Remote Network Access for Video Surveillance Guide

By: IPVM Team, Published on Feb 21, 2018

Remotely accessing surveillance systems is key in 2019, with more and more users relying on mobile apps as their main way of operating the system. However, remote access brings unique challenges, with system security, ease of access, and configuration difficulty all needing to be weighed against each other.

Five Remote Access Options for Video Surveillance

float: right

In this report, we explain how the five most common remote access options for video surveillance work:

  • Port forwarding
  • Universal Plug and Play (UPnP)
  • Dynamic DNS
  • Cloud / 'Phone Home' (e.g., Hikvision EZVIZ, Axis AVHS, Nest Cam)
  • Virtual Private Networks (VPNs)

(Related: Network Addressing for Video Surveillance Guide and Converged vs. Dedicated Networks For Surveillance).

2019: Cyber Security Is Critical

Before putting any surveillance system on the internet, it is critical that users understand the risks involved. Several major vulnerabilities were reported in major manufacturers' cameras, including:

  • Bosch VDOO 2018 Vulnerability - A critical vulnerability that is difficult to discover and requires sophisticated hacking skills to exploit.
  • Hikvision IP Camera Critical Vulnerability - Exploiting the vulnerability allows attacks to either take over the device or crash the camera.
  • Sony Talos 2018 Vulnerabilities - Allows commands to be executed without Admin credentials, however attacker needs to know what commands to execute so it is more complex than some other, simpler vulnerabilities.
  • Axis VDOO 2018 Vulnerabilities - Results in root access, however the attack process is very complex, requires multiple steps and requires advanced linux knowledge and hacking skills.
  • GeoVision's Unprecedented Vulnerabilities: 15 critical security vulnerabilities.  This includes root access as well as printing / displaying all credentials in clear text.
  • Hikvision Backdoor Exploit: Hikvision included a magic string that allowed instant access to any camera, regardless of what the admin password was, with the actor only needing to copy and paste.
  • Vivotek Remote Stack Overflow Vulnerability:Very easy to exploit; no special accounts, passwords, or device-specific strings/hashes are required to execute an exploit against an affected camera. Simply sending a long URL with the malicious content.
  • Hikvision Cloud Security Vulnerability: A critical vulnerability in Hikvision's global cloud servers allowed an attacker to remotely take over the server and get access to sensitive customer data.

See our Directory of Video Surveillance Cybersecurity Vulnerabilities and Exploits for more information on these and other issues, including new ones as they occur.

Because of the severity of these incidents and their increasing frequency, it is critical that users understand the basics of cybersecurity for surveillance systems, and how to protect against simple attacks at the very least.

We strongly recommend reviewing Network Security for IP Video Surveillance before proceeding.

******** ********* ************ ******* is *** ** ****, with**** *** **** ***** relying ** ****** ****** ***** **** *** of ********* *** ******. However, remote ****** ****** ****** challenges, **** ****** ********, ease ** ******, *** configuration ********** *** ******* to ** ******* ******* each *****.

Five Remote ****** ******* *** ***** ************

float: right

** **** ******, ** explain *** *** **** most ****** ****** ****** options *** ***** ************ work:

  • **** **********
  • ********* **** *** **** (UPnP)
  • ******* ***
  • ***** / '***** ****' (e.g., ********* *****, **** ****, Nest ***)
  • ******* ******* ******** (****)

(*******: ******* ********** *** ***** Surveillance ***** *** ********* **. ********* ******** For ************).

2019: ***** ******** ** ********

****** ******* *** ************ system ** *** ********, it ** ************ *************** *** ***** ********. ******* ***** *************** were ******** ** ***** manufacturers' *******, *********:

