Warning: ADI and Tri-Ed Video Products Major Security Risk

Author: John Honovich, Published on Sep 22, 2015

Recently, ADI and Tri-Ed both started OEMing Hikvision products. Reference - IPVM test on ADI W Box, IPVM test of Tri-Ed Northern Video.

Both ADI and Tri-Ed are using old firmware (respectively 5.2 and 5.1) that were involved in major Hikvision hacks from March 2015. Since then, Hikvision has released a significant upgrade (see IPVM Hikvision 5.3 test results) to help mitigate the core problems.

Why ADI and Tri-Ed are still using risky, out of date firmware is unclear.

[UPDATE: Tri-Ed has fixed / upgraded to 5.3]

However, this is clearly shown when connecting ADI and Tri-Ed cameras to Hikvision's VMS:

This month, Hikvision has been hit with another hacking incident (this time for its mobile app). While ADI and Tri-Ed's app versions do not appear to be infected for this (because they are using older app versions that were not compromised), this does underscore Hikvision and their OEM partners continued risk for other attacks (such as out of date 'risky' camera firmware).

Upgrade Not Possible

IPVM has verified that upgrading ADI and Tri-Ed OEMed cameras with the 'strong' security version from Hikvision will not work. Unforunately, as of this publication, there are no released ADI and Tri-Ed versions available.

Risks

The reality is that the average ADI and Tri-Ed user is likely buying for low price and on the shelf convenience, not considering such issues. However, it does not mean these issues disappear.

Worse, once this is installed, the firmware may not be upgraded ever (or for years) leaving these vulnerabilities open indefinitely for attack.

If and when upgraded 'strong' security firmware versions are released, we will add to this post.

[Update March 2016: Tri-Ed has released the 5.3 firmware. ADI has not.]

5 reports cite this report:

ADI Finally Fixes Hikvision OEM'd Security Risk on Jun 09, 2016
After refusing for months to fix the obvious security risks, ADI has given in and fixed it. Two important lessons here: ADI knows little about...
ADI Refuses to Fix Their OEM'd Hikvision Security Risks [Solved] on Mar 09, 2016
More than a year after massive hacks against Hikvision was disclosed; More than 9 months after Hikvision issued improved security firmware, mega...
Hikvision Ezviz Tested on Dec 28, 2015
Last month, Hikvision Launched Direct End User Sales with their Ezviz line, sold through online and big box channels direct to consumers. We...
IP Camera Trolling - Cybersecurity Showcase on Nov 09, 2015
If you want to convince your customers about the importance of cybersecurity and the risk of being the next Hikvision, Foscam or Trendnet, show...
The Hikvision Hacking Scandal Returns on Sep 22, 2015
With a vengeance. The last time, the industry mostly shook it off. This time, it is clearly much worse. In this note, we examine Hikvision's...
Comments (20): PRO Members only. Login. or Join.

Related Reports on Hacking

Hikvision Rejects Responsibility for Hacked Hikvision Cameras on May 10, 2016
After a massive number of Hikvision cameras were hacked, Hikvision has added new, and questionable legal language, declaring that Hikvision will...
ADI Refuses to Fix Their OEM'd Hikvision Security Risks [Solved] on Mar 09, 2016
More than a year after massive hacks against Hikvision was disclosed; More than 9 months after Hikvision issued improved security firmware, mega...
Network Security for IP Video Surveillance Guide 2016 on Feb 03, 2016
Keeping surveillance networks secure can be a daunting task, but there are several methods that can greatly reduce risk, especially when used in...
Arecont and Bosch - Default Security Risk on Dec 14, 2015
Default passwords are a major security risk, enabling hackers around the world to access and control devices like IP cameras (using Shodan, turning...
Axis Cybersecurity Hardening Guide Examined on Nov 19, 2015
In most IT areas, 'hardening' guides are commonplace, providing best practices for improving the cybersecurity of network products (e.g., see this...
IP Camera Trolling - Cybersecurity Showcase on Nov 09, 2015
If you want to convince your customers about the importance of cybersecurity and the risk of being the next Hikvision, Foscam or Trendnet, show...
Dahua Finally Has A US Distributor on Oct 08, 2015
Finally. Billion dollar Dahua is the 'smaller' of the two mega Chinese surveillance manufacturers (the other being Hikvision). Historically,...
The Hikvision Hacking Scandal Returns on Sep 22, 2015
With a vengeance. The last time, the industry mostly shook it off. This time, it is clearly much worse. In this note, we examine Hikvision's...
Anixter/Tri-Ed Northern Video Tested on Sep 18, 2015
ADI is an IP video manufacturer now (see IPVM's ADI W Box test results). And now, their top rival, Anixter's Tri-Ed arm has also entered the IP...

Most Recent Industry Reports

Camio Natural Language Processing Tested on Sep 27, 2016
The ex-Googler led team from Camio has advanced its video monitoring offering to include natural language processing. Camio ingests video,...
Hacked Dahua Cameras Drive Massive Cyber Attack on Sep 27, 2016
Cyber attacks are accelerating and IP cameras are behind many of them. Worse, last week, a 'massive' attack was carried out using numerous Dahua...
Axis Secretly Paid Anixter Sales People To Push Axis NVRs on Sep 26, 2016
Internal Axis communication shows how Axis paid Anixter and Tri-Ed sales people with secret bonuses to push Axis NVRs. In this report, we examine...
VLANs for Video Surveillance on Sep 26, 2016
Many people confidently say to 'use VLANs' as an answer to IP video networking problems and as a way to signal expertise. But how should VLANs be...
Ambarella CEO Admits H.265 and 4K Not Popular on Sep 26, 2016
Ambarella is the main chip provider for high-end surveillance cameras driving higher resolution and new CODECs. While Ambarella has been pushing...
Nest Cam Outdoor Tested on Sep 23, 2016
After years of claiming an outdoor model was "coming", addressing their biggest user demand, Nest has finally released their Outdoor Camera, an...
ACTi Refuses Race To The Bottom, Shifts To Solutions on Sep 23, 2016
The original low cost IP camera disruptor was ACTi. Back in the 2008 - 2010 time frame, Taiwanese manufacturer ACTi challenged the Western and...
You Get Robbed, Canary Will Pay You Up To $1,000 on Sep 22, 2016
Canary is trying to break the status quo in DIY security, first by raising over $40 million, and now a revamp of their monthly services package...
Milestone Ends Development of "Enterprise" VMS on Sep 22, 2016
Milestone 'Enterprise' was one of the first enterprise video management software offerings, selected by many early adopters of IP video. However,...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact