IPVM Vulnerability Scanner Released / Deprecated

By: IPVM Team, Published on Jun 18, 2018

IPVM is proud to announce video surveillance's first and only cybersecurity vulnerability scanner. This tool allows quickly and simply identifying known video surveillance vulnerabilities. It is available as a Windows and MAC download, free for all to scan a single IP address at a time or to scan entire networks at once for IPVM members.

This 30-second overview explains what the vulnerability scanner does:

Benefits of the Vulnerability Scanner

The reality is your video surveillance cameras or recorders may have vulnerabilities you are simply unaware of:

(1) You may have bought OEMed equipment (e.g., Honeywell, Interlogix, Tri-Ed, ADI, ADT, etc.) and not even realize you have vulnerable Dahua or Hikvision equipment.

(2) You may not have gotten word from your manufacturer on vulnerabilities as most manufacturers strive to minimize publicity of these issues.

(3) And, even if you are aware of vulnerabilities, you may not have found all the devices that are vulnerable in your system.

The Scanner addresses this by looking for the known signatures of these vulnerabilities, automatically examining your networks and reporting back on your cameras or recorders that show vulnerabilities.

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

How To Video

The following video shows the basics of how to use the Scanner and what options can be used:

Privacy Built-In

The Scanner has privacy built-in, it never uploads, records nor shares any vulnerability information. It displays this only on your own computer.

The only outbound requests the Scanner makes is to get updated versions and for member sign-in to enable scanning entire networks.

Known Limitations

The Scanner has some known limitations:

  • MAC OUI addresses are used as part of identifying vulnerable devices. If we are missing a MAC OUI, we could potentially miss a vulnerability. If the scan is being done remotely, where MAC OUIs are not available, we cannot as definitively verify the vulnerability (displayed as 'possible') in such cases.
  • Vivotek has a known vulnerability but we are not currently scanning for it since the check involves crashing the web server. Since, we do not want to endanger any potential product systems, we are currently omitting it but searching for an alternative technique.
  • We have limited the number of IP addresses that can be simultaneously scanned to a Class B address range to minimize probing the public Internet for insecure devices. That, combined with the limitation on MAC OUI checking, will limit misuse.

Thanks To Bashis

While any error is entirely IPVM's, we would like to thank Bashis, (1) for finding so many of these manufacturer vulnerabilities (e.g., 1, 2, 3, 4) and (2) for volunteering feedback on the Scanner's implementation to improve its functionality.

Future Features

We have a number of requested and potential future features. In no particular order:

  • Exporting results: In 1.0, we show a list of results with IP addresses and vulnerability information. In the future, we will add a way to download that list to a csv or text file.
  • Local history: Members have asked for a way to store a local history of previous searches (e.g. different IP addresses or ports, etc.).
  • Default / weak passwords: Another cybersecurity concern are devices using default passwords (see our list) or weak passwords (e.g., 1234, abcd, password, etc.). We are considering a future addition that scans for such issues.
  • OEM detection: Members have asked about notifying them if they have products that are OEMed from Dahua, Hikvision, etc. This could help them identify potential vulnerabilities and products that are prohibited.

Ask Questions / Share Problems

Surely there will be many questions and certainly some problems. We are happy to answer any questions and help with any problems, either commenting below or emailing us - support@ipvm.com

Deprecated August 2019

IPVM has deprecated support for the Vulnerability Scanner and is no longer offering it for download. While the Scanner will continue to work as is, we are not currently planning to update it.

The reason for this is the difficulty of properly fingerprinting various vulnerabilities, especially those that depend on actions that could damage devices we are probing, because of the type of vulnerabilities they are.

IPVM remains open for looking at other ways to notify and alert on vulnerabilities.

2 reports cite this report:

VMS Camera Management Shootout - Avigilon, Dahua, Exacq, Genetec, Hanwha, Hikvision, Milestone, Network Optix on Oct 29, 2018
Camera setup, configuration and maintenance are the most common tasks when...
The Dumb Ones: PSA's Bozeman On Cybersecurity on Jun 15, 2018
The smart ones are the hundred people who flew to Denver and spent $500+ on a...
Comments (77) : Members only. Login. or Join.

Related Reports

Phone Camera Calculator Released on Mar 10, 2020
IPVM has released the first-ever Phone Calculator, video surveillance design...
Milestone Presents XProtect On AWS on May 04, 2020
Milestone presented its XProtect on AWS offering at the April 2020 IPVM New...
Video Analytics 101 on Mar 16, 2020
This guide teaches the fundamentals of video surveillance...
30 Million Criminal Face Database Tested (Captis Intelligence) on Apr 27, 2020
30 million criminal mugshots are now available for facial recognition...
Use Access Control Logs To Constrain Coronavirus on Apr 09, 2020
Access control users have included capabilities that are not commonly used...
Video Surveillance 101 Book Released on Jul 07, 2020
IPVM's unique introduction to video surveillance series is now available as a...
Vulnerability Directory For Access Credentials on Feb 20, 2020
Knowing which access credentials are insecure can be difficult to see,...
Video Surveillance History on May 06, 2020
The video surveillance market has changed significantly since 2000, going...
Uniview Deep Learning Camera Tested on Jul 14, 2020
Uniview's intrusion analytics have performed poorly in our shootouts. Now,...
Camera Course Summer 2020 - Last Chance on Jul 18, 2020
This is your last chance to register for the Summer 2020 Camera Course. This...
Last Chance - Spring 2020 IP Networking Course - Register Now on May 06, 2020
This is the last chance to register for the only networking course designed...
Camio Presents Coronavirus Social Distancing Analytics on Apr 20, 2020
Camio presented its social distancing analytics for responding to coronavirus...
Micron 1 TB SD Cards Aim To Eliminate NVRs on Apr 08, 2020
Micron has boldly proclaimed their latest 1TB microSD "eliminates the need...
Magos Presents AI Radar Object Detector on May 08, 2020
Magos presented its AI radar object detection at the April 2020 IPVM New...
Sony Launches AI Camera Sensors on May 18, 2020
Weeks after exiting the branded video surveillance business, Sony is making a...

Recent Reports

Video Analytics Online Show September 2020 Opened - Axis, Avigilon, Bosch, BriefCam, Genetec, Milestone + 30 More on Aug 12, 2020
IPVM's sixth online show will feature 35+ Video Analytics companies...
The German Company Powering Many China Temperature Tablets (Heimann) on Aug 12, 2020
Many fever tablet suppliers market German-made Heimann thermal sensors while...
Salesforce Drops Dahua and Hikvision on Aug 12, 2020
Salesforce has dropped Dahua and Hikvision as customers, forcing the two mega...
Access Control Course Fall 2020 - Register Now - Save $50 Last Chance on Aug 12, 2020
IPVM offers the most comprehensive access control course in the...
Genetec CEO Declares "We Don't Negotiate Payment With Patent Trolls" on Aug 11, 2020
Are patent trolls like terrorists? Genetec's CEO is coming out strongly...
Hanwha AI Analytics Camera Tested on Aug 11, 2020
Hanwha has released their Wisenet P AI camera, adding person and vehicle...
Alabama Schools Million Dollar Hikvision Fever Camera Deal on Aug 11, 2020
The Baldwin County, Alabama public schools purchased a $1 million, 144-camera...
Dahua Taunts Australian Government, Continues To Sell Illegal Fever Cameras on Aug 10, 2020
Dahua is effectively taunting the Australian government by continuing to sell...
HID Releases VertX Replacement Aero on Aug 10, 2020
HID is replacing two established and broadly supported types of access...
NDAA Compliant Video Surveillance Whitelist on Aug 10, 2020
This report aggregates video surveillance products that manufacturers have...
Telpo China Temperature Tablets Tested on Aug 10, 2020
The provider for overseas companies ranging from Canon Singapore to US'...
Dangerous Hikvision Fever Camera Showcased by Chilean City on Aug 07, 2020
Deploying a fever camera outdoors, in the rain, with no black body, is...
"Grand Slam" For Pelco's PE Firm, A Risk For Motorola on Aug 07, 2020
The word "Pelco" and "grand slam" have not been said together for many years....
FLIR Stock Falls, Admits 'Decelerating' Demand For Temperature Screening on Aug 07, 2020
Is the boom going to bust for temperature screening? FLIR disappointed...
VSaaS Will Hurt Integrators on Aug 06, 2020
VSaaS will hurt integrators, there is no question about that. How much...