Warning: ADI and Tri-Ed Video Products Major Security Risk

By: John Honovich, Published on Sep 22, 2015

Recently, ADI and Tri-Ed both started OEMing Hikvision products. Reference - IPVM test on ADI W Box, IPVM test of Tri-Ed Northern Video.

Both ADI and Tri-Ed are using old firmware (respectively 5.2 and 5.1) that were involved in major Hikvision hacks from March 2015. Since then, Hikvision has released a significant upgrade (see IPVM Hikvision 5.3 test results) to help mitigate the core problems.

Why ADI and Tri-Ed are still using risky, out of date firmware is unclear.

[UPDATE: Tri-Ed has fixed / upgraded to 5.3]

However, this is clearly shown when connecting ADI and Tri-Ed cameras to Hikvision's VMS:

This month, Hikvision has been hit with another hacking incident (this time for its mobile app). While ADI and Tri-Ed's app versions do not appear to be infected for this (because they are using older app versions that were not compromised), this does underscore Hikvision and their OEM partners continued risk for other attacks (such as out of date 'risky' camera firmware).

Upgrade Not Possible

IPVM has verified that upgrading ADI and Tri-Ed OEMed cameras with the 'strong' security version from Hikvision will not work. Unforunately, as of this publication, there are no released ADI and Tri-Ed versions available.

Risks

The reality is that the average ADI and Tri-Ed user is likely buying for low price and on the shelf convenience, not considering such issues. However, it does not mean these issues disappear.

Worse, once this is installed, the firmware may not be upgraded ever (or for years) leaving these vulnerabilities open indefinitely for attack.

If and when upgraded 'strong' security firmware versions are released, we will add to this post.

[Update March 2016: Tri-Ed has released the 5.3 firmware. ADI has not.]

6 reports cite this report:

Hacked DVRs Surge To 400,000 on Oct 19, 2016
The global internet is under attack from record breaking botnets. And it is getting worse, Mirai doubled in size in the last month. Shamefully,...
ADI Finally Fixes Hikvision OEM'd Security Risk on Jun 09, 2016
After refusing for months to fix the obvious security risks, ADI has given in and fixed it. Two important lessons here: ADI knows little about...
ADI Refuses to Fix Their OEM'd Hikvision Security Risks [Solved] on Mar 09, 2016
More than a year after massive hacks against Hikvision was disclosed; More than 9 months after Hikvision issued improved security firmware, mega...
Hikvision Ezviz Tested on Dec 28, 2015
Last month, Hikvision Launched Direct End User Sales with their Ezviz line, sold through online and big box channels direct to consumers. We...
IP Camera Trolling - Cybersecurity Showcase on Nov 09, 2015
If you want to convince your customers about the importance of cybersecurity and the risk of being the next Hikvision, Foscam or Trendnet, show...
Hikvision Trojan Mobile App on Sep 22, 2015
With a vengeance. The last time, the industry mostly shook it off. This time, it is clearly much worse. In this note, we examine Hikvision's...
Comments (19) : Members only. Login. or Join.

Related Reports

Hikvision Upgrade Breaks ONVIF VMS Integration on Oct 31, 2017
Hikvision IP cameras using ONVIF for VMS integration will break when upgrading to Hikvision new 5.5 firmware, IPVM testing has verified. This...
ONVIF Profile T Examined on Dec 21, 2018
Despite ONVIF's overall success (11,000+ devices supported), ONVIF has been criticized for its limitations and problems, including VMD and video...
Arcules Cloud VMS Tested on Nov 19, 2018
Arcules is a big bet, or as they describe themselves a 'bold company', spun out and backed by Milestone and Canon. But how good is Arcules cloud...
Axis M3106-LVE Mk 4MP Camera Tested on Nov 06, 2017
Axis has released the latest in their low(er) cost M series outdoor cameras, the M3105-LVE Mk II, a 4MP turret model specifying 15m IR, their...
Exacq M Series Low Cost NVR Tested on Oct 12, 2017
With recent cyber security issues hitting NVRs and cameras from low cost leaders Dahua and Hikvision, users are increasingly seeking alternatives...
ADI's Financials Revealed + W-Box Growth Priority on Oct 15, 2018
  ADI is one of the most powerful distributors in the security industry but how big are they? How much profit do they make? How much do they sell...
H.265 / HEVC Codec Tutorial on Jan 08, 2019
H.265 support has improved significantly since its introduction, with H.265 camera/VMS compatibility increased compared to only a year ago, and...
Mobile Access Control Shootout - Farpointe, HID, Openpath, Nortek, Proxy on Jul 29, 2019
One of the biggest rising trends in access control is using phones as credentials but which offering is best? IPVM has tested five of the...
HID Product Configurator Examined on Nov 26, 2018
HID is widely used. However, figuring out all the different configurations of features for a final credential or reader part number can be a real...
8MP HD Analog Tested (Dahua / Hikvision) on Jan 30, 2019
HD analog has promised higher resolution for years, but has lagged substantially behind for years. Now, both Dahua and Hikvision have started...

Most Recent Industry Reports

Startup Duranc Presents AI VSaaS on Jul 06, 2020
Duranc presented its system at the May 2020 IPVM Startups show. A 30-minute video from Duranc including IPVM Q&A Background on the...
Low Voltage Nation Wants to "Help You Carve Out A Fulfilling Career" Interviewed on Jul 06, 2020
It is difficult to make your way in this industry as there is little formal schooling. However, one person, Blake Urmos, the Founder of Low Voltage...
The Next Hot Fever Detection Trend - $100 Wall-Mounted Units on Jul 06, 2020
The first wave of the booming fever detecting market was $10,000+ cameras, now interest for ~$2,000 tablets is high and the next big thing may be...
Cisco Meraki Unlocks IP Cameras With RTSP Tested on Jul 06, 2020
Meraki opened up its cameras to 3rd party NVRs/VMSes by offering RTSP streaming because of "the need to solve a business problem". We tested...
Verkada: "IPVM Should Never Be Your Source of News" on Jul 02, 2020
Verkada was unhappy with IPVM's recent coverage declaring that reading IPVM is 'not a good look' and that 'IPVM should never be your source of...
Vintra Presents FulcrumAI Face Recognition on Jul 02, 2020
Vintra presented its FulcrumAI face recognition and mask detection offering at the May 2020 IPVM Startups show. Inside this report: A...
Uniview Wrist Temperature Reader Tested on Jul 02, 2020
Uniview is promoting measuring wrist temperatures whereas most others are just offering forehead or inner canthus measurements. But how well does...
Dahua USA Admits Thermal Solutions "Qualify As Medical Devices" on Jul 02, 2020
Dahua USA has issued a press release admitting a controversial point in the industry but an obvious one to the US FDA, that the thermal temperature...
Access Control Online Show - July 2020 - With 40+ Manufacturers - Register Now on Jul 01, 2020
IPVM is excited to announce our July 2020 Access Control Show. With 40+ companies presenting across 4 days, this is a unique opportunity to hear...