IPVM Site Goes All HTTPS, Largest 3 Manufacturers Do Not [Axis, Dahua Fixed]

By: John Honovich, Published on Jul 12, 2016

IPVM.com now serves all pages over HTTPS to improve security and privacy. However, a number of video surveillance manufacturers do not, including the largest 3. We review both of these items, including notable manufacturers lack of support in this report.

Moving to All HTTPS

HTTPS encrypts connections between a visitor and a server / site like IPVM. This reduces risk against attacks, tampering and eavesdropping when visiting a site. 

HTTPS everywhere is a rising trend. Historically, HTTPS was used only for specific pages on a site, such as login / authentication and sending of specific sensitive information. Over the last few years, technology leaders have increasingly shifted to using HTTPS for all connections. In particular, Google is campaigning for "HTTPS Everywhere".

Adding EV Certificate

In addition to serving all IPVM.com pages over HTTPS, we have obtained an Extended Validation (EV) Certificate. This goes beyond simply using an HTTPS connection, adding an identity validation process (where a certificate authority manually verifies an organization)  to provide further assurances to our visitors.

Now, IPVM pages show an additional Green bar on Chrome, signifying our EV certificate, before the URL entry like so:

 

This is similar to the security / assurances large corporations provide, e.g., here is Bank of America:

Benefits

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

While there are always cyber security risks and HTTPS is not a cure all, we expect implementing HTTPS site wide and adding an EV certificate to improve security and privacy when viewing IPVM.

For those wanting more direct benefits, Google indicates potential SEO / search traffic improvements for sites using HTTPS.

Moreover, the process of doing this was not particularly hard. Even a site with as many sections / elements as IPVM took less than 40 hours total to do the migration, solve any bugs in the transition and get the EV certificate added.

Industry Support

However, quite a number of large industry players do not.

No Default HTTPS

Of the manufacturers IPVM most frequently covers, here are those who do NOT default to HTTPS:

This includes the 3 biggest manufacturers in the world, companies one would expect to be on the forefront of things like that (Hikvision and their 5,000 engineers, Axis and their cybersecurity marketing, etc.)

UPDATE and Axis Warning

Not only does Axis not use HTTPS by default, they do not use HTTPS on their login page. This presents a risk of one's password being stolen before it is submitted via HTTPS. This is demonstrated at StealMyLogin. [Hat tip U1, who called this out in the comments]

Unfortunately and ironically, Axis requires this insecure login to access firmware to solve their critical security vulnerability (which we strongly recommend you do).

[Update Nov 2016: Axis has added HTTPS for their login page.]

[Update April 2017: Dahua has added HTTPS for their website [link no longer available]]

Yes Default HTTPS

By contrast, here are some manufacturers that DO default to HTTPS:

  • (YES) Exacq (with an EV certificate)
  • (YES) Hanwha Security [link no longer available] (formerly Samsung)
  • (YES) Pelco
  • (YES) Milestone
  • (YES) Arecont Vision (with an EV certificate) added September 2016)
  • (YES) Genetec added November 2016

Distributors

Both ADI and Anixter default to HTTPS. Surprisingly, PSA Security, who is heavily marketing cybersecurity, has not. Additionally, Tri-Ed has not either.

Associations

ASIS defaults to HTTPS and has an EV certificate but SIA, who is also heavily marketing cybersecurity, has not.

Trade Magazines

None of the 7 trade magazines we checked had defaulted to HTTPS though, in fairness, they are still focused on print.

Outlook

Larger organizations that have lots of customers should default to HTTPS. We definitely expect many more manufacturers to do so. 

If you have more information or you company has moved to site-wide HTTPS, leave a comment so it is noted.

Comments (49) : Members only. Login. or Join.

Related Reports

Vulnerability Directory For Access Credentials on Feb 20, 2020
Knowing which access credentials are insecure can be difficult to see,...
Dynamic vs Static IP Addresses Tutorial on Apr 16, 2020
While many cameras default to DHCP out of the box, that does not mean you...
Disruptive Free Lead Generation Added To IPVM on May 15, 2020
IPVM has added lead generation for sellers, for free, disrupting the...
Access Visitor Management Systems Guide on Jul 22, 2020
"Who are you, and why are you here?" Facilities that implement Visitor...
Facial Recognition: Weak Sales, Anti Regulation, No Favorite, Says Security Integrators on Jul 07, 2020
While facial recognition has gained greater prominence, a new IPVM study of...
IPVM For PR / Marketing People on Apr 29, 2020
Since IPVM does not accept advertising nor sponsorships, etc., PR / marketing...
"He Is An Idiot!" Exclaims SIA Director John Mack on Mar 23, 2020
Here is another inside look into the "leaders" of the security industry. SIA...
Faked Coronavirus Fever Detection, Athena Used Hikvision; Responds - Selling NDAA Compliant Cameras, Pledging 50% Of Profits to Victims on Mar 24, 2020
US company, Athena Security, faked its coronavirus fever detection marketing,...
IPVM To Disrupt Trade Shows With Launch of Online Shows on Mar 17, 2020
IPVM is launching Online Shows, a series of ongoing events that allow sellers...
Fever Camera Sales From Integrators Surveyed on Jun 01, 2020
Fever cameras are the hottest trend in video surveillance currently but how...
Every VMS Will Become a VSaaS on Feb 21, 2020
VMS is ending. Soon every VMS will be a VSaaS. Competitive dynamics will be...
Hikvision Hides Xinjiang R&D Activities on Apr 22, 2020
Hikvision has systematically deleted evidence showing their R&D base and...
Last Chance - Spring 2020 IP Networking Course - Register Now on May 06, 2020
This is the last chance to register for the only networking course designed...
Hanwha Wisenet X Plus PTRZ Tested on Feb 14, 2020
Hanwha has released their PTRZ camera, the Wisenet X Plus XNV-6081Z, claiming...
Facial Recognition 101 on Mar 18, 2020
Facial recognition interest, use and fear is increasing. This guide aims to...

Recent Reports

VSaaS Will Hurt Integrators on Aug 06, 2020
VSaaS will hurt integrators, there is no question about that. How much...
Dogs For Coronavirus Screening Examined on Aug 06, 2020
While thermal temperature screening is the surveillance industry's most...
ADT Slides Back, Disappointing Results, Poor Commercial Performance on Aug 06, 2020
While ADT had an incredible start to the week, driven by the Google...
AHJ / Authority Having Jurisdiction Tutorial on Aug 06, 2020
One of the most powerful yet often underappreciated characters in all of the...
SIA Coaches Sellers on NDAA 889B Blacklist Workarounds on Aug 05, 2020
Last month SIA demanded that NDAA 899B "must be delayed". Now that they have...
ADI Returns To Growth, Back To 'Pre-COVID Levels' on Aug 05, 2020
While ADI was hit hard in April, with revenue declining 21%, the company's...
Exposing Fever Tablet Suppliers and 40+ Relabelers on Aug 05, 2020
IPVM has found 40+ USA and EU companies relabeling fever tablets designed,...
Indian Government Restricts PRC Manufacturers From Public Projects on Aug 04, 2020
In a move that mirrors the U.S. government’s ban on Dahua and Hikvision...
Directory of 201 "Fever" Camera Suppliers on Aug 04, 2020
This directory provides a list of "Fever" scanning thermal camera providers...
Face Masks Increase Face Recognition Errors Says NIST on Aug 04, 2020
COVID-19 has led to widespread facemask use, which as IPVM testing has shown...
Dahua Loses Australian Medical Device Approval on Aug 04, 2020
Dahua has cancelled its medical device registration after "discussions" with...
Google Invests in ADT, ADT Stock Soars on Aug 03, 2020
Google has announced a $450 million investment in the Florida-based security...
US Startup Fever Inspect Examined on Aug 03, 2020
Undoubtedly late to fever cameras, this US company, Fever Inspect, led by a...
Motorola Solutions Acquires Pelco on Aug 03, 2020
Motorola Solutions has acquired Pelco, pledging to bring blue back and make...
False: Verkada: "If You Want To Remote View Your Cameras You Need To Punch Holes In Your Firewall" on Jul 31, 2020
Verkada falsely declared to “3,000+ customers”, “300 school districts”, and...