Vivotek Trend Micro Cyber Security Camera App Tested

By: Ethan Ace, Published on Jul 22, 2019

Vivotek and Trend Micro are claiming five million blocked attacks on IP cameras, with their jointly developed app for Vivotek cameras.

This new app integrates Trend Micro's IoT security platform directly into Vivotek cameras and NVRs to block brute force password attempts and over 1,000 cyber attacks.

In this report, we look at the Vivotek/Trend Micro app and see how it performs, looking at:

  • What cyber security events does it monitor and prevent?
  • What attack details are provided?
  • How does it compare to other cameras' automatic account lockout?
  • How simple is app configuration?
  • What cameras does it integrate with?
  • How does it integrate to VMS?

******* *** ***** ***** are ******** **** ******* blocked ******* ** ** cameras, **** ***** ******* developed *** *** ******* cameras.

**** *** *** ********** Trend *****'* *** ******** platform ******** **** ******* cameras *** **** ** block ***** ***** ******** attempts *** **** *,*** cyber *******.

** **** ******, ** look ** *** *******/***** Micro *** *** *** how ** ********, ******* at:

  • **** ***** ******** ****** does ** ******* *** prevent?
  • **** ****** ******* *** provided?
  • *** **** ** ******* to ***** *******' ********* account *******?
  • *** ****** ** *** configuration?
  • **** ******* **** ** integrate ****?
  • *** **** ** ********* to ***?

[***************]

*******

***** ** *** *****, Vivotek's ***** ***** *** security *** *** **** positives:

  • ******* ********* ********:**** *** ****** ** two ***** ** *******, the ***** ***** *** blocked *** ****** **** 1,800 ********* ******** ** a ****** ********* ** the ********, ********* ********** by ******** ************ *********. Users ********** ************* ** cyber ******** *** ** not **** *** ** otherwise ******, *******, *** research ***** ******* **** this ********** ****** ** installing *** ***.
  • ******* ******:*** ***** ***** *** allows ***** ** ******* instant ****** ** ***** security ******, ***** *** camera's ***** ** ****** over *****, ***** ***** VMS, ** *******'* *** VAST2 ********. ***** ****** are *** ********* ********* for *** ** ** cameras.
  • ****** ************:********** *** *** *********** only ******** ********* ** to *** ****** *** turning ** **. ** other ************* ** ********* of ******** ** ********.

*******, ***** *** *** issues ***** ***** *** usefulness:

  • ** ****** *******:***** *** *********** ******* many ******* ****** *** course ** *** *******, there ** ** ******** information ** **** ***** attacks ******* **, **** a **** ** ******* and ****. ************* ** the ******** ****** ******** more ******** ********.
  • ** ********* ** ***** settings:******, ***** *** ** threshold ** ***** ******** for ***** *************, ** users **** ******* * separate ***** ** *** event *** **** ******, potentially ******** ** ****** per *** ** ******** camera *******.
  • ** ****** ******* *******:** *** *****, ****** trying ***** ********* ******** times *** *** ******* brute ***** *********, *** did ****** ******* ***** scripts ** ******* ****** UI *** *****. ******* says **** ***** ***** detection ** ******* *** 100 ***** ******** ** 20 *******, *** ** were ****** ** ******** this.

Less ******** ** ******* ********

**********, * **** *** installs *** ******** **** a ******* ** ****** security ********* ****** *** to *** ***** ******* on *** ****** ********, significantly ******** *** *****, though ** ***** ***** be ********* ** ********* internal / ****** ******* is ******.

Versus *********** ***** ******** ********

***** *******'* ***** ***** app ****** ******** ******** functionalities *** ******* ** other *******, ** **** not ***** ****** ******* lockout ** *** ******** attempts, *** ******** ** several *************' *******, ********* Dahua, *********, *** ****** (see:** ************ ***** ******** Compared).

*******, **** ** ***** competitive ****** ** *** notify ***** ** ***** attempts. *******, *** ******* or ********'* ** ******* is ****** ******* *** a *** ****** ** time. ** **** *****, users *** **** ** idea **** *** ******* has ****** ******, ** current ******* ** *** remain *********.

Pricing *** ************

*** ***** ***** *** is **** *** * period ** *-* *****, depending ** *** ****** model,******** ** ***** ************* page.

***** **** ******, ******* varies **** $** *** per ****** *** *** year ** $** *** camera *** ** ********* license. ******** *** **** than ** ******* *** discounted **% ($** *** camera *** *** ****, $28 *** ****** *********).

Vivotek / ***** ***** ********

*******'* ***** ***** *** is ***-********* ** ******* firmware *********** ******. ***** ** **** little ************* ********, **** on/off *** ******* ****** are **** ** *****-***** systems (******* *********, ********* in ** ******** ****** pack, ********* *****).

Basic Settings Simple To Configure

***** ***** ********** *** this *** *** ************* updated ** ******* *** can ** ******** ******* as *********.

***** ** * ****** summary ******* ****** ** each **** ** ****** as **** ** ** option ** ****** **** via .*** ****** *** further *************.

Summary Of Attacks On Camera  No Detailed Information In Web UI

Events ********

*** *** ******* ***** separate ******:

  • ***** *****:************ ***** ******** ** a **** **** * per ******. *** ****** will ** ****** *** 300 ******* ***** * detected ***** ***** *******.
  • ***** ******:*** ***** ******** ** Trend *****'******* **********(********* **** *,*** ******** attacks).
  • **********:** ***** ***** ******* outbound ****** ******** **** the ******, ** **** self-quarantine ** ***** *** issue ** ** ******** without ******* ****** ** other *******.

** *** *****, **** cyber ****** ****** **** triggered, **** ** ***** force ******** ****** (****** we *********) *** ** quarantine.

Attack ********** ********

***** ***** ******* ***** to *,*** ********* *******, ranging **** ****** ****** such ** ** ******* to ****** * ****** port (***, ***, ***.) to **** ******* *************** such ** **** *********, DNS *** **** *************** and ****, ****** ******* *************(.**** ******, **.*** ***** below):

***** ******* ** **** beyond **** **** ** cameras **** ******, ***** is ********* ******* ** bad ****** ****.

Limited ****** ******

*** **** ********** ** the *********** ******** ** Trend ***** ** **** it ** ***** *** requires * ****** ********** to ********* *** ***** nature ** *** ****** or *** ********* ******** to ** (** ***).

*** *******, **** ******* in *** ******* **** shown ** *******:

Limited Attack Information In Vivotek Software

******* ** **** ** 1133810 ** ***** *****'* signatures, ** *** **** that **** ** ** attempt ** ****** * closed ****:

Rule Definition Must Be Manually Looked Up

** **** ****, ***** the **** ** ******, no ******** *** ** warranted, *** *** **** complex *******, *************** ***** be ****** ** **** knowledgeable ** ** ******* may *** **** *** to *******.

Repeated ***** ******** ** *** ******* ***** ***** *********

** *** *****, **** of *** ******** ** log **** *** ****** using ********* *********** ********* a ***** ***** *****. We ********* ** ***** to *** ****** **** wrong *********** **********, ******** (using *** ***** ******), via ******* (********** ********** URLs **** ********* ***********), and ***** **** ****** brute ***** *****.

********* ** *******, ***** Force ****** ** ********* if *********** *** ********* at * **** ** 5 *** ****** *** 20 ******* (*** ********).

VAST ****** ******** ******

** ******** ** ****** reporting, ***** *** **** use *******'* **** ******** to **** ***** *********** on ************* ******, **** graphs ** ******* **** time, ******** ** ** address, ****, *** ******** event.

Vivotek VAST Client Event Search And Trends

VMS ***********

** ******** ** ****** events *** ***** *** VAST ********, ******* **** integrates ***** ***** ****** with ******* ******** ******, and **** ********* ******** should ** ********** ** an ******** ****** ****.

***** ***** ************. ***** Micro ****** ****** *** displayed ********* ** ***** camera ******, ***** ** "CyberAttack" ** "**********", **** the *********** ********** **** and **** ***********.

Vivotek Trend Micro Events Integrated To Genetec

Versions ******

******** *******: *****

***** ***** ***********:*.****

Comments (8)

*** **** *** ** have **** ******* *** many ***** **** ***** results *** ***** *********.  However, *** ******** * have ***** ****** ***** install ** **** ** physically ******** **** *** ADMIN *** *** **** often ***** ********* ** any ****** ** ********, is **** **** ** a ******* ******* ***** that ** **** ***** see **** *** ** or ** * ******* something?

**** **********. * ********** get *** ***** ** cameras *** ** *** LAN ** *** ********** separate **** *** ********.  Just ****** ** *** past *** "** ****" point **** **** **** introduced * ******** ****** that ****'* **** *** facility ****** **** *-* partitioned *****.

** ***** **** ****** against ****** *******. *** example, **** ** ** premise ********** *** *********** a ******, **** *** cable ** ***** ******.

******* ****** ****** ******* that **** ************* *** require ****** ***** ** reactivate **.

*** *** ******** *** network ** ****** **** that. **** ***** ******* is * **** **** for ***** *****.

**... ****** **** ** paper. ***** ** ******* the ****** ** *******.

****** *: ** *** have ****** ****** ***** to ******* *** **** on ********* **** *** would **** *** ****** feed/playback ** ***** ** excessive ****** **** (***** happen *** ******** *******) and *** ***** **** manual ************ ** *** the ****** **** ******.

****** *: ** *** have *** ****** ***** to ******* ** ***/******* MAC ********* (*** **** system *** *****) **** you **** *** ******** a ****** ** ***** the ******'* *** ******* and **** ***** ******** into *** ********* *******.

**** ******* ***** ********* to ** *******. **** being **** ****** * coupled **** ********** ******** tends ** ** *** best *** ** ** for **** *********. ***** your **** ****** ** ID * ****** ***** be * ***** ********* followed ** ****** ******* than ******.

**** ** * *****. 

**** **** **** **** a **** ** *** right *********?  ** ** it ****.  ***** * have ***** **** ** sold *** ** *** above ******** *** **** with *** *********** ** least **** **** ***** steps ** ******* ***** security ****** **** ****** Cisco *** * **** piece ** ****** **** handicapping * ***** ******** specialist.  *** ************ ** IP ******* ****** **** the ******** ******* ****** just ******** ******* *** forcing ****** ********* ** a ****** *** **** industry.

Attack ********** ********

*** ** ****** **** signature?

*** "***** *****'* ****** **********" **** ** ****. Nothing *********. 

Read this IPVM report for free.

This article is part of IPVM's 6,367 reports, 855 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

ZK Teco Atlas Access Control Tested on Aug 20, 2019
Who needs access specialists? China-based ZKTeco claims its newest access panel 'makes it very easy for anyone to learn and install access control...
Nortek Mobile Access Reader BluePass Examined on Feb 12, 2019
Nortek's Linear access control division claims to make mobile credentials "more secure and easier to use than ever before" with their BluePass...
Genetec Kiwi Intrusion Detector Analytics Tested on Nov 27, 2018
Genetec has built Kiwi Security's Intrusion Detection analytics into Security Center, aiming to simplify deployment compared to separate camera...
IPVM Vulnerability Scanner Released / Deprecated on Jun 18, 2018
IPVM is proud to announce video surveillance's first and only cybersecurity vulnerability scanner. This tool allows quickly and simply...
Genetec Now Detects Insecure Camera Firmware on Nov 29, 2017
Genetec is heavily emphasizing cyber security and cyber resilience. From initiatives like CHAVE to 2 Factor Authentication to Expelling...
Hikvision Backdoor Exploit on Sep 03, 2017
Full disclosure to the Hikvision backdoor has been released, allowing easy exploit of vulnerable Hikvision IP cameras. As the researcher, Monte...
Hikvision Security Code Cracked on Aug 08, 2017
Hikvision's 'security code' feature has been cracked and a program generating security codes is being distributed online. IPVM has obtained and...
Alarm.com Tested on Jul 13, 2017
Alarm.com has become the dominant force in smart home / remote service platform, with ~70% market share, combining their own traditional offering...
Smartcard Copier Tested (13.56MHz) on Jul 05, 2017
Copying 125kHz cards is certainly easy, as our test results showed, but how about 13.56MHz smart cards? Are they more secure? IPVM focused on the...
Hikvision Backdoor Confirmed on May 08, 2017
The US Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued an advisory for...

Most Recent Industry Reports

Verkada: "IPVM Should Never Be Your Source of News" on Jul 02, 2020
Verkada was unhappy with IPVM's recent coverage declaring that reading IPVM is 'not a good look' and that 'IPVM should never be your source of...
Vintra Presents FulcrumAI Face Recognition on Jul 02, 2020
Vintra presented its FulcrumAI face recognition and mask detection offering at the May 2020 IPVM Startups show. Inside this report: A...
Uniview Wrist Temperature Reader Tested on Jul 02, 2020
Uniview is promoting measuring wrist temperatures whereas most others are just offering forehead or inner canthus measurements. But how well does...
Dahua USA Admits Thermal Solutions "Qualify As Medical Devices" on Jul 02, 2020
Dahua USA has issued a press release admitting a controversial point in the industry but an obvious one to the US FDA, that the thermal temperature...
Access Control Online Show - July 2020 - With 40+ Manufacturers - Register Now on Jul 01, 2020
IPVM is excited to announce our July 2020 Access Control Show. With 40+ companies presenting across 4 days, this is a unique opportunity to hear...
Hanwha Face Mask Detection Tested on Jul 01, 2020
Face mask detection or, more specifically lack-of-face-mask detection, is an expanding offering in the midst of coronavirus. Hanwha in partnership...
UK Government Says Fever Cameras "Unsuitable" on Jul 01, 2020
The UK government's medical device regulator, MHRA, told IPVM that fever-seeking thermal cameras are "unsuitable for this purpose" and recommends...
Camera Course Summer 2020 on Jun 30, 2020
This is the only independent surveillance camera course, based on in-depth product and technology testing. Lots of manufacturer training...
Worst Over But Integrators Still Dealing With Coronavirus Problems (June Statistics) on Jun 30, 2020
While numbers of integrators very impacted by Coronavirus continue to drop, most are still moderately dealing with the pandemic's problems, June...