IP Camera Browser Support: Who's Broken / Who Works

By Ethan Ace and John Scanlan, Published Dec 10, 2019, 01:21pm EST (Research)

*** **** *****, ** ******* ******** on ******* *******, ***** ******** ***** have **** ***** *** **** **** a ******.

*** **** **** ** **** **** is *********, **** **** ************* ******** the *********** *** **** *******. *******, many ***** **.

IPVM Image

** **** ******, ** **** ** which ************* *** ********* ******* ******* and ***** ***** ******* *******, ******* over ** ****** ** **** ** our ******** ****** ************** ******** ****.

Broken ** ********

*** ********* ******* ** **** ************ browsers *** ******** ******* *** ***** plugins ***** ***** **** ** ** IP ****** ******** ****, ***** ***/** fundamental ******** **** *** ** *********. For **** ** ****, ***:********** *** ******* / ******* ***** Statistics

Browser ******* ******** ** ****

*** ** ** ****** ******, **** six ***** ******** ******* ** ******* live ***** ** ********. *******, *** all ******* ***** *** *** ******* plugins ********* *.***/*.*** ***** ** *** browser, **** ********, *******, *** **** Bosch ****** **** ********** *****.

Chinese ************* *******, *** *****/********* ********

*** *** ******* ****** ***** ******** plugins **** *** **** ** *** "big *****" ******* *************: *****, *********, and *******, **** *** ** *******'* models ********* ******* *** **** *****.

** ********, ***** *** ********* ******* are *********, **** **** *** ****** no ****** ********* ******* ***** ******* firmware, ***** ***** ****** ***** **. According ***********'* ******** *************, ****** ***** *** ******* *******, while ***** *** *** ***** ** not.

IPVM Image

*******, ** *** *******, * *** Value ****** *** *** *** ******* plugins *** **** ***** *** ***** Value ******* ****** ***.

Plugin ******: *******

*** *** ****** ** ***** *** interfaces **** ******* ******** ** *** potential *** ******* ** ** ********* when ********** *******. ** * ******* example, ** ******** ****, ********* **** a ****** ** ******* ********* **** a *******-******** ******* ** ***** ************* plugin *** ********* *** * ******:

********* *** ******** ********** **** * browser ****-** **** * ******** ******* of ********* *** ********, *** ************* infected **** *******. **** ******** *** available ** *** ********* *** *** Hikvision ****** ******** *** ***** ***** months.

*** ******** *** ***** **** ******** with * *****, *******-**** *******.

**** ******* *** ********* ** ******** for ******** *** *****, *** *** Hikvision *******, *** ********** * **** not ******* ** ******-**** **********.

Plugin-Free *.***/*.*** *******

******* ************* *** ******* *.***/* ******* plugins, *********:

  • ****
  • *****
  • ******

***** *** ******* ***** ************* ***** do *** ******* *******, ***** ***** streaming ** *** *******, ********* ********, Arecont, *********, *** *****, ********* *****.

Axis *** *** *********

************ * ******-**** *** ********* ** 2016, **** *** ******* ****** *** using **** **. **** *** ********* allows *.*** ******** ** *** ******* without *******. **********, **** ********* **** as ******** *** *** ***** ******** ActiveX *** *************, *** ***** ********* are *** ******-****, ** ****.

Bosch: ** ****** *.***/*.***

** ******* ***** *********, *.*** ******* without ***** ******* ** *** ********. For *******, *** ***** ***** ***** the********* ********* ******* *******.

IPVM Image

*******, ******** ***** ***** ******** ******* in ******** ******** *** *** *******. Plugin-free ******** *** **** ********* ******* zones (***** ******** **** *********), *** the ****-***** **** ***** ***** ** IE.

IPVM Image

Hanwha: ** ****** *.***/*.***

****** ****** (******* *, *, *** X *** **** ******) ******* * plugin-free *** *********, ***** ** **** responsive (***** *****), *** ****** ** mobile ****** ** ******** ** ***, though **** ***** ********* ****.

Mixed *******: *****/*********

** ******* ***** *** ********* ******, some ******* ******* ***** ****** ** not. *** *******, ******* ** * Value ****** **-*********-*, ** ******* *** required *** *.*** ********* ** *** browser:

IPVM Image

*******, ***** ******* ****** ** *** display *** *****, ********* ** *** ActiveX.

IPVM Image

********* ** *********'* ******** *************, ****** above *** ****** ******* *******, *** in *** ***** **** *** ***** and *********** ****** ****** ** *** browsers ******* ****.

** ***** * ******* ***** ** Dahua ******, **** **** *** ******* such ** **************+******* ************** ** *******, ***** ***** ******* models **.

No ******* ********: ***** ****

***** ****** ******* ************* ***** ** not ******* *******, *** **** ** because **** ** *** ******* *.***/* streaming ** *** *******, **** *****, which *** ** ******** ***** ****** HTML.

**** ** ********** ** ********* *******, as **** ***** *** ***** ** viewed ***** ******** ********. *******, ** is *** ** ****** ** ****** the *.***/*.*** ****** ** ***** ** preview ** *** *** ******.

*** *******, ********'* *** ** **** not ******* *******, *** ***** ** no ****** *** *.*** ***** *********:

IPVM Image

*** **** *** **** ** ******* and **** ***** ***** ******, ** well ** ******* *** ***** ****** in **** *****.

Uniview: ******* ********

*** **** ************ ****** ***** ******** plugins ** *** ******* ** *******. All ******, ******* *****, ***, ** Easy, ******** ******* *** *.*** *** MJPEG *********.

Manufacturer *******

** ********* ** ******* **** * manufacturers *** ******* * ********* ** which ******* ******* *.***/**.** **** ****, MJPEG **** ****, *** ***** ******* plugins. ***** *** *** ******* **** the ********* *******:

IPVM Image

***** *** *** ******* **** *** fixed ***** ****** *******:

IPVM Image

Browser ******* ****** ******

**** ***** ********** ****** ******* ***** (** ***** did):

******* ** ****, **** ******* *** required, ***** *** *********** ***** ***** Internet ********, ******* *** ***,******** ******** *****, *** **** ** ******* *******.

H.264 / *.*** ********* *******

************* **** *********** *.*** *** *.*** streaming ***** *** *** ******* ******* NPAPI *******:

  • ***** ***** ********. ******** ********************* * **** ***** ******** ******* the***********. **** *********** *** ***** *** be ******** ***** ********** (*** ******* ***** *** ******** ** ****** **********).

  • ******.********* ******** *** **** **** ************* between ***** *** *** ********** *** also ** **** *** ************ **** live ********* ***** *** ****. ******’*********** ********** ****** ** ****** ** ***** between * ******* *** **.

Comments (13)

This article would be greatly enhanced with an IPVM trademark chart showing which models and manufacturers supported which configurations.

Agree: 7
Disagree
Informative: 2
Unhelpful
Funny

Thanks U1 - We updated the report with the charts / graphics that you suggested.

Agree: 2
Disagree
Informative
Unhelpful
Funny

Just a quick clarification. Hanwha cameras can stream H.264/H.265 on mobile device browsers, not just MJPEG. Screenshot below showing an X series camera streaming H.265 video in the browser on an Android phone. Only older models are MJPEG only for plugin-free

Agree: 3
Disagree
Informative: 4
Unhelpful
Funny

What is it looking at? That looks like a camper toilet.

Agree
Disagree
Informative
Unhelpful
Funny: 1

It is hard to believe we're still discussing ActiveX on shipping products going into 2020. I still have to use IE more often than should be necessary for Panasonic NVRs and legacy cameras. Last generation cameras requiring ActiveX is fine. Current product refreshed in the last two years should not require ActiveX. I am halfway expecting Flash or Silverlight for the next model revision in 2026.

Congrats to Hanwha, Bosch, and Axis for being ahead of the curve.

Agree: 2
Disagree
Informative
Unhelpful
Funny

Updated: We added a section on malware found in the ActiveX plugin of some Hikvision NVR firmwares, which they sent a notice to dealers about today (though this notice is not yet available on their cybersecurity center):

One key danger of using web interfaces with plugins required is the potential for malware to be installed when installing ActiveX. As a current example, in December 2019, Hikvision sent a notice to dealers revealing that a malware-infected version of their webcomponents plugin was available for 3 months:

Hikvision has recently discovered that a browser plug-in from a specific version of Hikvision NVR firmware, was inadvertently infected with malware. This firmware was available on the Hikvision USA and Hikvision Canada websites for about three months.

Affected firmware has since been replaced with a clean, malware-free version. Malware was contained in firmware for specific NVR lines, not all Hikvision cameras, but highlights a critical risk not present in plugin-free interfaces.

Agree
Disagree
Informative: 3
Unhelpful
Funny

I would just like to note that telling me which cameras work in which web browsers is not nearly as useful as telling me which NVR software works in which web browser. While I recognize that there might be a very minuscule amount of people who directly access the cameras themselves, that is not most people so this has no relevance for most.

Agree: 2
Disagree
Informative: 1
Unhelpful
Funny

might be a very minuscule amount of people who directly access the cameras themselves

Quite a lot of people access cameras themselves, especially for setup and troubleshooting.

telling me which NVR software works in which web browser

That said, you make a good point. We will update this with NVR web plugin requirements. Thanks!

Agree: 2
Disagree
Informative
Unhelpful
Funny

That would be awesome!

Agree: 1
Disagree
Informative
Unhelpful
Funny

A list of browser based VMS's would also be helpful.

-Chris

IPConfigure - Browser based VMS

Agree: 1
Disagree
Informative
Unhelpful
Funny

The main people who are accessing the camera web interface is a technician on-site installing, configuring, or troubleshooting a camera. An end-user or IT may also access it to troubleshoot or monitor status.

Some large integrators or end users may very restrictive cyber security policies that restrict activeX or in some countries, there are versions of Windows without IE, or Mac/Linux where there is no IE.

This is showing how certain brands have not developed new code for their products for so many years and rely on outdated code and technologies that may be vulnerable.

So, besides a tech in the field banging their head against the wall trying to change a quick setting, it shows you how a manufacturer is developing their products, and updating to current trends and their cyber values.

Agree
Disagree
Informative: 2
Unhelpful
Funny

Understood, having said that, I can't remember the last time I logged into a camera directly to troubleshoot an installation. I use linux on my laptop and don't even think twice about it because I almost never need to login to the camera itself.

Agree
Disagree
Informative
Unhelpful
Funny

I believe some H264/H265 plugin-free implementations will introduce a delay of 5 seconds or more (because of the buffering needed). Was this considered in the tests? I have seen DASH/HLS protocol implementations introducing up to 30 seconds delay. This is not usually acceptable for surveillance.

A list of which VMSes support H264/H265 plugin-free implementations (with or without introducing delay) would also be nice.

Agree
Disagree
Informative: 1
Unhelpful
Funny
Subscribe to IPVM Research to read the full report.
Why do I need to subscribe?
The IPVM Research Service includes products tests and shootouts plus competitive and financial analysis, helping decision-makers better evaluate purchasing, partnering, developing, and/or competing against companies in physical security.
Already have an account?
Loading Related Reports