IPVM Vulnerability Scanner Released / Deprecated

By IPVM Team, Published on Jun 18, 2018

IPVM is proud to announce video surveillance's first and only cybersecurity vulnerability scanner. This tool allows quickly and simply identifying known video surveillance vulnerabilities. It is available as a Windows and MAC download, free for all to scan a single IP address at a time or to scan entire networks at once for IPVM members.

This 30-second overview explains what the vulnerability scanner does:

Benefits of the Vulnerability Scanner

The reality is your video surveillance cameras or recorders may have vulnerabilities you are simply unaware of:

(1) You may have bought OEMed equipment (e.g., Honeywell, Interlogix, Tri-Ed, ADI, ADT, etc.) and not even realize you have vulnerable Dahua or Hikvision equipment.

(2) You may not have gotten word from your manufacturer on vulnerabilities as most manufacturers strive to minimize publicity of these issues.

(3) And, even if you are aware of vulnerabilities, you may not have found all the devices that are vulnerable in your system.

The Scanner addresses this by looking for the known signatures of these vulnerabilities, automatically examining your networks and reporting back on your cameras or recorders that show vulnerabilities.

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

How To Video

The following video shows the basics of how to use the Scanner and what options can be used:

Privacy Built-In

The Scanner has privacy built-in, it never uploads, records nor shares any vulnerability information. It displays this only on your own computer.

The only outbound requests the Scanner makes is to get updated versions and for member sign-in to enable scanning entire networks.

Known Limitations

The Scanner has some known limitations:

  • MAC OUI addresses are used as part of identifying vulnerable devices. If we are missing a MAC OUI, we could potentially miss a vulnerability. If the scan is being done remotely, where MAC OUIs are not available, we cannot as definitively verify the vulnerability (displayed as 'possible') in such cases.
  • Vivotek has a known vulnerability but we are not currently scanning for it since the check involves crashing the web server. Since, we do not want to endanger any potential product systems, we are currently omitting it but searching for an alternative technique.
  • We have limited the number of IP addresses that can be simultaneously scanned to a Class B address range to minimize probing the public Internet for insecure devices. That, combined with the limitation on MAC OUI checking, will limit misuse.

Thanks To Bashis

While any error is entirely IPVM's, we would like to thank Bashis, (1) for finding so many of these manufacturer vulnerabilities (e.g., 1, 2, 3, 4) and (2) for volunteering feedback on the Scanner's implementation to improve its functionality.

Future Features

We have a number of requested and potential future features. In no particular order:

  • Exporting results: In 1.0, we show a list of results with IP addresses and vulnerability information. In the future, we will add a way to download that list to a csv or text file.
  • Local history: Members have asked for a way to store a local history of previous searches (e.g. different IP addresses or ports, etc.).
  • Default / weak passwords: Another cybersecurity concern are devices using default passwords (see our list) or weak passwords (e.g., 1234, abcd, password, etc.). We are considering a future addition that scans for such issues.
  • OEM detection: Members have asked about notifying them if they have products that are OEMed from Dahua, Hikvision, etc. This could help them identify potential vulnerabilities and products that are prohibited.

Ask Questions / Share Problems

Surely there will be many questions and certainly some problems. We are happy to answer any questions and help with any problems, either commenting below or emailing us - support@ipvm.com

Deprecated August 2019

IPVM has deprecated support for the Vulnerability Scanner and is no longer offering it for download. While the Scanner will continue to work as is, we are not currently planning to update it.

The reason for this is the difficulty of properly fingerprinting various vulnerabilities, especially those that depend on actions that could damage devices we are probing, because of the type of vulnerabilities they are.

IPVM remains open for looking at other ways to notify and alert on vulnerabilities.

2 reports cite this report:

VMS Camera Management Shootout - Avigilon, Dahua, Exacq, Genetec, Hanwha, Hikvision, Milestone, Network Optix on Oct 29, 2018
Camera setup, configuration and maintenance are the most common tasks when...
The Dumb Ones: PSA's Bozeman On Cybersecurity on Jun 15, 2018
The smart ones are the hundred people who flew to Denver and spent $500+ on a...
Comments (77) : Members only. Login. or Join.

Related Reports

Video Surveillance 101 Book Released on Jul 07, 2020
IPVM's unique introduction to video surveillance series is now available as a...
OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
IPVM Editorial Staff on Aug 01, 2020
IPVM has the largest and most experienced editorial team covering video...
Startup Visual One Presents Object Detection and Smart Search on Aug 26, 2020
Visual One, a Y Combinator backed startup led by a PhD in machine learning...
Uniview Deep Learning Camera Tested on Jul 14, 2020
Uniview's intrusion analytics have performed poorly in our shootouts. Now,...
Verkada Access Control Tested on Sep 09, 2020
Verkada raised $80 million earlier in 2020, expanding from video into access...
Camera Course Summer 2020 - Last Chance on Jul 18, 2020
This is your last chance to register for the Summer 2020 Camera Course. This...
Vintra Presents FulcrumAI on Jul 02, 2020
Vintra presented its FulcrumAI object recognition and mask detection offering...
Sony 61MP Surveillance Sensor Examined on Sep 04, 2020
For a decade, the highest resolution single-imager surveillance cameras have...
Microsoft Azure Presents Live Video Analytics on Oct 15, 2020
Microsoft Azure presented its Live Video Analytics offering at the September...
Milestone XProtect on AWS Tested on Sep 21, 2020
Milestone finally launched multiple cloud solutions in 2020, taking a...
UN Agency Buys 'Swiss' Fever Cams From Firm That Faked Accreditation, Sales, Marketing on Oct 06, 2020
A Swiss company claims to have "fully designed and manufactured" the world's...
VSaaS Online Show June 2020 - On-Demand Recording of 25+ Manufacturers Presentations on Jun 24, 2020
The show featured 25+ VSaaS providers showcasing their latest services. The...
Hikvision Impossible 30 People Simultaneously Fever Claim Dupes Baldwin Alabama on Sep 01, 2020
The Alabama school district which spent $1 million on Hikvision fever cameras...
AndroVideo Presents Edge AI Face Recognition Cameras on Jun 26, 2020
AndroVideo presented its AI at the edge face recognition cameras at the May...

Recent Reports

Avigilon Aggressive Trade-In Program Takes Aim At Competitors on Oct 20, 2020
Avigilon has launched one of the most aggressive trade-in programs the video...
Mexico Video Surveillance Market Overview 2020 on Oct 20, 2020
Despite being neighbors, there are key differences between the U.S. and...
Dahua Revenue Grows But Profits Down, Cause Unclear on Oct 20, 2020
While Dahua's overall revenue was up more than 12% in Q3 2020, a significant...
Illegal Hikvision Fever Screening Touted In Australia, Government Investigating, Temperature References Deleted on Oct 20, 2020
The Australian government told IPVM that they are investigating a Hikvision...
Panasonic Presents i-PRO Cameras and Video Analytics on Oct 19, 2020
Panasonic presented its i-PRO X-Series cameras and AI video analytics at the...
Augmented Reality (AR) Cameras From Hikvision and Dahua Examined on Oct 19, 2020
Hikvision, Dahua, and other China companies are marketing augmented reality...
18 TB Video Surveillance Drives (WD and Seagate) on Oct 19, 2020
Both Seagate and Western Digital recently announced 18TB hard drives...
Watrix Gait Recognition Profile on Oct 16, 2020
Watrix is the world's only gait recognition surveillance provider IPVM has...
Intel Presents Edge-to-Cloud Ecosystem for Video Analytics on Oct 16, 2020
Intel presented its processors and software toolkit for computer vision at...
Microsoft Azure Presents Live Video Analytics on Oct 15, 2020
Microsoft Azure presented its Live Video Analytics offering at the September...
Worst Manufacturer Technical Support 2020 on Oct 15, 2020
4 manufacturers stood out as providing the worst technical support to ~200...
Clorox Announces, Then Pulls, Fever Camera on Oct 15, 2020
For almost one week, Clorox was marketing fever cameras. The booming...
Faulty Hikvision Fever Cam Setup at Mexico City Basilica and Cathedral on Oct 14, 2020
Donated Hikvision fever cameras (claiming screening of 1,800 people/min. with...
Directory of 211 "Fever" Camera Suppliers on Oct 14, 2020
This directory provides a list of "Fever" scanning thermal camera providers...