Just a quick clarification. Hanwha cameras can stream H.264/H.265 on mobile device browsers, not just MJPEG. Screenshot below showing an X series camera streaming H.265 video in the browser on an Android phone. Only older models are MJPEG only for plugin-free
It is hard to believe we're still discussing ActiveX on shipping products going into 2020. I still have to use IE more often than should be necessary for Panasonic NVRs and legacy cameras. Last generation cameras requiring ActiveX is fine. Current product refreshed in the last two years should not require ActiveX. I am halfway expecting Flash or Silverlight for the next model revision in 2026.
Congrats to Hanwha, Bosch, and Axis for being ahead of the curve.
Updated: We added a section on malware found in the ActiveX plugin of some Hikvision NVR firmwares, which they sent a notice to dealers about today (though this notice is not yet available on their cybersecurity center):
One key danger of using web interfaces with plugins required is the potential for malware to be installed when installing ActiveX. As a current example, in December 2019, Hikvision sent a notice to dealers revealing that a malware-infected version of their webcomponents plugin was available for 3 months:
Hikvision has recently discovered that a browser plug-in from a specific version of Hikvision NVR firmware, was inadvertently infected with malware. This firmware was available on the Hikvision USA and Hikvision Canada websites for about three months.
Affected firmware has since been replaced with a clean, malware-free version. Malware was contained in firmware for specific NVR lines, not all Hikvision cameras, but highlights a critical risk not present in plugin-free interfaces.
I would just like to note that telling me which cameras work in which web browsers is not nearly as useful as telling me which NVR software works in which web browser. While I recognize that there might be a very minuscule amount of people who directly access the cameras themselves, that is not most people so this has no relevance for most.
The main people who are accessing the camera web interface is a technician on-site installing, configuring, or troubleshooting a camera. An end-user or IT may also access it to troubleshoot or monitor status.
Some large integrators or end users may very restrictive cyber security policies that restrict activeX or in some countries, there are versions of Windows without IE, or Mac/Linux where there is no IE.
This is showing how certain brands have not developed new code for their products for so many years and rely on outdated code and technologies that may be vulnerable.
So, besides a tech in the field banging their head against the wall trying to change a quick setting, it shows you how a manufacturer is developing their products, and updating to current trends and their cyber values.
Understood, having said that, I can't remember the last time I logged into a camera directly to troubleshoot an installation. I use linux on my laptop and don't even think twice about it because I almost never need to login to the camera itself.
I believe some H264/H265 plugin-free implementations will introduce a delay of 5 seconds or more (because of the buffering needed). Was this considered in the tests? I have seen DASH/HLS protocol implementations introducing up to 30 seconds delay. This is not usually acceptable for surveillance.
A list of which VMSes support H264/H265 plugin-free implementations (with or without introducing delay) would also be nice.
Agree
Disagree
Informative: 1
Unhelpful
Funny
Create New Topic
Subscribe to IPVM Research to read the full report.
Why do I need to subscribe?
The IPVM Research Service includes products tests and shootouts plus competitive and financial analysis, helping decision-makers better evaluate purchasing, partnering, developing, and/or competing against companies in physical security.
Comments (13)
Undisclosed Integrator #1
This article would be greatly enhanced with an IPVM trademark chart showing which models and manufacturers supported which configurations.
Create New Topic
Undisclosed Manufacturer #2
Just a quick clarification. Hanwha cameras can stream H.264/H.265 on mobile device browsers, not just MJPEG. Screenshot below showing an X series camera streaming H.265 video in the browser on an Android phone. Only older models are MJPEG only for plugin-free
Create New Topic
Undisclosed Integrator #3
It is hard to believe we're still discussing ActiveX on shipping products going into 2020. I still have to use IE more often than should be necessary for Panasonic NVRs and legacy cameras. Last generation cameras requiring ActiveX is fine. Current product refreshed in the last two years should not require ActiveX. I am halfway expecting Flash or Silverlight for the next model revision in 2026.
Congrats to Hanwha, Bosch, and Axis for being ahead of the curve.
Create New Topic
Ethan Ace
Updated: We added a section on malware found in the ActiveX plugin of some Hikvision NVR firmwares, which they sent a notice to dealers about today (though this notice is not yet available on their cybersecurity center):
One key danger of using web interfaces with plugins required is the potential for malware to be installed when installing ActiveX. As a current example, in December 2019, Hikvision sent a notice to dealers revealing that a malware-infected version of their webcomponents plugin was available for 3 months:
Affected firmware has since been replaced with a clean, malware-free version. Malware was contained in firmware for specific NVR lines, not all Hikvision cameras, but highlights a critical risk not present in plugin-free interfaces.
Create New Topic
Riley Flaherty
I would just like to note that telling me which cameras work in which web browsers is not nearly as useful as telling me which NVR software works in which web browser. While I recognize that there might be a very minuscule amount of people who directly access the cameras themselves, that is not most people so this has no relevance for most.
Create New Topic
Wagner Cunha
I believe some H264/H265 plugin-free implementations will introduce a delay of 5 seconds or more (because of the buffering needed). Was this considered in the tests? I have seen DASH/HLS protocol implementations introducing up to 30 seconds delay. This is not usually acceptable for surveillance.
A list of which VMSes support H264/H265 plugin-free implementations (with or without introducing delay) would also be nice.
Create New Topic