  • ***** **** **** ************* - * ******** ************* that ** ********* ** discover *** ******** ************* hacking ****** ** *******.
  • ********* ** ****** ******** Vulnerability - ********** *** ************* allows ******* ** ****** take **** *** ****** or ***** *** ******.
  • **** ***** **** *************** - ****** ******** ** be ******** ******* ***** credentials, ******* ******** ***** to **** **** ******** to ******* ** ** is **** ******* **** some *****, ******* ***************.
  • **** **** **** *************** - ******* ** **** access, ******* *** ****** process ** **** *******, requires ******** ***** *** requires ******** ***** ********* and ******* ******.
  • *********'* ************* ***************: ** ******** ******** vulnerabilities.  **** ******** **** access as **** ** ******** / displaying *** *********** ** clear ****.
  • ********* ******** *******: ********* ******** * magic ****** **** ******* instant ****** ** *** camera, ********** ** **** the ***** ******** ***, with *** ***** **** needing ** **** *** paste.
  • ******* ****** ***** ******** Vulnerability:**** **** ** *******; no ******* ********, *********, or ******-******** *******/****** *** required ** ******* ** exploit ******* ** ******** camera. ****** ******* * long *** **** *** malicious *******.
  • ********* ***** ******** *************: * ******** ************* in *********'* ****** ***** servers allowed ** ******** ** remotely **** **** *** server *** *** ****** to ********* ******** ****.

*** ************ ** ***** ************ Cybersecurity *************** *** *********** **** *********** ** these *** ***** ******, including *** **** ** they *****.

******* ** *** ******** of ***** ********* *** their ********** *********, ** is ******** **** ***** understand *** ****** ** cybersecurity *** ************ *******, and *** ** ******* against ****** ******* ** the **** *****.

** ******** ********* ********* ******* ******** *** ** Video ************ ****** **********.

[***************]

Remote ****** **** ****** **** ****

********* **** ~*** *************** **** **** */**** of ******** ************ ******* have **** **** ** remote ******:

*********** ********* *** **** and **** / **** forwarding **** * ******* minority ***** ***, ** our ******* ***** ****** *****:

Port **********

**** ********** **** *** private ** ******* ** the ******** ** ** camera ** *** ****** IP ******* ** * user's ****** ** **** it *** ** ******** accessible. Doing ** ******** ****** configuration ******* *********** ****** that **** ********** ******* will ******** ** ** it *********.

** ****** * ****** or ********, ***** ** (HTTP) *** *** (**** video *********) *** **** often **** *** **** often ******. **** ******* require ********** ***** ** be ****** *** *************, control, ** **************, ** well. *** *******, **** image ***** *** *** ports ********* ** * Dahua *** ** * consumer ******:

**** **** ** ******** devices *** ** ** viewed *** *** ********, different ******** ***** **** be ****** ** ***** internal *****, ** ********** the **** **** ** two ******* ******* ** errors.

*** *******, ** *** NVRs *** ** ** viewed ******** ***** ** address ***.**.***.**, *** **** use **** **, ******** may **** **** ****:

  • ****: ***.**.***.**:**** ---> ***.***.*.*:**
  • ****: ***.**.***.**:**** ---> ***.***.*.*:**

Universal **** *** ****

********* **** *** **** (UPnP) ** * *** ** protocols ***** ******** ****** discovery *** ************* ** a ***** *******. *** of *** **** ** UPnP ** *********** ****** port ********** (*****), ******** a **** ****** ** automatically ****** **** ******** in * ****** ******* any ************ **** *** user.

*** *******, *** ***** ***** shows **** **** ********** automatically ********* ** ***** separate ********* ** ******* (multiple ports *** ******):

*******, ** ********, **** is ********** ** **** cases. ** **** ******** networks, ***** *** *****, UPnP ********* *** ****** off, ********* ****** **** forwarding. ** ******** ***, port ******** *** *** function ********, *** ** added **** **** ****, may ******** **** ***** devices, ** *** ****** not ** ***** ** all. ****** ****** *****, error *********** ** ****** available **** **** **** mapping *****, ******* *** user ******* *** ***** of ***************. ******* ** these *******, ****** **** forwarding *** ****** **** ****** in ********** ************.

Dynamic ***

*********, **** ** *** provide ****** ** ********* to *********** *** ***** business ******** (******* ** additional ******), ** **** time, *** ****** ** address ******** ** **** may ******. *** *******, the ****** ** ******* of **** ***** *** be **.**.**.*** ***** *** tomorrow ** ***** ** **.**.**.***. If **** ****** ***** client ** ********** ** connect ** **.**.**.***, ******** ** would ****.

******* *** ******** ******* this ** ******* ** a ******* ********, *.*. Site2-NVR3.dyndns.org ******* ** **.***.*.*. The **** ******* ******* the ** ******* ************* to **** ******** ************, or ************* ******* ******* and ******* *********** ** some *****.

** ************, **** ** most ******** **** **** DVRs/NVRs. **** ************* **** their *** ******* **** services **** ** ***** who ******** ***** ********* (****** ********* ** ****** does), *** ****, ** not ****, ****** **** include * *****-** **** client, **** ** **** the ******'* ** ******* up ** ****.

**** ** ****** **** to ******* ********** ******* to * ***, ***** the ****** ******* ** update *** ** ******* upon * ****** **** render ** ***********, ********* in **** ***** *** requiring * **** ***** to ******.

Public ********** ******* **** - ****, ****, *** **** ********** 

***** ****, **** ***/** port ********** ******* ***'* devices ** *** ****** public ********, ******* **** anyone *** ******* ** connect *** ****** ***'* device ******* (*.*., ****** or ********). ******* *** attack ******** ** ******** of ******* * *** across *** ****** ********, either ****** ** ******** trying ** ********* ** by ******* ***** ** potentially ********** ******* (*.*.,****** **** ** ********* public ********** - ********* port ********* *******). *** ***** ********** with **** ****, ****** ********'* *** ************* of ***** ******: ** built * **** *** toaster, *** ** *** compromised ** ** ****. **** ******** ******* to ***** ************, *** ******* ***** ********** ************ ** ****** ********** ****** ** ***** devices ***** ****** **** forwarded ****** *******. ** ** *** recommend ****** **** ******* publicly **********.

**** *** *** ********** cameras ******************* *** **** **** ** these *************** *** ** exploit. ** **** **** a ******** ********** ** our********** ********** ******** ******** ** hack (*** ****** **********) cameras.

Cloud / '***** ****' 

** ********* *** ********** and ********* *** ****** involved ** ****** **** forwarding, ****, *** ******* DNS, ***** *********** **** become **** *********. ***** connections *** * **** of *** (********* ****** application-specific ****) ***** ******** limited ** ** **** interaction ** *********.

******* ************* ***** ***** own ***** *********, **** as **** ****************** (***** / ***-*******), ***** *******, **** Cloud, *** ****. ********/******** of ****** ******* *** security/home ********** ******* ********* also *** **** **** of ************, **** ** **** ********** **************, ** *****.

***** *********** *** ********* made *** * ****** *** (********* ***** ********, an ********** ********) ******, *** ** *** these ***** ***** (***** on *** ***** *****):

  1. ********** ****** ***** * HELLO ******* ** ******* a **********.
  2. ****** ***** ***** ***** with******** ***********.
  3. * ********* ** ********* and * ****** ****** is *** **.
  4. **** *** *** ****** is ** *****, **** sent ******* ** ** encrypted, **** ******** *** data ********* ******** (***** only ** "*********** ****" in *** ******* *****).

***** ** * ********* trace *** ** **** camera **** **** *******:

****** ***** **** ** "Application ****" *****, **** the ****** ** *** up, ******* ********* **** as ****(*), ****, ***, ***, ***., *** **** *** camera ******* *** *********.

***** / '***** ****' connections *** *** ******* and **** ******** ******* to ******* ****** ****** to **** *** ***** business. *******, *** ********* or ******** *****, ** administrators *** ** ********* about ******** ***** ******* to '*** ******' ***** firewalls.

Push ** **** ** *****

***** **** *** **** forwarding **** **** ******* for *****, ***** *** been * **** ** move ** ***** ******** in *** **** ****, at ***** ** **** due ** *** ******** in******** *** ***** *******

*** **** ******* ** this ** *********'**************** ** ***** **** HiDDNS *******, ******* ***** ** move ** ********-******* ***** ******** ** * *****-*****, ********* paid, ****. *************, **** change *** **** **** little *******, ************* *************, and ********** **** *******, leading ** **** ********* about **** ******** ***** be ************ ** *** new ******** ***** ****. See *** ****** ********* ************ '*********' ****** *** **** ***********.

**** **** **** ***** cloud ******** ***** **** ****** ** video *** ***** **** is *********** *** ****** tunnel, ******** ** ***** from *** ******* ** users ** *** ************/********* providing *** *******, ** well ** ***** ********* hosting ********. **** ***** that, *** *******, ** Hikvision's ***** *******, ***** Easy4IP, ** **** *** breached, all ***** ** *** service *** ****** ** be ********, ******* ** more ******* ******* ******** associated **** ******** *****.

Dedicated ******* ******* ********

*** **** ****** ****** historically *** ****** ************* to ******* ****** ******* and ***** ** * dedicated ***, ********* ***** hardware ********** (**** ** SonicWall ** ***** *********) located ** **** ****. This ********* ******* * tunnel ******* *** ******** to *** ****** ********, effectively ******** * ****** video *******, ******* ***** in ********* *********.

** ************, ********* **** are ********* **** **** used ** ****** *****-**** installations. *** ********** **** historically **** $***-*** *** site, ****** ****** *** dropping, ******** ******* ******** ** $100 ** ****.

Recommended - ****

** ********* ****** ******** ****** **** video ************ *******. ***** port ********** (** ****, DDNs, ***.) *** ** cheaper *** ******* ** front, **** ****** **** devices ** ***** ******** and ****** ** *** vulnerabilities *** *****. ***** cloud ******** *** ***** improved, *** *** *** risk ** **** ***** exploited ***/** *** ***** service ******** ********* ** abusing **** ******.

Test **** *********

**** **** * ******** **** ***.

[****: **** ******* *** originally ********* ** ****, updated ** **** *** then ***** ** ****.]

Comments (27)

Roger Finger

03/13/15 06:58pm

Excellent background information. In my customer base, many are reluctant to make ports open in their firewall. 'Phone home' is a good solution, since all communications are http.

You might have noticed that the major remote access software providers have mostly eliminated free service and are charging handsomely for their products. Most charge by the number of computers accessed. A LogMeIn 100 computer remote access license will cost $1200 next year!

I think TeamViewer has a better pricing model for video surveillance applications. They charge $749 for 1 technician, unlimited computers. Multi-seat licenses are $1499/2839 (single session, multi-session). These do not expire, but you have to purchase updates to stay on current software.

Gone are the good old days when remote access was free. I'm interested in what other members are using and how much they pay for it. Does any one use Bomgar? GoToMyPC? RealVNC?

John Honovich

IPVM | In reply to Roger Finger | 03/13/15 07:37pm

Roger, good feedback, thanks!

There's an excellent discussion about what different integrators are using here: Free LogMeIn Service Killed - What Else To Use?

Pat Villerot

In reply to Roger Finger | 03/13/15 09:45pm

I've made use of various VNC products (the video refresh rate of RDP is cumbersome). Aside from products like LogMeIn or Teamviewer, VNC is time consuming to deploy. I have made use of TightVNC and UltraVNC. I have not used RealVNC. VNC isn't so bad when you have a VPN to your customer sites though.

GotoMyPC is just like LogMeIn. I have not used it since discovering LogMeIn Free as GotoMyPC was much too expensive. It's $11.95/month per machine. It does have some nice features though.

Luke Maslen

IPVMU Certified | In reply to Roger Finger | 03/14/15 02:17am

Hi Roger, I use Remotix which costs about $40 and is available for Mac, Windows, iOS and Android. It has free agents which you can install on the Macs and PCs that you want to control. The initial purchase lasts forever but after a year, any future updates are obtained through an annual fee.

It is very intuitive software and uses a cloud service to help connect to the remote agents. Given the low pricing and intuitive method of connecting, I find it to be excellent.

Oðinn Burkni Helgason

IPVMU Certified | In reply to Roger Finger | 11/17/15 05:35pm

I've used TeamViewer, LogMeIn and RealVNC. The "problem" with VNC is that you need to open specific port to the computer you want to access. That is the good thing about cloud based services like TeamViewer and LogMeIn, you don't need to open any ports, it just works.

Rob Dunham

Tailored IT Solutions | In reply to Oðinn Burkni Helgason | 10/08/17 11:48pm

That's also the bad thing. It transfers your sessions over ethereal ports just like any other browser traffic which, by nature, makes it less secure.

Avatar

Joshua Hendricks

Milestone Systems | In reply to Roger Finger | 05/20/17 03:50am

Someone will probably beat me to it, but I'll see if I can dig up the VNC solution I used way back when I was doing IT work on the side.

I setup a VNC session listener on my network, and was able to have users connect to me to share their desktop via a simple exe. Since their machine initiated the connection, no port forwarding was required on the customer end. Only on my end.

That does require someone to be present at the remote session, but there may be an open source solution out there to address the need for unattended remote access without port forwarding.

Depending on your business size, it's probably cheaper to just go with an established (and trusted) solution though.

Rob Dunham

Tailored IT Solutions | In reply to Roger Finger | 10/08/17 11:46pm

TeamViewer has had its share of security vulnerabilities. I use TeamViewer for user-generated support connections, but I do not maintain any remote connections to client sites. It's just bad security practice. Each site should have their own dedicated VPN so that one compromised machine or software doesn't compromise everyone else.

Avatar

Jonathan Lawry

Trecerdo, LLC | 03/15/15 01:31pm

Regarding the Cloud / 'Phone Home' section:

The narrative written above esclusively describes TLS, essentially the encryption piece, which has little to do with the Cloud/Phone Home's ease of use as a remote connection method. The socket connection must alrready be established before any TLS handshake can begin, and TLS can "ride on" any TCP socket once it's established, "cloud" or otherwise.

The Cloud / 'Phone Home' option's ease of use as a remote conneciton method is not because of TLS, but because firewalls seldom restrict outbound connection requests, and the server to which the device is connecting usually has a name or address that will not change.

Steve Mitchell

In reply to Jonathan Lawry | 03/16/15 03:52pm

This is true. And even when non-standard ports are blocked outbound, HTTP or better yet HTTPS can be used, which are rarely blocked. Essentially, it is very easy for the device behind the firewall to initiate the outbound connection to a HTTP/HTTPS server with a preconfigured domain name. This method is going to be an increasingly common tool in many manufacturer's products.

Wagner Cunha

10/09/15 08:22pm

And now we also have peer-to-peer, for Dahua, Hik and Axis.

Paul Mukanga

IPVMU Certified | 11/12/15 03:09am
I will always use only strong passwords

Undisclosed End User #1

05/19/17 02:26pm

Just wonder will there be any Cyber attacks on our information being stored in the cloud.

Avatar

Jon Dillabaugh

Pro Focus LLC | In reply to Undisclosed End User #1 | 05/20/17 03:11pm

It's much more rare that hackers are after your actual data. They usually only want data if they can leverage it otherwise. Video data probably isn't really that valuable, unless it can be used for blackmail.

I think exploitable devices are far more interesting targets.

Rob Dunham

Tailored IT Solutions | In reply to Jon Dillabaugh | 10/08/17 11:52pm

I wouldn't say that necessarily. An extremely large number of surveillance devices are being hacked and the number is growing every day. From script kiddies with idle hands, to corporate espionage, and even foreign agencies gaining intelligence, this is a huge problem. And with more and more homes getting off-the-shelve surveillance options from their cell phone providers and big box stores, you can expect this problem to continue to grow.

bashis mcw

02/21/18 07:11pm

While talking about cyber security issues and remote access, I stumbled over this blog today with Unauthorized FLIR (Lorex) Cloud Access, pretty interesting reading.

Jason Gould

02/23/18 01:08am

VPN solutions don't have to be expensive. I've used OpenVPN for many years. On everything from a VM on server hardware, an old decommissioned desktop PC, and lately on a <$99 ubiquiti edgerouter. The edgerouter currently handles about a dozen remote users connecting via windows laptops using OpenVPN, as well as a ipsec site to site VPN. No licensing costs or anything.

You might also want to look into SoftEther VPN software. Free software. Even does SSTP VPN which is nice if you want to support connection from windows users without additional software since it is built in.

If you port forward in any capacity expect to be compromised. And certainly limit to https only, with certs, if possible.

Rob Dunham

Tailored IT Solutions | In reply to Jason Gould | 02/23/18 01:12am

I don't think it's fair to say that if you port forward you can expect to be compromised. As with anything, it depends how well you deploy your solution. With proper firewalling, there is nothing wrong with port forwarding.

That's not to say that I disagree about VPNs though.

John Honovich

IPVM | In reply to Rob Dunham | 02/23/18 01:16am

With proper firewalling, there is nothing wrong with port forwarding.

Rob, how are you 'firewalling' the ports you are 'forwarding'? By definition, the ports that are forwarded are not firewalled and exposed to public attacks. Agree/disagree?

Rob Dunham

Tailored IT Solutions | In reply to John Honovich | 02/23/18 01:18am

Port forwards don't have to be open to the world. They can be restricted to IP addresses, etc so that they cannot be accessed by attackers.

John Honovich

IPVM | In reply to Rob Dunham | 02/23/18 01:38am

While one can set restrictions by requesting IP address, this only works in practice if you know the specific limited range or number of IP addresses that will be accessing the system. However, given dynamic IP addressing and the various different networks one might be connecting over (different mobile systems, locations, etc.), it is hard to do that.

Let's say you/we do that. We set it up with a limited number of IP addresses that can access the system. Now, any time the user accesses from a different network or IP, this results in the user being blocked, frustrated and making a service call to the provider.

While I think it would be great if such restrictions could be practically managed, I think that is the exception rather than the rule.

Rob Dunham

Tailored IT Solutions | In reply to John Honovich | 02/23/18 01:50am

True. Security and convenience are polar opposites. Every increase in security results in a decrease in convenience. We have to find the right balance for each.

I personally have rarely deployed a system that was open to the world. Most people will only access from one or two connections or from one or two devices. Using a combination of IP/MAC filtering is usually not bad to manage and honestly, port forwarding is usually a last resort anyway. (I favor VPNs or proxies whenever possible.)

I would argue that anyone who is port forwarding a security system to the world is just doing it wrong. What I mean is it's the wrong solution. Nothing should ever be publicly accessible that isn't intended for public consumption, and even then nothing that isn't DMZed on the local side.

Anything that must be accessible from lots of people on many different connections should be deployed via VPN or through a cloud proxy with more granular user control. In which case the forwarded port is restricted to the IP address of the proxy.

In my opinion, the rule of thumb is simple. If you can't restrict access to a single IP or manageable device list, then don't port forward at all. I think we all agree that you can't trust your security to the device's firmware.

Jason Gould

In reply to Rob Dunham | 02/23/18 02:47am

Certainly port forwarding has it's place, but in the context laid out here (access from users with unknown ip addresses, resulting in wide open access, to data that is critical, and software that is poorly developed) I feel you are tempting fate and there is a greater likelihood you'll be hacked than not.

Just open a port and monitor how many drive by attacks you get. Try SIP port 5060 for instance. Obviously if you can limit to certain IPs, run fail2ban, have a NID (suricata, snort, etc) and HID (OSSEC) feeding a SIEM tool (alienvault, rapid7, Arcsight, etc), and more; your in a position to respond to an attack. Most aren't. I'd still argue it's a needless attack vector that should be removed regardless.

Even doing all that I'd still not recommend punching holes when it is unnecessary, and in this case it really is unnecessary. And certainly not for services not designed to run over the internet (completely unencrypted). Http, snmp (v3 the exception), rtsp (without SSL)... you're making my job easy with that attack surface. It's the same thought process people took about SMB over the internet. It wasn't built for that and no password is going to save you, and we should all know now how that ended.

I get that not everyone is as hard lined on this topic as me. But I've been in IT, with a focus on IT security for the better part of 15 years. I cut my teeth at the largest defense contractor in the US, then the SMB world, and back to a global entity dealing with IT security and strict government regulations. So I tend to be very conservative.

Rob Dunham

Tailored IT Solutions | In reply to Jason Gould | 02/23/18 02:50am

I agree with you completely. I've been saying all along that there is virtually never a need to use port forwarding. The "context laid out here (access from users with unknown ip addresses, resulting in wide open access, to data that is critical, and software that is poorly developed)" rarely, if ever happens in the real world. And if it does, it's the wrong solution.

I only said that I don't think it's fair to say you will get hacked if you port forward. As you mentioned, there are many, many ways to help mitigate that risk.

Jason Gould

In reply to Rob Dunham | 02/23/18 03:08am

I think we agree on the topic and are saying the same thing but in two different ways.

I present things how I do because it's been my experience that for most non-IT people (like C levels) it's the one thing that gets their attention. I need to lead them down the right path, and sometimes that means exaggerating a bit if necessary.

Your approach of it's the wrong solution is more diplomatic. When I say that to someone that doesn't have the understand and knowledge about the topic, it seems to translate in their brain into "it's ok to do this, it's completely safe".

Undisclosed End User #2

03/06/18 03:31pm

It would be an interesting read to see a comparison of the capabilities of the major VMS apps.

Avatar

Sean Osborne

IPVMU Certified | 08/09/18 12:06am
Great info.
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

China Dahua Replaces Their Software With US Pepper on Aug 22, 2019
What does a US government banned company do to improve its security positioning in the US? Well, Dahua is unveiling a novel solution, partnering...
JCI Sues Wyze on Aug 21, 2019
The mega manufacturer / integrator JCI has sued the fast-growing $20 camera Seattle startup Wyze. Inside this note: Share the court...
Installation Course - Register Now on Aug 15, 2019
Register Now for the September 2019 Video Surveillance Install Course. This is a unique installation course in a market where little practical...
Biometrics Usage Statistics 2019 on Aug 13, 2019
Biometrics are commonly used in phones, but how frequently are they used for access? 150+ integrators told us how often they use biometrics,...
Milestone "GDPR-ready" Certification Claim Critiqued on Aug 12, 2019
Milestone is touting that its latest XProtect VMS is "GDPR-ready" with a 'European Privacy Seal'. However, our investigation raises significant...
Dahua Wiretapping Vulnerability on Aug 02, 2019
IPVM has validated, with testing, and from Dahua, that many Dahua cameras have a wiretapping vulnerability. Even if the camera's audio has been...
Responsibility Split Selecting Locks - Statistics on Jul 22, 2019
A heated access debate surrounds who should pick and install the locks. While responsible for selecting the control systems, integrators often...
History of Video Surveillance on Jul 19, 2019
The video surveillance market has changed significantly since 2000, going from VCRs to ab emerging AI cloud era.  The goal of this history is to...
New GDPR Guidelines for Video Surveillance Examined on Jul 18, 2019
The highest-level EU data protection authority has issued a new series of provisional video surveillance guidelines. While GDPR has been in...
Wyze AI Analytics Tested - Beats Axis and Hikvision on Jul 17, 2019
$20 camera disruptor Wyze has released free person detection deep learning analytics to all of their users, claiming users will "Only get notified...

Most Recent Industry Reports

China Dahua Replaces Their Software With US Pepper on Aug 22, 2019
What does a US government banned company do to improve its security positioning in the US? Well, Dahua is unveiling a novel solution, partnering...
Security Integrators Outlook On Remaining Integrators In 2025 on Aug 22, 2019
The industry has changed substantially in the last decade, with the rise of IP cameras and the race to the bottom. Indeed, more changes may be...
First GDPR Facial Recognition Fine For Sweden School on Aug 22, 2019
A school in Sweden has been fined $20,000 for using facial recognition to keep attendance in what is Sweden's first GDPR fine. Notably, the fine is...
Anyvision Facial Recognition Tested on Aug 21, 2019
Anyvision is aiming for $1 billion in revenue by 2022, backed by $74 million in funding. But does their performance live up to the hype they have...
Dahua 4K Camera Shootout on Aug 20, 2019
Dahua's new Pro Series 4K N85CL5Z claims to "deliver superior images in all lighting and environmental conditions", but how does this compare to...
ZK Teco Atlas Access Control Tested on Aug 20, 2019
Who needs access specialists? China-based ZKTeco claims its newest access panel 'makes it very easy for anyone to learn and install access control...
Uniview Beats Intel In Trademark Lawsuit on Aug 19, 2019
Uniview has won a long-running trademark lawsuit brought by Intel, with Beijing's highest court reversing an earlier Intel win, centered on...
Suprema Biometric Mass Leak Examined on Aug 19, 2019
While Suprema is rarely discussed even within the physical security market, the South Korean biometrics manufacturer made global news this past...
Verkada People And Face Analytics Tested on Aug 16, 2019
This week, Verkada released "People Analytics", including face analytics that they describe is a "game-changing feature" that "pushes the...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact