** *******/*******,**** ** **** ***.

***** *** *****, * ****** ** ***** ****.

** * **** ** ******* *** ***** ***** *** ******** :-)

** **** *** **** ************* ****** ** *** ***** *** their ******** ***** ****, *** *** **** ***** *** ***** string ** **** ******** **** *******/***********?

*** ******** ***** **** is *** *********'*, ** is ** *********** ********** work, ***** ** *** of **** *******.

****** - **** *** Online

** *** *** ** our ********* *** ******* online ** ****** ***** to **** ******* **.

*** ****** ** ********** at:

****://*****************.****.***

******* ****:

*** * ******** **** the ******:****://*****************.****.***/*****-****/********?****=************

*** ****** ****:****://*****************.****.***/******/**********?****=************[****: *** ****** **** say "**** *** **** does *** ****** ** have *** ***** ***********”, look ** *** ****** info ******* ***** ****]

******* *****:

****, ***** ** ****** this **** *** ** getting *******, *** **** of **** *** ** allow ****** ** *** out **** ********, *** see *** **** **** exploit ** ** ***********. Please *** ** ******* from ******* ******** **** would ******* **.

**** ** *** ****** commands ******* *** ** do ** **** ***, and **** ** *** file. ***** *** ******* ways ** ** ****, but **** ** *** simple ******* ***** **** from * ******* ****:

*) **** * **** called "*********" *** *** the ********* **** ** it:

*** *******="*.*" ********="***-*"?> version="1.0" *****="****://***.***-***.***/*****/*********">***********> ********************> *********>

*) *** **** ** PUT *** ****, ***** with *** ****** *** to **** *** ********* function:

**** -* ********* ****://*****************.****.***/*****/********/*/*********?****=************

**** ****** ** ********* on ** * *** linux ******* ** *******, and *** ************ ** **** ****.

**** ** **** ******** in******* **********, *** ******** ** Windows **.

**, * **** **** **** **** ***** *** ******* *** not ***'*/***'*, *******?

* ***** *** **** ** * *** ********* *** *** got ** *******.

***, **** ** ******** to ********* *******.

***** * ***** **** is ******** **** ********* had **** *****, * think **'* ******** ********* that *** **** **** this **** ******* ******* and *** **** *** that ********* ******* ****** a ***** ** *** more ******* ****** ** the *******.

********* *** ***** **** of *** ******:

**** ********** ** ************ *********** **** ********, ******** easy ******* ** ********** Hikvision ** *******.

*** **** ** *** first ******* ****** ** the ******:

*** ********** ********* ****** with ******** ******** ** vulnerable ** ******** ******** or ********.********* ******** * ******** fix ** ***** ********** **** ***** **** 60%+ ** ********* ******* are ***** ********** (******** below).

******** ****** **** *** funny:

**** **, ********* ** even ****** *********** **** *****...

******* **** ******** *** **** ** ********* ** **** *****:

****** ************* ******* *********** ******* ** **********'* ********?

**** ** *****!

**** ** *********** *** I **** *** ***** in *** *****. ** biggest ******** ** *** would ****** **** ***** cameras ******** ********** *** a ****** ** ** a **** ******* ******** to *** ******? **** in *** ***** ****** network ****, *** ***** this ****** ** ******** facing *** ***? * understand *** ********** ** security, *** * ***'* trust *** ****** ** really *** ***** *** device ** ** ******** accessed ** *** ***. I ********** ** ***** is ** ******* ** DVRs ** **** ******* those *** **** ***** configured ** ** ******** accessible.

* ***** ** **** point, ***** ************ ***** to **** **** * significant **** ** ***** budget ***** ** ** allocated ** ***** ***** security ******* ** ******** if **** ****'* ***** so *******. * ******* there *** ******** ******** in ***** ******** *** hackers **** ** ****** devices **** ***** ****** share.

* ******* ***** *** probably ******** ** ***** products *** ******* **** to ****** ******* **** large ****** *****.

***** * **** ** agree **** **** *******, it ** ***** ******** out **** *** ******** of *** ***** ******** vulnerabilities ********* *** ******** from **** **** **** simplistic ** ******.

*** ************* ****, *** example, ** **** *** kind ** ***** *** would ****** **** ** early *****, *********** ******* that *** *** **** the ********* ** ******** address ***** ********.

********* ** ******** ******* when ** ***** ** cyber ********. **** **** statements ***** ***** ******** commitments, *** *** ** downplay ***** ********* ********, but **** ***** **** and *********, ***** ** no ****** *** ****** like ****-***** ************** ****** mechanisms ** ******** ********.

* ********** *****. ***** has *** **** ******. They *** ******* *** Onvif ******* *** **** when **** ******* *** other ***** *******, *** Onvif ******* ********** *** I ***** *** *** been ***** ** ** least ** ***** ************** is ****** **, *** camera ** ****** ***** in ** ********.

*** ******* **** ********* is **** **** ***** a ********* ******** **** fix ***** ******. *******, lip ******* **** **** so ***.

** ************ ***** ***** aren't ****** ******* ***** that *** ** ***** concern. *** ***** ******* is ******** ****** *** engineering *** ** **** of ****** ******** ********. It's ***** ***** **** a ****** *** ** teach ***** ************* *** to ******** ****** ***** devices ** ***** ***** circuits. **** *** ***** companies **** ***** ********* departments *** **** ***'* write ******** ***** *** when *** *** ***** specs, **** ***** ***'* know. *** ********** ****** needs ** **** *** pray **** **** *** system ** ********, **** it's * ***** ******. If ***, **** *** integrator **** ***** **** troubleshooting ** **** ******* quiet.

* ***** *** **** reason **** *** *** been ******* *** *** is **** ***** ***** are ** ******* **** are ******** ** ** used *** ******** ** are ******* ** *** security ******** *** *** up ******** ********** *** secure.

***.

******** *** *** ***** to ********** *** *****. Just *** *******.

* ***'* **** ** Dahua *** * "***** string" ******** ******. **** is * *** **** extreme.

**** ****** *** **** ******* *** ******* **** ** ** so ******* ** ****** **** ****** ****** ** *** ****** after *** ****. (** - ****** ******** ** *** ******)

* *** **** *** from ********** ******* **** camera ** *** ******** that ******** * *** of ****** ***'* **** realize ***** ******* *** on *** ********.

* ********* ** ****** to ***** *** *** port ******** ** ***** things, ******* *** ****** in, *** *** ****. I **** ** **** forward ** *** ** was ******* ********* ******* UPnP (************* *** **) defaults ** ** ** my ******.

* ******* **'* *** same *** **** ** these *********** *****, *** their **********/***********, ** **** exist, ***'* **** *** better. ****'* *** ***** are ***** ********* ******** flaws *** ****** **** not *** ** ******* with **** ********.

**** ****!

***** *. *** * **** * ****-**** ***** **** *****?

** **** ** ** will *** *** ** stuck ** * **** or **** ** ************. If *** ***** ** will, ***** ** ** me *** * *** run ** ** * different ******.

**** **** *** **** *******. ****** ** **** *** ***** 1 ******.

********** **** ** ******? ** ***** **** *** ***-*** ** back *** ** **** ****.

***** ****.

*** *** **** *** code *** **** ** test ****?

*'** **** **** *** **** *******. **** ** ****** **** just ***** *********'* *** **** *** ****. ** **** ***'* work *** **** ******* * **** * ***** ***.

**** -* *** ****://**.***.**.***/******/******/?****=************

**** -* *** ****://**.***.**.***/******/******/?****=************

* ***** ** ***** the **** *** ** the ******** ****

**** -* ****** *****************.****.***

***** *** **** **** zzfile ******** *** ******** XML *******

*** *** *** ********* result:

% ***** % ******** % ***** ******* ***** Time **** **** *******
***** ****** ***** ***** Left *****
* *** * * 0 * * * --:--:-- *:**:** --:--:-- *html>
******** *****: ****** *** Allowed
****** *****: *** -- Method *** *********>
****** *** *** ********* by **** ******* ** this ******** *>
****>
****>
*** *** *** *** 100 *** *** *** 0:00:02 *:**:** --:--:-- ***

* **** ***** * POST ******* ****

**** --******* **** -* @zzfile *****************.****.***

*** *** *** ********* result:

���


*****>
/>


/>

****>

****>

******.********.**** = "/***/****/*****.***?*" + (new ****()).*******();
******>

**, * ***'* **** things ******* *** *** ...

*** **** *******, **** perl ********** ****** *** you ****** ***. *** reference, *** *** ** called ** ******* *** text *** **** ** overlay, ** * *** Y *** *** *** text, *** *** ** for *** **** (*..* , ********* *..*, ********* on ****** *****):

*** *********** {
** ($*******, $****, $****, $ID) =@*;
***** "******* **** $******* on ******...\*";

$***********='*** *******="*.*" ********="***-*"?>

'.$**.'**>
***********>
'.$****.'****>
'.$****.'****>
'.$*******.'*******>
***********>';

** $******** = $**->*******(*** 'http://'.$DeviceIP.'/Video/inputs/channels/1/overlays/text/'.$ID.'?auth=YWRtaW46MTEK',
************ => '****/***',
******* => $***********);

}

**** **** ****** *** overlays (***** ** ** alternate ****** ** ****** individual ******** ** ** as ****):

*** ********** {
***** "******** ******* ****\*";
** $******** = $**->******('****://'.$********.'/*****/******/********/*/********/****/*??****=************');

}

***** *** *** ***** formatting, **** ** *****.

*** **/*++ **** ** quite **** ***.

******** *** ******* ** OpenSource ******* *** **** OS (***.**.**).

****** * *** ******* and *** "** += network" ** **** .*** file.
****** ** ******** ** QNetworkAccessManager ("**********" ** ** example) *** ******* *** "finished" ****** *** ****** processing ** ******.

.* ***********
*******:
********************** **********;

.*** ***********
****->********** = *** *********************(****);
*******(****->**********, ******(********(**************)), ****, ****(*************(**************)));

**** *.*. *** **** buttons ** **** ** and **** *** ********...

*** (********)

*************** *******;
*******.******(****("****://*****************.****.***/*****-****/********?****=************"));
****->**********->***(*******);

*** (*** ******* *)

*************** *******; *******.******(****("****://*****************.****.***/*****/******/********/*/********/****/*?****=************")); *******.*********(***************::*****************, "text/xml");
********** **** = "*** version=\"1.0\" ********=\"***-*\"?>***>***********>******>*******>****** IPVM *** **** **** demo ****!*******>***********>";
****->**********->***(*******,****);

*** *** *** *** "replyFinished"-Slot ** *****/******* ******* (e.g. **** ********* **** files ** **** ****** xml *********).

** ******, ***** * shell ** **** **** as *** ****** *****, but * **** *++ more :-)

** ******, ***** * shell ** **** **** as *** ****** *****, but * **** *++ more :-)

* ***** ******* * or *++. ***** ********* I ****** **** ****, but * *** **** pressing ****** ** **. The *** ***** * have *** ** **** a * *******, * was **** ** ****** out **** ** ** just ****** ** *** my *** ****.

** *** ***** **** to *** *** *** and *** ******** ******* in **/*++, *** * should ** **** ** make * **** ****** configuration ****...

** ******* ******** **** code (** #*'* ****** request) **** **-***** ** Shodan ** ******* *********, It ***** ** **** to ****** (** *******) many ********* ** ******* worldwide. **** ********* ***** return ***** ******* ******* they *** "******" ** stuck ** ****** *****.

**** ***** ***** *** financial ************ *** ********* if **** ******** ********* send **** ***** ******* or **** ********* ******* simultaneously.

***** ***** *** ********* to **-******** **** ***** create :)

** ******* ******** **** code (** #*'* ****** request) **** **-***** ** Shodan ** ******* *********, It ***** ** **** to ****** (** *******) many ********* ** ******* worldwide.

******. * ***** * quick ****** ** *** through * ****** ****** and **** *** *****-**** URL. ******** **** **** intentions ***** ****** ******* a ******** ** ********* cameras, ***** ***** ****** cause * **** ** support *****, * **** of ***/*********** *****, ** maybe ****?

****** **** *** ********* ***** ** **...

**** ***** ***** *** financial ************ *** ********* if **** ******** ********* send **** ***** ******* or **** ********* ******* simultaneously.

**** ****** *** ******** - *** **** ** these ******* *** **** market / ******* ********? I ***'* **** *** answer *** *****'* ********* many *** ***** ***** that ********.

*** ****** ****** ***** to ******* *** ************* date. ** ** ***** be ******** ** ****** only ******* **** *** in- ** *** ** warranty ** ******* ***** to **** ********* ** benefit **** *** *******. Of ****** **** **** not **** *** **** market *******.

** ********* ***** *** this ****** ** **** cameras **** *** *** of ********, **** ***** be * **** **** to ***** ***** **** replacement *****.

********** ***** *** **** tool ** ******* ********* cameras ** ***** ****** (by *** **) ** trigger ******* *****.

***** **** ******* ** a ****** ***** ****? :)

* ***** ****** ****** not ** ***** **** forum ** ********** **** to ****, **** ** otherwise ***** ************* ** Hikvision *** ***** *********. In *** *** *** people *** **** ***** cameras ********* *** **** normal ****** *** **** on *** ******* ** keep ***** ******** ******, watch ***** ******** ** for ***** ****** *******. If ******* **** *** advice ***** **** ** could ***** * **** inconvenience *** ******** ********* harm ** ********* ** unsuspecting *** ***** *** are ********** ********

*** *********** ** **** page ***** ****** **** anyone *** ***** **** need ** ***** **** problems *** *********. * think *** *** **** about *** ** ****** automated ******* ** ***** mass *********** ** ********* should ** *******. ************ other ******* ** ******* harm **** ** ******** people *** ** ***** a ****** ** ***** a ****** **** ****** be *******.

******* * ******* **** is **** ** ******* people ***** *** ******** in *** **** ******** but *** **** ** a ***** ***** ****** can ***** *** ** hack *** ***** ****.

* ** *** **** for ** *** ********* and **** **** ******* to ****, * **** think **** ** ********* here ** ***** *** could ****** ** ******* to **** ******.

* ***** *** *** talk ***** *** ** create ********* ******* ** cause **** *********** ** Hikvision ****** ** *******

** **** *** ****** one *** ** **** are *******. ****** ********* and ******** *** **** up **** **** ******** before * ****** ****** is ****** ****** ***** it, *** ***** **'* also ***** *** ** design ******** *** **** sure ***** *********** ** safe **** **** *****.

* ***** **** ** essay ** ***** ******** (*****://***.********.***/******/********/****/**/********************.****):

"******* ******** ****** **** accurately ********* ***** *** risk. ******* ********* ****** debate ***** ********, *** inhibits ******** ********* **** leads ** ************. ******* doesn't ******* ********; ** stifles **."

** ** ******* **-******** is ** ***** **** is ********* *** **** in *** ********. *** so **** *****, ****** really ***** *****. **** products *** * ******** risk *** ********.

***** ******** *** **** about ***** ** ******** by *** ****!

***** *****/******** **** *** talk ***** ***** ** checked ** *** **** if ******* ** ** home!

**** *** *** ** trusted "********" ******** ***** a *** ********** **** to *** ***** ** the ********. **** ***** products, *** **** ** bigger **** ******* *** products *********.

* ********** **** *****, but * ******* **'* much ****** *** *** whole ******** ** ******** the ********* ** **-******** to ***** * ***** where ** *** **** secure ********.

** *** *** * big ***** **** ***** everyone ** **** *** developers, *** - ** a **** - ****** that ** **** ********** will ******* ******* ********. The ******** ******** ** big ****** ***** **** this ** *** *** truth. *** ****** ** developers ** **** ** indication ** *** ***** that ***** ********** *** cause ** **** **** in **** *********.

* **** **** **** ongoing ********** ***** **** some *********** ***********, *** I ******* **** ******* will ****** ** ** do *** *** ** inform *** **** **** our ******** *** **** the ***-*********.

***** *** **** **** how ** ******* **** issues. ***** *** **** good *** ******** *** there. ***** *** ******* that **** *** *******/******* built-in, **** ******* *** to ********* ****** *********** to *** ********, ** matter **** ****** ***'** using ** ****** *** cameras. *** ******** ***** to ***** ** ***** IT-Security, **** ***** **** if *** ****** ******** cause * ********* ****.

**** ** * *****

#*, ****** *** *** feedback *** * ********** the *******.

*****, **** ** ******* damaging ******'* *********. **** is *** ** *** effectively *********** *** *** camera(s) *** *** ****.

*******, ** ***** ** talk ** ***********, ****'********** ** *** ****** disclosure **** ***** ******. **** ** *** key *******:

******* **** ********* ******* only ******* ******** ****** by ***********, *** *** flash ********* **** ** render ******** ** ********* of ********* ******* *********** unusable **** **** *** simple **** ****.

** *** '***********' ** fairly ******* ***** *** bad *** ********* ******** is.

** ***** ** *********, the ******* ** ** many ****** ** **** industry ****** ************* **********. The ***** '*** ****** could **** ** ***** so *** *****!'

*** **** ** **** live **** ** ** show ****** **** ***** and *** **** ****** care ***** *************.

*** ******** ** ****** the ****** ** ******** is **** ***** ***. Many ************* **** ** keep ***** *** ***** to ***** ***** ** require ** ***. *** the **** *** *** there *** ***********.

** ** ***'* **** it, ****** **** **** it *** ***** *****. Some ************* ******** **** their ***.

********* **** ********** *** a ***** *****, ** was *** ** **** forward * ****** *** remote *******, ***********, ***. End ** *****. *** end **** *** *** use ** **** *** anymore, *** ***** ***. Or **** *** ** app ** **** *** camera *** ** **** works.

*** ******** ***** ** be ** *** ******.

****** *** **** **** thru *** ****** ***** network **** ********* **** or ** *** ********** it ** *** ******** is ******* * * key **** ** ******** by ****** *** ******* in ***** **********.

*** *** ********** ** iran **** ********* ** connected ** *** ********? Even *** ****** ******* need **** ***** ********.

*** *** ********** ** iran **** ********* ** connected ** *** ********? Even *** ****** ******* need **** ***** ********.

**** ** ** ********* example ** *** *** cannot **** ** ******** device ****** ****** ** network ************ *****. *** can ******** *** ****, but *** ********* **.

**** ******-** ** **** '************' **** *** ********* *** *** other ***...

*** ** **** ******* directed **?

* **** ****** ** comment ** *** ******** part.
****** *** ******* ** your *** *** *** published ** *** ******** does ***
**** ******* ***'* *** in. ** ** ******** the ******* ******, ** is *********
***** ****** ** **** cost ********* ******. ***** tend ** ** ***** stores ***
***** ***** ***********. **** of ***** ********* ***** free **** ** ***** customers.
*************, ******** ** ***** people **** **** *** router (***/**** ********)
***** ****** *** ******, Cameras *** ********* ****. Hopefully **** ****
******* *** ******* ******** on *** ******. *** it ** ********* **** for * ******
** *** *****, *** the **** ******* *** monitor *** ******* *********** cash ************.

* ***** **** ** further ** ******** *** that **'* **** **** to ******** * ***** recording
****** ***** * ********* Pi, **** ** ** to *** ******** *** have ** ****** *** closing
********* ** *** ********. Now *** ****** *** sufficient *********** ** *** the *****.
********, * **** **** many ****** ***** *** camera ******** ******* *** code ** ***
**** *** **** ***** to ***** ** ****** overnight.

******, ** *** **** exploits *** *******!!!
***** ** ****** * way **, **'* **** a ****** ** *** difficult *** **** ** for *** *******.
**** ******* **** *** in, ****** ********** ****, effort, ****** (*** ****** engineering). *** **** *******, all ****** ******* ** the *****, ******* **** knowledge, **** **** * field ***.

*** *** *** ********* on ********* **** *** already ******** **? **** exploit *** **** *******. Common ***** ***** ** people ****** ** ********* the ******** **** ***** this.

**** **** ** *** show ** ** ******* in *** ******* ********.

*** ******** ******** ******* the **** **** ***** was * *************, *** the ******* *** *** been ******** *********. ***** this ******* * ****** of **** *** ********* users, ***** *** ** least *** ******* **** specifics **** *** ******** known.

***, *** ********** ****** the ******* *** ******** full *******, ***** *** significantly ********* *** **** to ********* ****** ******. This ** *** ** released *** *** ****** (and *** ********* ****** have *********** ******** *********).

***, *** ******** *** patched **** *******, ******* our ***** **** ******** of ********* ** ******* with ****** ************* *** still **********. ******* ******* likely **** ** ***** be *******, ** **** are ********** ** ****** attacks ** *** ******** connected ** *** ********.

**** **** ** *** show ** ** ******* in *** ******* ********.

***** *********'* ***** ****** of *************** *** ********, it *** ** **** a ****** ** **** before **** ** ****. I **** *** ** not ***** **** *** current ******** ** ******* the *** **** *** removed *** ********, *********, and ***** **** **** compromise *** ******** ** Hikvision *******, ** **** would ** **** ********.

** **'* ********** ************** to **** **** ********* are ********* ***** ********? If *** *** **, patching * ******** ** a **** ***** ******.

**, ** ** ***** responsibility ** **** **** their ******** **** *** have ****** *********** ********* in *** ***** *****.

******** ******** ** * good ***** ****** ** you *** ****** ******* bugs, ****-**** *********, *** enhancing *************. ******** ******** to ***** ***** ********* is **** ****** * bank ****** *** * good ***** ****** ** returning ***** ** *** occasions ** ** ******.

******* ****** **** **** is ********* ** **** people *** ****** "******** recovery *********" *** ******* them ** *** ********. Thus, **** ******* ** out ***** *** *****. It ** ********* *** a *** ****** *** end **** ** **** about **** *** ******* against **. **********, ** was * ************* ** theory, *** *** ***** exploit **, *** *** had ** **** ***'* word ** ** ** to **** ** ***, how *** ** ***, etc.

*** ***** ** ***** that ** ***'* **** a "********* **********" ** they ***** ** **** it, ** ********* ******* pages, ***. ** ** a **** ****.

** ****** *** ***'*/***'* update *** ******** ** installed *******, *** **** could **** *********, *** force ***** ** ****** firmware. **** *** ****** their *****, *** *** stand ****** ***** ***** partners (***** ***/*** ******* & *****), *** **** clearly ****** ****** (***** off) ** **** *** service.

**** ** **** * basic *******. ** ********* modification ** **** ** cookies, ***. **** ** even ***** **** *** Sony ******** ******** ***** from **** ****.

****** **** ****** **** shut **** *** **** and ***** **** ***** is/is ** ********, ***. Any ******* **** **** than * *** *********** and *** *** *** fresh *** ** ****** would ***** ***** **** in. ***** *** ** many ***** *********** **** to **** ****. ** they ***** ***** ********, they ***** **** ***** care ** **** ** their *** *** ****** it **** ** * "security ***********" *** ** it **** **** *** in *** ******** **** brush ** *** ** a *********** ***** **** was ***** **** **.

*******, ********** **** ** find **** ** ***** own *** ******* ** to **** *********** ** expose ** ** ***** them ** *** **.

** *** *** **** market *****, ** ** still ***** **************. **** if *** ******** *** designed *** *** ******* market, ** ***** ** be *****. ** ** still * ****** ************ by ****, ** ***** their ********. *** ** story.

********* *** ***** **** to ***** ******** ******** they ***** ***** *** Apple/Android/Windows ****** ***** *** push ******* ** ******* devices. ******* ** ****'* work ** **** * couple ** ***** **** with **** ****** *** other ******* ********** ****** app ****** ******** ******* accidentally. ** **** ***** past ****** **.

*** ******* ***** ** ***'* ********* *** ******** ***? ** this *******, **** ***** ******* ******** *** ****** ** ********** devices ***** ***** ******. *** *** ******* ******** *** ****** in *** ******* ********* *****?

***, **** ***** * section ********** ************* ** OEM *******:

OEMs **********

**** ******** *** **** found ** *** *******, we ****** *** ********* cameras *** ***** **** vulnerable:

  • *** *********-*** ** ******** V5.4.0build ******
  • ***** **** ****** - 0E-21BF40 -****** ** ******** V5.3.0build ******

***** ********* *** ******* are ****** ********** ** well, *********** ********** *** number ** ********** ******* online *************.

****** *****, ** ***** be **** *********** ** you ***** ****** *** numbers ** ********** ******* found ** ****** ********* OEMs ** *** *** full *********/****** ** **** exploit. *** * ***** understand ** **** ** too **** **** ☺️

*'** **** ******* *** ** ***** *** ** ****. **** risks *** ***** ** **?

** ******** ***** *** *** ****** ********* ***. *** ** my *****, **** **** ***** * ******** ** ******* **** me *** ** ** ****** ** *** ** ** ********?

**** *** ****** ** on *** **** *** as *** ******* **** PCs **** ******* ****** passwords, ****** *****, *** return ****, ****** ******** numbers, ***.?

********* ***** *** *** cameras **** *** ********, the **** ** ************************* ** ****.

**** ********* *************** ***** exist **** ********** **** be ********** *** ********* is ********** ** *****. It ***** **** ** trust ** *** ********.

* ******* ** ******. **** ** **** ****, ***** ***.

** **** ****** **. **** ***** ** *** ** **/**** SV:V5.4.5_170124

****----- ***** ****** **** *** ******* *** ******* *** ****, this ****** ****** ** ****.

******** *** ****** ** the ****** ******** (********* it's ***** *** *** model) ** *** ***** step, *** *** ****** probably ** ***** ***** that **** ****** *****'* have **** ******* ****** you ******* *** ******. That ****** ******* ** least *** ****** ** its ******** ** ********, even ** *** ******* and ******* ******* **** turned *** **** *** camera ** *******. ** you **** ****** ****** to *** ******, *** a *** *** *******.

********* *********, **'* ***** situational. ******* *** *** access ** *** ****** somehow ******** **** **** to **** **** ***'** not ****, *** ** the ****** ** ** your ***** ******* **** all *** ***** ****, it ***** ** *****. If ** **** ***** the ****** ******* ********** to *** ********, **'* only * ****** ** time ****** ******* ****** your **** *** ******* it, ******* **** ** prank *** ** *** on **** ******** **** just *** ***** ** not ******.

** *** ****** ** not ********** *** ******** and ****** ****** *** internet, **'* ****** *** house *** ***'** ********* your ***** ******* ***'* have ***** ******* ** such ******, **'* ******** fairly **** ** *** it. **'* *** **** where ******* ******* **** house *** **** ** that ***** ** * risk **** ***** ***** of ***** *********.

...

****** -

** ******** *** ********* video, ******* **** *** simple ** ** ** utilize **** ******* ** retrieve ** ***** ******** and ****** *********** **** a ******. ** **** show *** ******** ***** tool ** ***:

*****,

**** ** ***** "********" ***** **** *.*.* ********

**** ** ********, ** it *** ***** ** version *.*.* (******** ** March ****) *** **** models.

**** *********'* "*********-********** ************* Notice":

********* ******** ** **** and ** ************* ************ *** **** ****:

** == **** ********??!

** == **** ********??!

***, ***** *** *** clarifying ****.

**, ** **** *******, is "******* **, ********* ** Hikvision *** ***. *** Hikvision ****** ***"

******, ******.

*** ******* ** ***** overly ********* ***** *******. * **** ***** read *** ******** ** "promoting ********* ******** ***** China *** *** ******* people."

* ******* ** ** correct ** "*****" = Chinese ********** *** "******* people" = ********* *********.

*** **** ********* ******** to ****** *** *******? They ****** ***** ** continuous ************** *** ******* improvement.

****** **** ******* ** reminding ***** **** ************* is * ******* *** everyone ******* ** ****** a ***** *** **** at ***** (*** ** Headquartered ****** *** ******) he *** ***** ** a ************ ******, *** spoke ***** *** **** threats. ** ***** ** difference ***** ************ *** prefer ******** ** ***** to **** ** ************* because ** ** ** ongoing ****** ** *** equipment.

** ***** ***** *** finger ** ** *****, but ******** **** *** point *** ****** ** me *** *** ******** three ** ********!

****** **** ******* ** reminding ***** **** ************* is * ******* *** everyone

***** ****** ** ** make ************* * ***-***** by ******* **** ******** has *** **** ***** security ********. *** *********'* track ****** ** *** last **** (**** * magic ****** ********, * compromised ****** *******, ******** passwords ** ***** ****, cracked ******** *****, ***.) show *********.

* *** ********* ********** the ***** ***** ****** to ** **** *** the ********** ******* ** factually *****.

“***** ***** **** * ****, ********* *** *** ** **** to **** *** **********.”
― **** *****

**, *** ****** **** are *****?

****, * ****’* ** ** *** * ** **** ** funny!

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Locking Down Network Connections Guide on Apr 23, 2019
Accidents and inside attacks are risks when network connections are not locked down. Security and video surveillance systems should be protected...
Axis Supports HD Analog on Apr 15, 2019
In 2017, Axis declared 'Everything is IP': Now, in 2019, Axis has released support for HD analog, with their new encoders.  Why the change?...
ISC West 2019 Report on Apr 12, 2019
The IPVM team has finished at the Sands looking at what companies are offering and how they are changing their positioning. See below for 50+...
Spring 2019 IP Networking Course- Register Now on Apr 04, 2019
Register now for the Spring 2019 IP Networking course here. Just $299 for the course. This is the only networking course designed specifically...
Silicon Valley Cybersecurity Insurance Startup Coalition Profile on Mar 20, 2019
Many industry people believe cybersecurity insurance is not worth it, as the voting and debate in our Cybersecurity Insurance For Security...
Genetec Security Center 5.8 Tested on Mar 19, 2019
Genetec has released Version 5.8. This comes after a wait of more than a year that caused frustrations for many Genetec partners. Our previous...
Hikvision Favorability Results 2019 on Mar 18, 2019
Hikvision favorability results declined significantly in IPVM's 2019 study of 200+ integrators. While in 2017 Hikvision's favorability was...
ONVIF Favorability Results 2019 on Mar 15, 2019
In the past decade, ONVIF has grown from a reaction to the outside Cisco-lead PSIA challenge, to being the de facto video surveillance standard...
Arcules Favorability Results 2019 on Mar 08, 2019
Arcules has amazing advantages. Tens of millions of funding from Canon. Unlimited access to Milestone's source code (see our test results). But...
Prysm PSIM Profile on Mar 05, 2019
A decade ago, PSIM promised significant potential but has always suffered from significant problems. Now, a number of PSIMs have either gone out of...

Most Recent Industry Reports

Ex-Integrator Now Growth Strategist Interviewed on Apr 24, 2019
For more than a decade, Scot MacTaggart was a security integrator (at PA-based PSX). In late 2018, he left the industry. He is now a Growth...
19 Facial Recognition Providers Profiled on Apr 23, 2019
IPVM interviewed 19 facial recognition providers at ISC West to understand their claimed accuracy, success and positioning. 9 from China, where...
Locking Down Network Connections Guide on Apr 23, 2019
Accidents and inside attacks are risks when network connections are not locked down. Security and video surveillance systems should be protected...
Hikvision Admits USA Sales Falling on Apr 22, 2019
Hikvision, in a new Chinese financial filing, has admitted that its USA sales are now falling. Less than a year after the US government passed a...
Speco Ultra Intensifier Tested on Apr 22, 2019
While ISC West 2019 named Speco's Ultra Intensifier the best new "Video Surveillance Cameras IP", IPVM testing shows the camera suffers from...
Arecont Favorability Results 2019 on Apr 22, 2019
Arecont's net negativity remained the same in IPVM's 2019 integrator study, though integrator's feeling became relatively more neutral compared to...
H.265 Usage Statistics on Apr 19, 2019
H.265 has been available in IP cameras for more than 5 years and, in the past few years, the number of manufacturers supporting this codec has...
ACRE Acquires RS2, Explains Acquisition Strategy on Apr 19, 2019
ACRE continues to buy, now acquiring RS2, just 5 months after buying Open Options. One is a small access control manufacturer from Texas, the...
Access Control Course Spring 2019 - Last Chance on Apr 19, 2019
 Register for the Spring 2019 Access Control Course----Closed IPVM offers the most comprehensive access control course in the industry. Unlike...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact