IPVM Vulnerability Scanner Released

Author: IPVM Team, Published on Jun 18, 2018

IPVM is proud to announce video surveillance's first and only cybersecurity vulnerability scanner. This tool allows quickly and simply identifying known video surveillance vulnerabilities. It is available as a Windows and MAC download, free for all to scan a single IP address at a time or to scan entire networks at once for IPVM members.

This 30-second overview explains what the vulnerability scanner does:

Download it from the options below:

Benefits of the Vulnerability Scanner

The reality is your video surveillance cameras or recorders may have vulnerabilities you are simply unaware of:

(1) You may have bought OEMed equipment (e.g., Honeywell, Interlogix, Tri-Ed, ADI, ADT, etc.) and not even realize you have vulnerable Dahua or Hikvision equipment.

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

(2) You may not have gotten word from your manufacturer on vulnerabilities as most manufacturers strive to minimize publicity of these issues.

(3) And, even if you are aware of vulnerabilities, you may not have found all the devices that are vulnerable in your system.

The Scanner addresses this by looking for the known signatures of these vulnerabilities, automatically examining your networks and reporting back on your cameras or recorders that show vulnerabilities.

How To Video

The following video shows the basics of how to use the Scanner and what options can be used:

Privacy Built-In

The Scanner has privacy built-in, it never uploads, records nor shares any vulnerability information. It displays this only on your own computer.

The only outbound requests the Scanner makes is to get updated versions and for member sign-in to enable scanning entire networks.

Known Limitations

The Scanner has some known limitations:

  • MAC OUI addresses are used as part of identifying vulnerable devices. If we are missing a MAC OUI, we could potentially miss a vulnerability. If the scan is being done remotely, where MAC OUIs are not available, we cannot as definitively verify the vulnerability (displayed as 'possible') in such cases.
  • Vivotek has a known vulnerability but we are not currently scanning for it since the check involves crashing the web server. Since, we do not want to endanger any potential product systems, we are currently omitting it but searching for an alternative technique.
  • We have limited the number of IP addresses that can be simultaneously scanned to a Class B address range to minimize probing the public Internet for insecure devices. That, combined with the limitation on MAC OUI checking, will limit misuse.

Thanks To Bashis

While any error is entirely IPVM's, we would like to thank Bashis, (1) for finding so many of these manufacturer vulnerabilities (e.g., 1, 2, 3, 4) and (2) for volunteering feedback on the Scanner's implementation to improve its functionality.

Future Features

We have a number of requested and potential future features. In no particular order:

  • Exporting results: In 1.0, we show a list of results with IP addresses and vulnerability information. In the future, we will add a way to download that list to a csv or text file.
  • Local history: Members have asked for a way to store a local history of previous searches (e.g. different IP addresses or ports, etc.).
  • Default / weak passwords: Another cybersecurity concern are devices using default passwords (see our list) or weak passwords (e.g., 1234, abcd, password, etc.). We are considering a future addition that scans for such issues.
  • OEM detection: Members have asked about notifying them if they have products that are OEMed from Dahua, Hikvision, etc. This could help them identify potential vulnerabilities and products that are prohibited.

Ask Questions / Share Problems

Surely there will be many questions and certainly some problems. We are happy to answer any questions and help with any problems, either commenting below or emailing us - support@ipvm.com

Download

Download it from the options below:

1 report cite this report:

The Dumb Ones: PSA's Bozeman On Cybersecurity on Jun 15, 2018
The smart ones are the hundred people who flew to Denver and spent $500+ on a 1.5-day conference featuring (now US government banned) Dahua as a...
Comments (70) : PRO Members only. Login. or Join.

Most Recent Industry Reports

Alexa Guard Expands Amazon's Security Offerings, Boosts ADT's Stock on Sep 21, 2018
Amazon is expanding their security offerings yet again, this time with Alexa Guard that delivers security audio analytics and a virtual "Fake...
UTC, Owner of Lenel, Acquires S2 on Sep 20, 2018
UTC now owns two of the biggest access control providers, one of integrator's most hated access control platforms, Lenel, and one of their...
BluePoint Aims To Bring Life-Safety Mind-Set To Police Pull Stations on Sep 20, 2018
Fire alarm pull stations are commonplace but police ones are not. A self-funded startup, BluePoint Alert Solutions is aiming to make police pull...
SIA Plays Dumb On OEMs And Hikua Ban on Sep 20, 2018
OEMs widely pretend to be 'manufacturers', deceiving their customers and putting them at risk for cybersecurity attacks and, soon, violation of US...
Axis Vs. Hikvision IR PTZ Shootout on Sep 20, 2018
Hikvision has their high-end dual-sensor DarkfighterX. Axis has their high-end concealed IR Q6125-LE. Which is better? We bought both and tested...
Avigilon Announces AI-Powered H5 Camera Development on Sep 19, 2018
Avigilon will be showcasing "next-generation AI" at next week's ASIS GSX. In an atypical move, the company is not actually releasing these...
Favorite Request-to-Exit (RTE) Manufacturers 2018 on Sep 19, 2018
Request To Exit devices like motion sensors and lock releasing push-buttons are a part of almost every access install, but who makes the equipment...
25% China Tariffs Finalized For 2019, 10% Start Now, Includes Select Video Surveillance on Sep 18, 2018
A surprise move: In July, when the most recent tariff round was first announced, the tariffs were only scheduled for 10%. However, now, the US...
Central Stations Face Off Against NFPA On Fire Monitoring on Sep 18, 2018
Central stations are facing off against the NFPA over what they call anti-competitive language in NFPA 72, the standard that covers fire alarms....
Hikvision USA Starts Layoffs on Sep 18, 2018
Hikvision USA has started layoffs, just weeks after the US government ban was passed into law. Inside this note, we examine: The important...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact