IPVM Vulnerability Scanner Released

Author: IPVM Team, Published on Jun 18, 2018

IPVM is proud to announce video surveillance's first and only cybersecurity vulnerability scanner. This tool allows quickly and simply identifying known video surveillance vulnerabilities. It is available as a Windows and MAC download, free for all to scan a single IP address at a time or to scan entire networks at once for IPVM members.

This 30-second overview explains what the vulnerability scanner does:

Download it from the options below:

Benefits of the Vulnerability Scanner

The reality is your video surveillance cameras or recorders may have vulnerabilities you are simply unaware of:

(1) You may have bought OEMed equipment (e.g., Honeywell, Interlogix, Tri-Ed, ADI, ADT, etc.) and not even realize you have vulnerable Dahua or Hikvision equipment.

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

(2) You may not have gotten word from your manufacturer on vulnerabilities as most manufacturers strive to minimize publicity of these issues.

(3) And, even if you are aware of vulnerabilities, you may not have found all the devices that are vulnerable in your system.

The Scanner addresses this by looking for the known signatures of these vulnerabilities, automatically examining your networks and reporting back on your cameras or recorders that show vulnerabilities.

How To Video

The following video shows the basics of how to use the Scanner and what options can be used:

Privacy Built-In

The Scanner has privacy built-in, it never uploads, records nor shares any vulnerability information. It displays this only on your own computer.

The only outbound requests the Scanner makes is to get updated versions and for member sign-in to enable scanning entire networks.

Known Limitations

The Scanner has some known limitations:

  • MAC OUI addresses are used as part of identifying vulnerable devices. If we are missing a MAC OUI, we could potentially miss a vulnerability. If the scan is being done remotely, where MAC OUIs are not available, we cannot as definitively verify the vulnerability (displayed as 'possible') in such cases.
  • Vivotek has a known vulnerability but we are not currently scanning for it since the check involves crashing the web server. Since, we do not want to endanger any potential product systems, we are currently omitting it but searching for an alternative technique.
  • We have limited the number of IP addresses that can be simultaneously scanned to a Class B address range to minimize probing the public Internet for insecure devices. That, combined with the limitation on MAC OUI checking, will limit misuse.

Thanks To Bashis

While any error is entirely IPVM's, we would like to thank Bashis, (1) for finding so many of these manufacturer vulnerabilities (e.g., 1, 2, 3, 4) and (2) for volunteering feedback on the Scanner's implementation to improve its functionality.

Future Features

We have a number of requested and potential future features. In no particular order:

  • Exporting results: In 1.0, we show a list of results with IP addresses and vulnerability information. In the future, we will add a way to download that list to a csv or text file.
  • Local history: Members have asked for a way to store a local history of previous searches (e.g. different IP addresses or ports, etc.).
  • Default / weak passwords: Another cybersecurity concern are devices using default passwords (see our list) or weak passwords (e.g., 1234, abcd, password, etc.). We are considering a future addition that scans for such issues.
  • OEM detection: Members have asked about notifying them if they have products that are OEMed from Dahua, Hikvision, etc. This could help them identify potential vulnerabilities and products that are prohibited.

Ask Questions / Share Problems

Surely there will be many questions and certainly some problems. We are happy to answer any questions and help with any problems, either commenting below or emailing us - support@ipvm.com

Download

Download it from the options below:

2 reports cite this report:

VMS Camera Management Shootout - Avigilon, Dahua, Exacq, Genetec, Hanwha, Hikvision, Milestone, Network Optix on Oct 29, 2018
Camera setup, configuration and maintenance are the most common tasks when managing a surveillance system. Who does it best and worst? Who offers...
The Dumb Ones: PSA's Bozeman On Cybersecurity on Jun 15, 2018
The smart ones are the hundred people who flew to Denver and spent $500+ on a 1.5-day conference featuring (now US government banned) Dahua as a...
Comments (71) : PRO Members only. Login. or Join.

Most Recent Industry Reports

'Sticker' Surveillance Camera Developed (CSEM Witness) on Nov 16, 2018
The Swiss Center for Electronics and Microtechnology (CSEM) has announced what it calls the: world’s first fully autonomous camera that can be...
ISC East 2018 Mini-Show Final Report on Nov 16, 2018
This is our second (updated) and final show report from ISC East. ISC East, by its own admission, is not a national or international show, billed...
Facial Detection Tested on Nov 16, 2018
Facial detection and recognition are increasingly offered by video surveillance manufacturers. Facial detection detects faces in an image/video...
Throughtek P2P/Cloud Solution Profile on Nov 15, 2018
Many IoT manufacturers either do not have the capabilities or the interest to develop their own cloud management software for their devices....
ASIS Offering Custom Research For Manufacturers on Nov 15, 2018
Manufacturers often want to know what industry people think about trends and, in particular, the segments and product they offer.  ASIS and its...
Hikvision Silent on "Bad Architectural Practices" Cybersecurity Report on Nov 14, 2018
A 'significant vulnerability was found in Hikvision cameras' by VDOO, a startup cybersecurity specialist. Hikvision has fixed the specific...
French Government Threatens School with $1.7M Fine For “Excessive Video Surveillance” on Nov 14, 2018
The French government has notified a high-profile Paris coding academy that it risks a fine of up to 1.5 million euros (about $1.7m) if it...
Integrator Credit Card Alternative Divvy on Nov 13, 2018
Most security integrators are small businesses but large enough that they have various employees that need to be able to expense various charges as...
Directory of Video Intercoms on Nov 13, 2018
Video Intercoms, also known as Video Door-Phones or Video Entry Systems, have been growing in the past decade as more and more IP camera...
Beware Amazon Go Store Hype (Tested) on Nov 13, 2018
IPVM's trip to and testing of Amazon Go's San Francisco store shows a number of significant operational and economic issues that undermine the...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact