Vivotek Trend Micro Cyber Security Camera App Tested

By: Ethan Ace, Published on Jul 22, 2019

Vivotek and Trend Micro are claiming five million blocked attacks on IP cameras, with their jointly developed app for Vivotek cameras.

This new app integrates Trend Micro's IoT security platform directly into Vivotek cameras and NVRs to block brute force password attempts and over 1,000 cyber attacks.

In this report, we look at the Vivotek/Trend Micro app and see how it performs, looking at:

  • What cyber security events does it monitor and prevent?
  • What attack details are provided?
  • How does it compare to other cameras' automatic account lockout?
  • How simple is app configuration?
  • What cameras does it integrate with?
  • How does it integrate to VMS?

******* *** ***** ***** are ******** **** ******* blocked ******* ** ** cameras, **** ***** ******* developed *** *** ******* cameras.

**** *** *** ********** Trend *****'* *** ******** platform ******** **** ******* cameras *** **** ** block ***** ***** ******** attempts *** **** *,*** cyber *******.

** **** ******, ** look ** *** *******/***** Micro *** *** *** how ** ********, ******* at:

  • **** ***** ******** ****** does ** ******* *** prevent?
  • **** ****** ******* *** provided?
  • *** **** ** ******* to ***** *******' ********* account *******?
  • *** ****** ** *** configuration?
  • **** ******* **** ** integrate ****?
  • *** **** ** ********* to ***?

[***************]

*******

***** ** *** *****, Vivotek's ***** ***** *** security *** *** **** positives:

  • ******* ********* ********:**** *** ****** ** two ***** ** *******, the ***** ***** *** blocked *** ****** **** 1,800 ********* ******** ** a ****** ********* ** the ********, ********* ********** by ******** ************ *********. Users ********** ************* ** cyber ******** *** ** not **** *** ** otherwise ******, *******, *** research ***** ******* **** this ********** ****** ** installing *** ***.
  • ******* ******:*** ***** ***** *** allows ***** ** ******* instant ****** ** ***** security ******, ***** *** camera's ***** ** ****** over *****, ***** ***** VMS, ** *******'* *** VAST2 ********. ***** ****** are *** ********* ********* for *** ** ** cameras.
  • ****** ************:********** *** *** *********** only ******** ********* ** to *** ****** *** turning ** **. ** other ************* ** ********* of ******** ** ********.

*******, ***** *** *** issues ***** ***** *** usefulness:

  • ** ****** *******:***** *** *********** ******* many ******* ****** *** course ** *** *******, there ** ** ******** information ** **** ***** attacks ******* **, **** a **** ** ******* and ****. ************* ** the ******** ****** ******** more ******** ********.
  • ** ********* ** ***** settings:******, ***** *** ** threshold ** ***** ******** for ***** *************, ** users **** ******* * separate ***** ** *** event *** **** ******, potentially ******** ** ****** per *** ** ******** camera *******.
  • ** ****** ******* *******:** *** *****, ****** trying ***** ********* ******** times *** *** ******* brute ***** *********, *** did ****** ******* ***** scripts ** ******* ****** UI *** *****. ******* says **** ***** ***** detection ** ******* *** 100 ***** ******** ** 20 *******, *** ** were ****** ** ******** this.

Less ******** ** ******* ********

**********, * **** *** installs *** ******** **** a ******* ** ****** security ********* ****** *** to *** ***** ******* on *** ****** ********, significantly ******** *** *****, though ** ***** ***** be ********* ** ********* internal / ****** ******* is ******.

Versus *********** ***** ******** ********

***** *******'* ***** ***** app ****** ******** ******** functionalities *** ******* ** other *******, ** **** not ***** ****** ******* lockout ** *** ******** attempts, *** ******** ** several *************' *******, ********* Dahua, *********, *** ****** (see:** ************ ***** ******** Compared).

*******, **** ** ***** competitive ****** ** *** notify ***** ** ***** attempts. *******, *** ******* or ********'* ** ******* is ****** ******* *** a *** ****** ** time. ** **** *****, users *** **** ** idea **** *** ******* has ****** ******, ** current ******* ** *** remain *********.

Pricing *** ************

*** ***** ***** *** is **** *** * period ** *-* *****, depending ** *** ****** model,******** ** ***** ************* page.

***** **** ******, ******* varies **** $** *** per ****** *** *** year ** $** *** camera *** ** ********* license. ******** *** **** than ** ******* *** discounted **% ($** *** camera *** *** ****, $28 *** ****** *********).

Vivotek / ***** ***** ********

*******'* ***** ***** *** is ***-********* ** ******* firmware *********** ******. ***** ** **** little ************* ********, **** on/off *** ******* ****** are **** ** *****-***** systems (******* *********, ********* in ** ******** ****** pack, ********* *****).

Basic Settings Simple To Configure

***** ***** ********** *** this *** *** ************* updated ** ******* *** can ** ******** ******* as *********.

***** ** * ****** summary ******* ****** ** each **** ** ****** as **** ** ** option ** ****** **** via .*** ****** *** further *************.

Summary Of Attacks On Camera  No Detailed Information In Web UI

Events ********

*** *** ******* ***** separate ******:

  • ***** *****:************ ***** ******** ** a **** **** * per ******. *** ****** will ** ****** *** 300 ******* ***** * detected ***** ***** *******.
  • ***** ******:*** ***** ******** ** Trend *****'******* **********(********* **** *,*** ******** attacks).
  • **********:** ***** ***** ******* outbound ****** ******** **** the ******, ** **** self-quarantine ** ***** *** issue ** ** ******** without ******* ****** ** other *******.

** *** *****, **** cyber ****** ****** **** triggered, **** ** ***** force ******** ****** (****** we *********) *** ** quarantine.

Attack ********** ********

***** ***** ******* ***** to *,*** ********* *******, ranging **** ****** ****** such ** ** ******* to ****** * ****** port (***, ***, ***.) to **** ******* *************** such ** **** *********, DNS *** **** *************** and ****, ****** ******* *************(.**** ******, **.*** ***** below):

***** ******* ** **** beyond **** **** ** cameras **** ******, ***** is ********* ******* ** bad ****** ****.

Limited ****** ******

*** **** ********** ** the *********** ******** ** Trend ***** ** **** it ** ***** *** requires * ****** ********** to ********* *** ***** nature ** *** ****** or *** ********* ******** to ** (** ***).

*** *******, **** ******* in *** ******* **** shown ** *******:

Limited Attack Information In Vivotek Software

******* ** **** ** 1133810 ** ***** *****'* signatures, ** *** **** that **** ** ** attempt ** ****** * closed ****:

Rule Definition Must Be Manually Looked Up

** **** ****, ***** the **** ** ******, no ******** *** ** warranted, *** *** **** complex *******, *************** ***** be ****** ** **** knowledgeable ** ** ******* may *** **** *** to *******.

Repeated ***** ******** ** *** ******* ***** ***** *********

** *** *****, **** of *** ******** ** log **** *** ****** using ********* *********** ********* a ***** ***** *****. We ********* ** ***** to *** ****** **** wrong *********** **********, ******** (using *** ***** ******), via ******* (********** ********** URLs **** ********* ***********), and ***** **** ****** brute ***** *****.

********* ** *******, ***** Force ****** ** ********* if *********** *** ********* at * **** ** 5 *** ****** *** 20 ******* (*** ********).

VAST ****** ******** ******

** ******** ** ****** reporting, ***** *** **** use *******'* **** ******** to **** ***** *********** on ************* ******, **** graphs ** ******* **** time, ******** ** ** address, ****, *** ******** event.

Vivotek VAST Client Event Search And Trends

VMS ***********

** ******** ** ****** events *** ***** *** VAST ********, ******* **** integrates ***** ***** ****** with ******* ******** ******, and **** ********* ******** should ** ********** ** an ******** ****** ****.

***** ***** ************. ***** Micro ****** ****** *** displayed ********* ** ***** camera ******, ***** ** "CyberAttack" ** "**********", **** the *********** ********** **** and **** ***********.

Vivotek Trend Micro Events Integrated To Genetec

Versions ******

******** *******: *****

***** ***** ***********:*.****

Comments (8)

*** **** *** ** have **** ******* *** many ***** **** ***** results *** ***** *********.  However, *** ******** * have ***** ****** ***** install ** **** ** physically ******** **** *** ADMIN *** *** **** often ***** ********* ** any ****** ** ********, is **** **** ** a ******* ******* ***** that ** **** ***** see **** *** ** or ** * ******* something?

**** **********. * ********** get *** ***** ** cameras *** ** *** LAN ** *** ********** separate **** *** ********.  Just ****** ** *** past *** "** ****" point **** **** **** introduced * ******** ****** that ****'* **** *** facility ****** **** *-* partitioned *****.

** ***** **** ****** against ****** *******. *** example, **** ** ** premise ********** *** *********** a ******, **** *** cable ** ***** ******.

******* ****** ****** ******* that **** ************* *** require ****** ***** ** reactivate **.

*** *** ******** *** network ** ****** **** that. **** ***** ******* is * **** **** for ***** *****.

**... ****** **** ** paper. ***** ** ******* the ****** ** *******.

****** *: ** *** have ****** ****** ***** to ******* *** **** on ********* **** *** would **** *** ****** feed/playback ** ***** ** excessive ****** **** (***** happen *** ******** *******) and *** ***** **** manual ************ ** *** the ****** **** ******.

****** *: ** *** have *** ****** ***** to ******* ** ***/******* MAC ********* (*** **** system *** *****) **** you **** *** ******** a ****** ** ***** the ******'* *** ******* and **** ***** ******** into *** ********* *******.

**** ******* ***** ********* to ** *******. **** being **** ****** * coupled **** ********** ******** tends ** ** *** best *** ** ** for **** *********. ***** your **** ****** ** ID * ****** ***** be * ***** ********* followed ** ****** ******* than ******.

**** ** * *****. 

**** **** **** **** a **** ** *** right *********?  ** ** it ****.  ***** * have ***** **** ** sold *** ** *** above ******** *** **** with *** *********** ** least **** **** ***** steps ** ******* ***** security ****** **** ****** Cisco *** * **** piece ** ****** **** handicapping * ***** ******** specialist.  *** ************ ** IP ******* ****** **** the ******** ******* ****** just ******** ******* *** forcing ****** ********* ** a ****** *** **** industry.

Attack ********** ********

*** ** ****** **** signature?

*** "***** *****'* ****** **********" **** ** ****. Nothing *********. 

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Camera Configuration Manager Shootout - Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision on May 01, 2019
Which camera manufacturer has the best management tool? We tested 6 manufacturers - Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision to find...
Security Fail: ASISNYC Auto Emails Passwords In Plain Text on May 14, 2019
ASIS NYC automatically emails a user with the password the user just entered, in plain text, when one registers for the site / event, as the...
LifeSafety Power NetLink Vulnerabilities And Problematic Response on May 20, 2019
'Power supplies' are not devices that many think about when considering vulnerabilities but as more and more devices go 'online', the risks for...
Dahua Wiretapping Vulnerability on Aug 02, 2019
IPVM has validated, with testing, and from Dahua, that many Dahua cameras have a wiretapping vulnerability. Even if the camera's audio has been...
Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More on Aug 26, 2019
Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered...
Warning: Windows 7 Update Crashing NVRs on Aug 26, 2019
Windows 7 updates are causing VMS servers to fail to boot. After running the update, impacted systems do not boot as normal, instead display this...
ONVIF Exposure To "Devastating DDoS Attacks" Examined on Sep 06, 2019
ZDnet reported "Protocol used by 630,000 devices can be abused for devastating DDoS attacks", citing exposure of ONVIF devices. And after an...
Dahua New Critical Vulnerability 2019 on Sep 23, 2019
Dahua has quietly admitted 5 new vulnerabilities including 1 critical vulnerability with a 9.8 / 10.0 CVSS score and 2 high vulnerabilities (scored...
Verkada Notification Outage on Dec 12, 2019
Verkada is suffering an event notification outage and analytic search failures. Inside, we examine what the issues are, what Verkada told IPVM...
Wyze Massive Data Leak on Dec 26, 2019
Wyze has exposed millions of user's data, as reported by Twelve Security, and confirmed by IPVM, who has spoken with Twelve Security and reviewed...

Most Recent Industry Reports

Milestone Launches Multiple Cloud Solutions on Feb 18, 2020
Milestone is going to the cloud, becoming one of the last prominent VMSes to do so. Milestone is clearly late but how competitive do these new...
Video Surveillance 101 Course - Last Chance Thursday on Feb 18, 2020
IPVM's first Video Surveillance 101 course starts this month, designed to help those new to the industry to quickly understand the most important...
Video Surveillance Architecture 101 on Feb 18, 2020
Video surveillance can be designed and deployed in a number of ways. This 101 examines the most common options and architectures used in...
UK Stands Behind Hikvision But Controversy Continues on Feb 18, 2020
Hikvision is exhibiting at a UK government conference for law enforcement, provoking controversy from the press, politicians, and activists due to...
IronYun AI Analytics Tested on Feb 17, 2020
Taiwan startup IronYun has raised tens of millions for its "mission to be the leading Artificial Intelligence, big data video software as a service...
Access Control ADA and Disability Laws Tutorial on Feb 17, 2020
Safe access control is paramount, especially for those with disabilities. Most countries have codes to mandate safe building access for those...
ISC West 2020 Removes China Pavilion, No Plans To Cancel Or Postpone on Feb 17, 2020
ISC West plans to go on next month, amidst concerns over coronavirus. However, the Asia / China Pavilion has been removed, show organizers...
Hanwha Wisenet X Plus PTRZ Tested on Feb 14, 2020
Hanwha has released their PTRZ camera, the Wisenet X Plus XNV-6081Z, claiming the "modular design allows for easy installation". We bought and...
PRC Warns Against China Video Surveillance Hacks, Hikvision Targeted on Feb 14, 2020
Hackers are targeting China video surveillance manufacturers and systems, according to the PRC's main cyber threat monitoring body. The hackers...
IPVM Conference 2020 on Feb 13, 2020
IPVM is excited to announce our 2020 conference. This is the first and only industry event that will be 100% sponsor-free. Like IPVM online, the...